← Home

Privacy Policy

Version 2026-04-23. This is a beta product operated by Matilda Health.

Who we are

Matilda is an AI scribe for clinicians. It is operated by Matilda Health for Australian clinicians during early access. Contact: [email protected].

What we collect

  • Account data — your email address, display name, specialty, and template preferences.
  • Audio — captured live from your microphone during a consult. It is streamed in chunks to our server, transcribed by an AI model, and discarded immediately. It is not written to any disk or database.
  • Transcripts and notes — the text generated from your audio, plus any edits you make. Stored encrypted at rest, visible only to you.
  • Patient label — a freeform text field you control. We recommend non-identifying labels (e.g. "Mrs K, knee follow-up").
  • Consent records — the time and method (on-screen or verbally logged) of each patient consent.
  • Audit log — actions you take in the app (sign-in, consult created, note edited, etc.) for security and debugging.
  • Operational logs — Cloudflare may retain limited request metadata (IP, user agent, response status) for short periods.

Why we collect it

To provide the scribe service to you, to secure your account, to detect and respond to abuse, and to investigate problems you report.

Sub-processors

  • Cloudflare, Inc. — application hosting (Pages), database (D1), session storage (KV), and AI inference (Workers AI: Whisper for transcription, Llama 3.1 for note drafting).
  • Resend — transactional email delivery for sign-in links.

Our use of Cloudflare Workers AI is governed by Cloudflare's terms. As of 2026-04-23, Cloudflare's published Workers AI documentation states that customer inputs and outputs are not used to train models. We re-check this quarterly and will update this page if it changes.

Where data is processed

Cloudflare's network is global. Your data — including audio in transit and stored notes — may be processed in any Cloudflare data centre worldwide, including outside Australia. Storage of long-lived data (transcripts, notes) is handled by Cloudflare D1, which Cloudflare may locate and replicate across regions at its discretion.

How long we keep it

  • Audio — never stored. Discarded as soon as it has been transcribed (within seconds).
  • Transcripts — kept until you delete them, or auto-deleted after 90 days (a future Settings toggle will let you change this).
  • Notes — kept until you delete them.
  • Account, consent records, audit log — kept until you delete your account.

Encryption

All transit is over HTTPS. Transcripts and notes are encrypted at rest using AES-GCM with a per-user key wrapped by an application master key held in Cloudflare's secret store.

Your rights

You can export all of your data, or delete your account and everything in it, from the in-app Settings page. You can also email [email protected] to make a request under the Australian Privacy Principles, including the right to access, correct, or complain about the handling of your information. You also have the right to complain to the Office of the Australian Information Commissioner (OAIC).

Patients

Matilda is provided to clinicians, not directly to patients. The clinician using Matilda is responsible for obtaining patient consent before recording and for the contents of the resulting note. Patients should direct privacy queries to their treating clinician in the first instance, who will engage us as needed.

Breach notification

If we become aware of a data breach likely to result in serious harm, we will notify affected users and, where required, the OAIC, in line with Australia's Notifiable Data Breaches scheme.

Changes to this policy

We will bump the version at the top of this page and require you to re-accept on next sign-in if we make material changes.

Terms of Service · Trust