By creating an account and using Capacoty ("the Platform"), you ("User") agree to be bound by these Terms and Conditions in full. If you do not agree, you must not use the Platform. These Terms constitute a binding legal agreement between you and Capacoty Pty Ltd as trustee for the Capacoty Trust (ABN 91 805 655 016) ("Capacoty", "we", "us", "our"), registered in Australia and operating from South Australia.
Capacoty is a software-as-a-service (SaaS) platform designed to assist qualified occupational therapists and allied health practitioners in their professional work. The Platform comprises two services:
2.1 Report Drafting. A service that assists Users in drafting Functional Capacity Assessment (FCA), Assistive Technology (AT), Home & Living, Complex Home Modification (CHM), Progress Report (PR), Support at Home (SAH), and related clinical documents. The service generates draft report content based on clinical intake data entered by the User. In-progress draft assessments are saved on Capacoty's servers in end-to-end encrypted form as described in clause 11 below.
2.2 Ask Capacoty. A decision-support question-and-answer service that provides cited answers to clinical, regulatory and procedural questions, drawing on a curated corpus of Australian NDIS, AHPRA, OTA and Aged Care reference documents. Each answer includes citations to the source paragraph(s) so the User can verify the underlying material. The source corpus may not include every relevant law, guideline, policy, operational document or professional standard, and cited sources may not reflect the most recent version of any instrument. Detailed restrictions on reliance on Ask Capacoty answers are set out in clause 3.6.
2.3 Both services use artificial intelligence — specifically large language model technology provided by Anthropic, Inc. — to generate output. Neither service constitutes clinical advice, legal advice, diagnostic services, or a substitute for professional clinical judgement.
By using the Platform, you acknowledge that clinical data submitted for report generation and Ask Capacoty query text are transmitted to Anthropic's infrastructure for processing in accordance with Anthropic's Data Processing Addendum. In-progress draft assessment data stored between sessions is held in end-to-end encrypted form on Capacoty's servers and is not transmitted to Anthropic until you actively initiate a generation request.
2.4 Beta and experimental features. The Platform may from time to time include beta, trial, experimental or newly released features. Such features may be incomplete, subject to change, withdrawn, or produce unexpected results. Users must exercise particular care when relying on outputs from any beta or experimental feature and must independently review all output before use, consistent with clauses 3.1–3.10.
2.5 No affiliation with regulatory bodies or funding agencies. Capacoty is not affiliated with, endorsed by, approved by, or acting on behalf of the National Disability Insurance Agency (NDIA), the NDIS Quality and Safeguards Commission, the Department of Health and Aged Care, AHPRA, the Occupational Therapy Australia (OTA), any insurer, workers compensation authority, court, tribunal, or other funding body. Use of Capacoty does not confer any standing, accreditation, approval, or compliance status with any of those bodies.
2.6 Professional and business use only. The Platform is supplied for professional and business use by qualified allied health practitioners operating within their lawful scope of practice. It is not intended for personal, domestic, or household use. The User warrants that they are accessing the Platform in their professional capacity and not as a consumer for personal purposes.
3.1 All outputs generated by the Platform are AI-assisted drafts only. The User is professionally responsible for thoroughly reviewing, editing, verifying, fact-checking, and approving all report content before it is used, submitted, or shared with any third party, including NDIS planners, employers, insurers, courts, or clients.
3.2 The User acknowledges that AI-generated content may contain errors, inaccuracies, omissions, hallucinations, or clinically inappropriate statements. AI-generated output may also reflect bias, overstate or understate functional impact, misclassify support needs, omit relevant risks, or generate recommendations that are not reasonable, necessary, proportionate, evidence-based, or suitable for the participant. It remains the User's professional and legal obligation to ensure that any report produced accurately reflects their own clinical assessment, observations, and findings.
3.3 The Platform does not replace professional judgement. The User must apply their own clinical expertise, ethical obligations, and AHPRA standards of practice to all reports produced. The practitioner who authors and signs a report remains professionally responsible for its clinical accuracy and suitability.
3.4 Capacoty makes no warranty — express, implied, statutory, or otherwise — as to the accuracy, completeness, suitability, fitness for purpose, or clinical appropriateness of any content generated by the Platform.
3.5 The Platform may be used to assist in drafting reports for a range of purposes including but not limited to NDIS Functional Capacity Assessments, workers compensation assessments, medico-legal reports, and insurance assessments. In all cases, clauses 3.1–3.4 apply in full regardless of the report's intended purpose or recipient.
3.6 Ask Capacoty answers are provided as decision-support information retrieval only. They are not clinical advice, legal advice, regulatory advice, funding advice, professional opinion, or an authoritative interpretation of any law, policy, guideline, or professional standard. Laws, policies, operational guidelines, funding rules, AHPRA positions, NDIS practice standards, and related instruments may change without notice; Ask Capacoty answers may not reflect the most current version of any such instrument. The source corpus may not include every relevant law, guideline, policy, operational document, tribunal decision, court decision, insurer policy, or professional standard. Cited sources may be incomplete, superseded, withdrawn, amended, or inapplicable to the User's specific circumstances. Users must independently verify all cited sources, confirm that source material is current, and obtain appropriate professional, legal, clinical or regulatory advice where the matter has legal, regulatory, disciplinary, funding, clinical, medico-legal, or financial consequences. Ask Capacoty must not be treated as a substitute for independent review of the primary source material. Ask Capacoty may not reflect unpublished agency practice, internal funding practices, local interpretation, insurer-specific requirements, aged care provider requirements, Support at Home program updates, or operational decisions made by the NDIA, Department of Health, insurers, employers, courts, or tribunals.
3.7 No autonomous clinical decision-making. The Platform is an administrative, drafting, information retrieval, and decision-support tool for qualified practitioners. It is not intended to diagnose, treat, prevent, monitor, predict, screen, or make autonomous clinical decisions about any disease, injury, disability, impairment, health condition, functional capacity, support need, or clinical outcome. The Platform does not independently assess participants or replace practitioner assessment, reasoning, judgement, or recommendation.
3.8 User input accuracy. The User is solely responsible for the accuracy, completeness, relevance, currency, and lawfulness of all information entered into the Platform. Capacoty is not responsible for inaccurate, incomplete, misleading, clinically inappropriate, or unsafe output arising from inaccurate, incomplete, biased, fabricated, outdated, or insufficient input data. The quality and safety of AI-generated output is directly dependent on the quality of user-entered information.
3.9 Mandatory human review and warranty. Users must not copy, submit, sign, upload, issue, or distribute Platform-generated content without first conducting a genuine professional review, editing the content as required, confirming factual accuracy, checking clinical reasoning, and ensuring the final document reflects the User's own professional assessment and opinion. By submitting, signing, uploading, issuing, or otherwise finalising any Platform-generated output, the User warrants that they have reviewed and approved the final content and that it represents their own professional opinion.
3.10 AI disclosure obligation. The User is responsible for determining whether the use of AI-assisted drafting software must be disclosed to a participant, client, employer, insurer, court, tribunal, funding body, regulator, or other recipient of any report or document. Capacoty makes no representation that undisclosed use of the Platform is acceptable in any professional, medico-legal, forensic, insurance, NDIS, employment, or regulatory context.
4.1 The Platform's report generation functionality is powered by Anthropic, Inc.'s Claude API. When you submit a report generation request, the relevant clinical session data is decrypted locally on your device and transmitted to Anthropic's servers (located in the United States) for the purpose of generating report content. Draft assessment data stored on Capacoty's servers prior to generation is held in encrypted form and is not transmitted to Anthropic until you actively initiate a generation request.
4.2 Based on Capacoty's applicable agreement with Anthropic at the time of this policy, Capacoty understands that data submitted via the API is not used by Anthropic to train or fine-tune its AI models except as may otherwise be permitted under applicable terms. Users are encouraged to review Anthropic's current Data Processing Addendum as Anthropic's terms may change independently of this policy. Capacoty will not knowingly authorise or enable the training of AI models on identifiable clinical session data and will update this Policy if that position changes.
4.3 Capacoty's ability to provide the Platform is dependent on continued access to Anthropic's API. In the event that Anthropic modifies, restricts, or terminates API access, Capacoty reserves the right to modify, suspend, or discontinue the Platform with reasonable notice. Capacoty shall not be liable for any loss arising from changes to Anthropic's services or terms.
4.4 Users are indirectly subject to Anthropic's acceptable use policies. Any use of the Platform that would breach Anthropic's policies is also a breach of these Terms.
5.1 To the maximum extent permitted by applicable Australian law, Capacoty Pty Ltd (as trustee for the Capacoty Trust), its directors, officers, employees, contractors, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive loss or damage arising out of or in connection with:
The exclusions and limitations in this clause 5 are intended to operate reasonably having regard to the nature of the Platform as an AI-assisted professional drafting tool, the subscription fees charged, the User's professional obligations, and the User's ability and obligation to review all outputs before use.
5.2 Where liability cannot be excluded under the Australian Consumer Law (Schedule 2, Competition and Consumer Act 2010 (Cth)), Capacoty's liability is limited, at Capacoty's election, to resupplying the relevant service or paying the cost of having the service resupplied. Nothing in these Terms excludes, restricts, or modifies any right, remedy, guarantee, or liability that cannot lawfully be excluded, restricted, or modified, including under the Australian Consumer Law.
5.3 In no event shall Capacoty's aggregate liability to any User exceed the total subscription fees paid by that User in the twelve (12) months immediately preceding the event giving rise to the claim.
5.4 Third-party reliance. The Platform is provided to the User only. No participant, client, insurer, employer, court, tribunal, funder, regulator, family member, or other third party is entitled to rely on the Platform, these Terms, or any Platform-generated output as creating duties, warranties, or obligations owed by Capacoty to that third party.
5.5 No guarantee of outcomes. Capacoty makes no representation and gives no warranty that any report generated using the Platform will result in NDIS funding approval, aged care funding, insurance approval, workers compensation determination, employer acceptance, medico-legal acceptance, tribunal acceptance, court acceptance, or any other clinical, regulatory, funding, legal, or commercial outcome.
6.1 You agree to indemnify, defend, and hold harmless Capacoty Pty Ltd (as trustee for the Capacoty Trust), its directors, officers, employees, contractors, and agents from and against losses, damages, claims, costs, and expenses (including reasonable legal fees) arising from third-party claims to the extent caused or contributed to by:
6.2 Your indemnification obligation under clause 6.1 is capped at the total subscription fees paid by you in the twelve (12) months preceding the relevant claim. This cap does not apply to claims arising from wilful misconduct, fraud, deliberate misuse, or fabrication of clinical findings.
7.1 All intellectual property in the Platform — including software architecture, source code, algorithms, prompt engineering, user interface design, workflows, and documentation — is owned by Capacoty Pty Ltd (as trustee for the Capacoty Trust) and is protected under the Copyright Act 1968 (Cth) and applicable intellectual property laws.
7.2 The User must not, without prior written consent: reverse-engineer, decompile, reproduce, adapt, distribute, sublicense, or create derivative works from any part of the Platform; use the Platform's workflows or prompt structures for the purpose of building competing products; or permit any third party to do any of the foregoing.
7.3 Reports generated by the Platform, once reviewed and approved by the User, are the intellectual property of the User and/or their employing practice. Capacoty makes no claim to ownership of report output.
7.4 Prohibited extraction and competitive use. Users must not use automated scripts, scraping tools, bots, crawlers, browser automation, bulk extraction techniques, adversarial queries, prompt-injection techniques, or systematic probing to extract, infer, copy, or replicate the Platform's prompts, workflows, templates, assessment logic, output structure, source corpus, user interface, or other proprietary components. Users must not use the Platform, in whole or in part, to benchmark, develop, train, fine-tune, validate, or improve a competing or alternative product or service without Capacoty's prior written consent.
7.5 User input licence. The User retains ownership of all information they enter into the Platform. The User grants Capacoty a limited, non-exclusive, non-transferable licence to process that information solely to provide, secure, maintain, and support the Platform in accordance with these Terms and our Privacy & Confidentiality Policy. Capacoty does not use clinical draft content or session data for any commercial purpose beyond platform delivery, and cannot access end-to-end encrypted draft content as described in the Privacy & Confidentiality Policy.
8.1 The Platform is intended for use by registered occupational therapists, physiotherapists, psychologists, and other qualified allied health practitioners operating within their lawful scope of practice under Australian health practitioner regulation. It is not limited to NDIS use cases.
8.2 By registering, you warrant that you hold current and valid registration with the relevant regulatory body (including AHPRA where applicable) and possess the clinical competency to conduct and author the type of assessment for which you use the Platform.
8.3 Users acknowledge that as the treating or assessing practitioner, they — not Capacoty — are the health records custodian for their clients. All obligations regarding health record keeping, retention, access, and confidentiality under applicable legislation (including the Privacy Act 1988 (Cth), relevant state health records legislation, and AHPRA standards) rest with the User.
8.4 Users operating under NDIS-funded services must comply with the NDIS Practice Standards and the NDIS Code of Conduct in their use of Platform-generated content. Capacoty does not warrant that any report generated meets NDIS quality or evidentiary standards, and the User is responsible for ensuring compliance.
8.5 Participant consent and data entry obligations. Before entering any participant, client, or third-party personal or health information into the Platform, the User warrants that they have obtained all consents, authorisations, permissions, and notices required by applicable law, professional standards, guardianship or substitute decision-maker arrangements, workplace policies, funding-body requirements, and client agreements. The User must not enter information about a participant where doing so would breach privacy, confidentiality, consent, guardianship, family violence, child protection, professional, employment, insurance, court, or tribunal obligations.
8.6 Professional indemnity insurance. Users are responsible for maintaining their own professional indemnity insurance, public liability insurance, and any other insurance appropriate to their practice, professional obligations, and use of AI-assisted software. Capacoty makes no representation that any User's existing professional indemnity cover extends to claims arising from the use of AI-assisted drafting tools; Users should confirm coverage with their insurer or professional association.
8.7 Organisation and team accounts. Where an account is provided or funded by an employing practice or organisation, the organisation is responsible for ensuring that each individual practitioner uses their own account, holds appropriate authority, and has a lawful basis to process client information using the Platform. Practitioner accounts must not be shared. Where a practitioner leaves an organisation, it is the organisation's responsibility to notify Capacoty and take appropriate steps to manage access to any drafts or reports associated with that practitioner's account.
9.1 Users must not use the Platform to:
9.2 Account access is personal and non-transferable. Sharing login credentials is strictly prohibited. Each practitioner generating reports must hold their own account. Users are responsible for maintaining the confidentiality of their login credentials, recovery codes, and any email account or device used to access the Platform. Users must promptly notify Capacoty at hello@capacoty.com.au of any suspected unauthorised access, credential compromise, device loss, or account misuse. Capacoty reserves the right to suspend or terminate accounts in breach of this clause.
9.3 Emergency and safeguarding situations. The Platform must not be used as an emergency, crisis, safeguarding, risk-of-harm, child protection, family violence, abuse, neglect, restrictive practice, or mandatory reporting decision-making tool. Where a User identifies immediate risk to a participant, client, practitioner, or third party, the User must immediately follow applicable emergency, clinical, safeguarding, professional, and mandatory reporting processes. Platform-generated content must not delay or substitute for these obligations.
10.1 Capacoty Pty Ltd (as trustee for the Capacoty Trust) is registered for GST (ABN 91 805 655 016). All subscription fees are quoted in Australian dollars (AUD) and are inclusive of GST where applicable.
10.2 Subscription fees are charged in advance via Stripe, Inc. on either a monthly or annual billing cycle, as selected by the User at the time a payment method is provided. Subscriptions automatically renew at the end of each billing cycle on the User's billing anniversary, as defined in clause 10.5(c), and continue to renew until cancelled. By providing a payment method, the User authorises Capacoty to charge that payment method on a recurring basis until cancellation.
10.3 You may cancel your subscription at any time via your account settings. Access continues until the end of the current paid billing period. Users are responsible for being aware of their subscription tier and billing anniversary, and for cancelling prior to that date if they wish to avoid further charges. The full refund policy is set out in clause 10.8 below.
10.4 Report generation allowances are allocated per billing cycle and reset at the start of each new billing period. Unused generations do not roll over.
10.5(a) Trial period. A 14-day free trial is available upon registration and does not require a payment method. The trial commences at the exact date and time the User completes account registration and expires precisely 14 days later, to the minute. During the trial, the User has access to two (2) complimentary report generations.
10.5(b) Adding a payment method and continuing access after the trial. A User may attach a valid payment method via Stripe and select a subscription plan (monthly or annual) at any time, including during the 14-day trial. Attaching a payment method during the trial does not end the trial, does not commence paid billing, and does not result in any charge until the trial concludes in accordance with clause 10.5(c). To continue using the Platform beyond the trial, a User must have attached a valid payment method and selected a subscription plan; access to paid features is suspended at the moment the trial expires if no payment method is on file at that time, and resumes upon attachment of a valid payment method.
10.5(c) Conclusion of the trial, commencement of the first paid billing period, and definition of "billing anniversary". Where a User has attached a valid payment method and selected a subscription plan during the trial, the trial concludes, the first paid billing period commences, and the User's billing anniversary is set at the earlier of:
Where a User has not attached a payment method by the time the trial expires under clause 10.5(a), the trial concludes at that moment and no paid billing period commences; the first paid billing period commences, and the billing anniversary is set, at the exact date and time the User subsequently attaches a valid payment method via Stripe and selects a subscription plan. In all cases, the date and time at which the first paid billing period commences becomes the User's billing anniversary for all subsequent renewals. The trial period does not extend, shorten, or otherwise alter the duration of any paid billing period, and trial time does not count toward any paid billing period.
10.5(d) Monthly cycles. A monthly billing period runs from the billing anniversary in one calendar month to the corresponding day in the next calendar month, regardless of the number of days in the intervening month (28, 29, 30 or 31). Where the corresponding day does not exist in a given month (for example, the 31st in February), the renewal will occur on the last day of that month, and subsequent renewals will continue from the original anniversary day where it exists.
10.5(e) Annual cycles. An annual billing period runs for one year from the billing anniversary, with the renewal charge processed at the exact date and time of the anniversary each year. Annual subscriptions otherwise operate on the same terms as monthly subscriptions under these Terms, save that pricing changes under clause 10.6 take effect at the next annual renewal.
10.5(f) Cooling-off. Except where required by law, no additional cooling-off period applies following the commencement of a paid subscription, given the User's prior 14-day free trial access. This does not limit any rights the User may have under the Australian Consumer Law or other applicable law.
10.6 Capacoty reserves the right to modify subscription pricing with at least 14 days' notice to active subscribers by email before changes take effect. For annual subscribers, pricing changes take effect at the next annual renewal.
10.7 Tax invoices and payment receipts are issued by Stripe on behalf of Capacoty for each successful payment and sent to the email address associated with your account.
10.8 Refund Policy
10.8.1 General rule. As a general rule, subscription fees are non-refundable once a billing cycle has commenced. By subscribing to the Platform, the User acknowledges sole responsibility for:
Without limiting the foregoing, the following are not, of themselves, grounds for a refund: forgetting to cancel before a billing date; failing to use the Platform during a billing period; generating fewer reports than the plan quota permits; or a change in the User's business circumstances.
10.8.2 Australian Consumer Law. Nothing in these Terms, including clause 10.8.1, excludes, restricts or modifies any consumer guarantee, right or remedy conferred on the User by the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)) ("ACL") or any other applicable law which cannot lawfully be excluded. The Platform is supplied with the consumer guarantees prescribed by the ACL to the extent they apply. Where the ACL applies and a failure to comply with a consumer guarantee amounts to a major failure (as defined in the ACL), the User is entitled to the remedies prescribed by the ACL, which may include a refund. Where a failure is not a major failure, Capacoty may elect to remedy the failure by resupplying the service, in accordance with clause 5.2.
10.8.3 Discretionary refunds. In addition to the User's rights under the ACL, Capacoty will consider refund requests on a case-by-case basis at its discretion, including (but not limited to) where:
10.8.4 How to request a refund. Refund requests must be submitted in writing to hello@capacoty.com.au or via the contact form at capacoty.app/contact, and must include:
10.8.5 Processing. Capacoty will acknowledge receipt of a refund request within five (5) business days and will respond substantively within ten (10) business days. Where a refund is approved, it will be processed to the original payment method via Stripe and may take a further five (5) to ten (10) business days to appear on the User's statement, depending on the User's card issuer or financial institution. Capacoty does not issue refunds in cash, by bank transfer to a different account, or to a third party.
10.8.6 Disputes. If the User is not satisfied with the outcome of a refund request, the User may escalate the matter in accordance with the dispute resolution process in clause 14. Nothing in this clause 10.8 limits the User's right to make a complaint to the Australian Competition and Consumer Commission (ACCC), the applicable State or Territory consumer protection agency, or to pursue any other remedy available under the ACL or other applicable law.
10.9 Billing failures. If a scheduled payment fails, Capacoty may retry the payment method, notify the User by email, restrict access to paid features, downgrade the account, or terminate the subscription if payment remains outstanding after reasonable notice. The User remains responsible for all properly incurred subscription fees accrued prior to the effective date of cancellation or account termination.
10.10 Plan changes. Plan upgrades may take effect immediately upon selection or at the next billing cycle, as displayed at the time of the change. Plan downgrades take effect at the end of the current paid billing period unless otherwise stated. Capacoty may apply prorated charges or credits through Stripe depending on the nature of the change, as communicated at checkout.
10.11 Failed report generation. Capacoty may, at its discretion, restore or credit a report generation allowance where a generation attempt fails due to a technical fault reasonably attributable to Capacoty. Capacoty is not obliged to restore or credit an allowance where the generation fails or the output is unsatisfactory due to inaccurate, incomplete, or inappropriate user input, ordinary AI output limitations, or user error.
11.1 Capacoty reserves the right to suspend or terminate your account: (a) immediately and without prior notice where reasonably necessary to protect the Platform, other users, third parties, or Capacoty's legal compliance — including in cases of suspected fraud, serious misuse, or conduct posing immediate risk; or (b) with reasonable notice where practicable in all other cases, including material breach of these Terms or non-payment.
11.2 Upon termination, your access to the Platform ceases immediately or at the end of the current billing period, as applicable.
11.3 Account information is retained for two (2) years following termination for administrative and legal purposes, and for seven (7) years to the extent required for GST and financial record-keeping obligations under the Taxation Administration Act 1953 (Cth). Following these periods, personal data is deleted or de-identified.
11.4 Draft clinical and participant data is stored on Capacoty's servers in end-to-end encrypted form. Encryption is performed entirely on your device before transmission. Capacoty stores only the resulting encrypted ciphertext and cannot access, read, or reconstruct the underlying clinical content. Participant name and draft completion percentage are stored in plaintext alongside the encrypted draft content for indexing and display purposes only. Generated report output (the AI-produced document) is delivered to you and is not stored by Capacoty after delivery.
11.5 Your draft content is protected by a randomly generated master encryption key that is itself encrypted (wrapped) using keys derived from your account password and recovery code via PBKDF2-SHA256. Capacoty stores only the encrypted (wrapped) form of this master key and cannot reconstruct or use it without your password or recovery code. If you permanently lose access to both your account password and your recovery code, your encrypted drafts are irrecoverable. Upon account termination, all encrypted draft data associated with your account is permanently and irrevocably deleted from Capacoty's servers. As Capacoty does not hold the master key in usable form, this deletion renders the data irrecoverable by any party.
11.6 As an additional privacy measure, encrypted draft data is permanently deleted from Capacoty's servers where an account has recorded no login activity for 90 consecutive days. Account information and billing records are unaffected and are retained in accordance with clause 11.3. Where practicable, Capacoty will attempt to send an advance reminder to the email address associated with the account before inactivity-based deletion occurs. Users should ensure any draft content they wish to retain is exported or finalised before an extended period of inactivity.
Your personal information and clinical data are handled in accordance with our Privacy & Confidentiality Policy (available via the tab above), which forms part of these Terms and is incorporated by reference. The Privacy & Confidentiality Policy includes a full description of our end-to-end encryption architecture and your rights as a data subject under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Capacoty does not guarantee uninterrupted or error-free availability of the Platform. The Platform may be unavailable due to scheduled maintenance, updates, security work, third-party service disruptions, infrastructure capacity limitations, or events outside Capacoty's reasonable control. Where practicable, Capacoty will provide reasonable advance notice of planned maintenance expected to materially affect access.
Capacoty shall not be liable for any failure or delay in performing its obligations to the extent caused by circumstances beyond Capacoty's reasonable control, including but not limited to: acts of God, natural disasters, pandemic, war, terrorism, government action, power or telecommunications outages, cyberattacks, or the failure of third-party services (including Anthropic's API, Railway, or Stripe). Capacoty will use reasonable endeavours to restore the Platform as soon as practicable.
14.1 The parties agree to attempt to resolve any dispute through good-faith negotiation in the first instance. A party must provide written notice of the dispute, and the parties must meet within 14 days of that notice to attempt resolution.
14.2 If unresolved within 30 days of written notice, either party may refer the matter to mediation conducted by a mutually agreed accredited mediator, or if the parties cannot agree, by a mediator appointed by the Resolution Institute (Australia). Mediation costs shall be shared equally unless otherwise agreed.
14.3 If mediation does not resolve the dispute, either party may pursue their legal remedies through the courts of South Australia, which shall have non-exclusive jurisdiction.
Capacoty reserves the right to amend these Terms at any time. Material changes will be communicated by email at least 14 days before they take effect. Continued use of the Platform following the effective date constitutes acceptance. If you do not accept amended Terms, you must cancel your account prior to the effective date.
If any provision of these Terms is found to be invalid, unlawful, or unenforceable, that provision shall be severed to the minimum extent necessary, and the remaining provisions shall continue in full force and effect.
These Terms are governed by the laws of South Australia and the Commonwealth of Australia. Subject to clause 14, any dispute shall be subject to the non-exclusive jurisdiction of the courts of South Australia.
Capacoty Pty Ltd as trustee for the Capacoty Trust
ABN 91 805 655 016 · South Australia, Australia
Email: hello@capacoty.com.au
Website: capacoty.app
Capacoty Pty Ltd (as trustee for the Capacoty Trust, ABN 91 805 655 016) ("we", "our", "Capacoty") is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs). Where users are located in South Australia, we also acknowledge the relevance of the Health Care Act 2008 (SA) and applicable state health privacy frameworks.
As a platform used by health practitioners processing sensitive health information, we treat privacy obligations with particular seriousness. We employ end-to-end encryption (E2EE) for all clinical draft data, meaning that Capacoty itself cannot access the health information you store in draft assessments — only you, using your account password or recovery code, can decrypt it. This encryption architecture is designed to support our obligations under APP 11 of the Privacy Act 1988 (Cth) by applying strong technical safeguards to the protection of health information, complementing our broader privacy governance, access controls, retention practices, and incident response obligations.
This Policy explains what information we collect, why we collect it, how we use and disclose it, how it is protected, and your rights.
Account Information
When you register, we collect your full name, email address, phone number, AHPRA registration number, and a securely hashed password. This is required to create and manage your account, populate report metadata, authenticate your access, and administer your subscription.
Payment Information
Billing details are collected and stored by Stripe, Inc. under PCI-DSS Level 1 standards. Capacoty does not store full card numbers, CVV codes, or sensitive payment credentials. We retain only non-sensitive billing metadata (last four digits, card type, expiry) for subscription management.
Clinical and Participant Data (Draft Assessments)
Clinical and participant data you enter into the Platform — which may include participant names, dates of birth, NDIS numbers, disability diagnoses, medical history, functional assessment observations, support needs, and clinical findings — is handled under the following framework:
End-to-end encrypted draft storage. When you save a draft assessment, all clinical data within that draft is encrypted entirely on your device using AES-GCM-256 (with a unique 12-byte random initialisation vector per encryption operation) before being transmitted to Capacoty's servers. Capacoty stores only the resulting encrypted ciphertext. We cannot access, read, decode, or reconstruct the underlying clinical content. The following items are stored in plaintext alongside the encrypted draft solely for indexing and display purposes: participant name (as entered) and draft completion percentage. No other clinical or health information is held by Capacoty in a form it can read.
Users are encouraged to use participant initials, internal reference numbers, or pseudonyms where full participant names are not required for workflow purposes. Entering unnecessary identifying information beyond what the assessment requires is discouraged.
Key derivation and management. A random 256-bit master encryption key is generated once at account creation and never leaves your device in usable form. This master key is itself encrypted (wrapped) under two separately derived keys: one derived from your account password, and one derived from your recovery code, each via PBKDF2-SHA256 at 210,000 iterations (meeting NIST Special Publication 800-132 key derivation standards). Capacoty stores only these wrapped (encrypted) copies of the master key plus the associated cryptographic salts. Capacoty cannot reconstruct or use the master key without your password or recovery code. Your master key is cached on your device as a non-extractable CryptoKey in your browser's IndexedDB and is automatically cleared when you log out.
Report generation transmission. When you submit a draft for report generation, the relevant clinical data is decrypted locally on your device and transmitted in plaintext to Anthropic's API to enable the AI model to generate the draft report. This transmission occurs only when you actively initiate a generation request. The generated report content is delivered to you and is not stored by Capacoty after delivery. Refer to clause 4 for disclosures regarding Anthropic's data handling, and clause 6 for cross-border transmission.
Loss of access. If you lose access to both your account password and your recovery code, your encrypted drafts are permanently irrecoverable. Capacoty cannot decrypt or restore draft content on your behalf. This is an inherent and deliberate feature of end-to-end encryption that protects participant health information even in the event of a breach of Capacoty's servers.
You, as the practitioner, remain the health records custodian for your clients. Capacoty's role in relation to clinical draft data is limited to hosting encrypted ciphertext and processing data as instructed by the User through the Platform; Capacoty does not access, use, or disclose that content for any purpose beyond providing the Platform, consistent with APP 6.
Ask Capacoty Queries
Questions you submit to Ask Capacoty — together with the corpus passages retrieved to answer them — are processed in real time via Anthropic's API to generate the cited answer. Query text is not retained on Capacoty's servers after the answer has been delivered. We retain anonymised aggregate metrics (counts, response times, error rates) to monitor service quality, but do not retain the substance of individual queries or the identity of the asker against any specific question.
Ask Capacoty queries should not contain identifying participant health information. Where a User chooses to include such information in a query, the protections described in clause 5 apply.
Support Communications
If you contact Capacoty by email, contact form, screenshot, bug report, or other support channel, information you include in that communication — including any participant, client, or clinical information — is not protected by the Platform's end-to-end encryption. Users should avoid sending identifiable health information through support channels unless strictly necessary. Where such information is provided, Capacoty will use it only to respond to the support request and will delete or de-identify it when no longer required for that purpose, subject to any applicable legal retention obligations.
Usage and Technical Data
We may collect anonymised session activity, error logs, generation counts, and platform usage patterns for the purpose of improving the Platform and diagnosing technical issues. This data does not identify individual participants.
Account information is used to authenticate your access, populate report headers with assessor details, administer your subscription, send account-related communications (including billing receipts and material policy updates), and provide customer support.
Draft clinical data is stored end-to-end encrypted on Capacoty's servers solely to enable you to resume and complete your work across sessions. Capacoty cannot access this content. Clinical data is decrypted on your device and transmitted to Anthropic only when you actively initiate a report generation request. Generated report output is not retained by Capacoty after delivery to you.
We do not use any personal information for marketing to third parties, profiling, automated decision-making affecting users, or training of AI models. Capacoty does not retain, analyse, sell, share, or otherwise exploit encrypted draft content — and Capacoty is technically unable to access that content in any case.
We do not sell, rent, or disclose your personal information to third parties, except in the following circumstances:
Capacoty may engage additional subprocessors from time to time to provide platform infrastructure, email delivery, error logging, monitoring, or related services. Where a new subprocessor is engaged who may process personal information, Capacoty will update this clause and provide notification in accordance with clause 13. All third-party service providers are required to handle personal information in a manner consistent with Australian privacy law to the extent practicable.
5.1 Participant clinical data entered into the Platform constitutes sensitive information — specifically, health information — under the Privacy Act 1988 (Cth). Health information attracts a higher standard of protection under the APPs, and we treat it accordingly.
5.2 Draft health data is stored on Capacoty's servers exclusively in end-to-end encrypted form using AES-GCM-256. Capacoty cannot access, read, or use the underlying health information, which can only be decrypted by the User using their account password or recovery code. Plaintext health data is transmitted to Anthropic only at the moment of active report generation and is not retained by Capacoty after generation completes. The practitioner, not Capacoty, remains the health records custodian.
5.3 You, as the User, are solely responsible for:
5.4 Because all draft clinical content is protected by end-to-end encryption, Capacoty cannot access or read participant health information stored in draft assessments. During the active generation step, the User's device decrypts the relevant data and it is transmitted via Anthropic's infrastructure as described in clause 4; at no point is clinical content shared with any party beyond Anthropic for that specific generation request.
Your account data and, during active report generation, clinical session data (decrypted on your device for that specific request) may be transmitted to and processed by servers located outside Australia, including in the United States (Anthropic, Stripe, Railway, Netlify). Encrypted draft data stored on Capacoty's servers (Railway, United States) is transmitted and stored in end-to-end encrypted form; Railway and other overseas infrastructure providers cannot access the underlying health information.
Capacoty takes reasonable steps, including contractual and technical safeguards where available, to ensure overseas recipients handle personal information consistently with the APPs. You acknowledge that the Privacy Act 1988 (Cth) may not be directly enforceable against overseas recipients and that privacy protection standards may differ overseas. However, the end-to-end encryption architecture described in clause 8 means that overseas infrastructure providers hosting encrypted draft data do not have access to the underlying health information in any event. By using the Platform, you acknowledge the cross-border transfers described in this clause in accordance with APP 8.1.
We implement appropriate technical and organisational security measures including:
No method of electronic transmission or storage is 100% secure. While we implement robust security measures — including true end-to-end encryption that renders clinical draft content inaccessible to Capacoty — we cannot guarantee absolute security against all threats.
8.1 What end-to-end encryption means. End-to-end encryption (E2EE) means that clinical draft data is encrypted on your device before it is transmitted to and stored on Capacoty's servers. The master key used to encrypt and decrypt your data is randomly generated on your device and is protected (wrapped) by keys derived solely from credentials held only by you — your account password and your recovery code. Capacoty's servers hold only the resulting encrypted ciphertext and the encrypted (wrapped) form of the master key. Neither Capacoty nor any third party with access to our servers can read, access, or reconstruct your draft clinical content. This architecture is designed to protect participant health information even in the event of a server-level security incident, insider access, or a lawful demand for data that Capacoty is technically unable to satisfy in respect of encrypted content.
8.2 Technical standard. Draft clinical data is encrypted using AES-GCM-256 with a unique 12-byte (96-bit) random initialisation vector generated per encryption operation, consistent with the AES-GCM specification's nonce-uniqueness requirement. A random 256-bit master encryption key is generated once at account setup. This master key is protected by two independently derived wrapping keys: a password-derived key computed via PBKDF2-SHA256 from your account password with a 16-byte random salt at 210,000 iterations, and a recovery-derived key computed via PBKDF2-SHA256 from a 32-character Crockford Base32 recovery code (160 bits of entropy) provided to you at account setup, also using a 16-byte random salt at 210,000 iterations. Both derivations meet NIST Special Publication 800-132 (2023) standards. Capacoty stores the wrapped (encrypted) master key under both credentials plus the cryptographic salts — never the master key in raw form. The master key is cached in your browser as a non-extractable CryptoKey object in IndexedDB, preventing the raw key bytes from being read by JavaScript, browser extensions, or page scripts, and is cleared on logout.
8.3 What is and is not encrypted. The following data is protected by E2EE and is inaccessible to Capacoty: all clinical assessment content within a saved draft, including diagnoses, medical histories, functional observations, support needs, and clinical findings. The following data is stored in plaintext and is accessible to Capacoty: participant name (as entered), draft completion percentage, and your account metadata (name, email address, AHPRA number). Wrapped key material — the encrypted ciphertext of your master key, cryptographic salts, and iteration parameters — is stored on Capacoty's servers but cannot be used to access your drafts without your password or recovery code.
8.4 Report generation. E2EE protects data at rest between sessions. When you submit a draft for report generation, the relevant draft data is decrypted locally on your device and transmitted to Anthropic's API in plaintext to enable the AI model to process your clinical input. This plaintext transmission occurs only when you actively initiate a generation request — encrypted draft data is never automatically transmitted to Anthropic. Refer to clauses 4 and 6 for full disclosures regarding Anthropic's data handling and cross-border transmission obligations.
8.5 Key loss and irrecoverability. Because Capacoty does not hold your master key in usable form, we cannot recover your encrypted draft data if you lose access to both your account password and your recovery code. Loss of both credentials results in the permanent and complete irrecoverability of all encrypted drafts associated with your account. During the password reset process, Capacoty will prompt you to supply your recovery code to re-wrap your master key and preserve access to existing drafts. If you confirm that you have lost the recovery code, all encrypted drafts will be deleted. You are solely responsible for securely retaining your recovery code. It should be stored offline, not in the same location as your password, and treated with equivalent care.
8.6 Deletion. Upon account termination or upon your request, all encrypted draft data associated with your account is permanently deleted from Capacoty's servers. As an additional privacy measure, encrypted draft data is also permanently deleted where an account has recorded no login activity for 90 consecutive days; this inactivity-based deletion is designed to minimise retention of health information beyond periods of active use. Where practicable, Capacoty will attempt to send an advance reminder to the email address associated with the account before inactivity-based deletion occurs. In all cases, as Capacoty does not hold decryption keys, deleted encrypted data is effectively irrecoverable by any party, including Capacoty itself.
8.7 Australian Privacy Act — APP 11. The E2EE architecture described in this clause is implemented as part of Capacoty's approach to satisfying its obligations under APP 11.1(b) of the Privacy Act 1988 (Cth), which requires APP entities to take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. By storing only ciphertext that cannot be decrypted without user credentials that Capacoty does not hold, Capacoty implements a strong technical safeguard for health information that complements its broader privacy governance, access control, and retention obligations. This architecture also supports compliance with APP 6 (by preventing any use or disclosure of content Capacoty cannot access) and APP 3 (by ensuring sensitive health information is collected as unreadable ciphertext only). No technical measure can guarantee absolute protection and Capacoty's APP 11 obligations extend beyond encryption to include governance, operational security, vendor management, and incident response.
8.8 Cryptographic updates. Capacoty may update its cryptographic implementation from time to time to maintain security, address vulnerabilities, or align with evolving industry standards, provided that any such change does not materially reduce the protection afforded to stored clinical draft data. Users will be notified of any material changes to the encryption architecture through the policy update process under clause 13.
9.1 Capacoty is subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable. Because clinical draft content is protected by end-to-end encryption, a breach of Capacoty's servers involving only encrypted draft data may not constitute an eligible data breach in respect of that content, as the data would not be accessible to or readable by any unauthorised recipient. However, other information associated with accounts — including account metadata, participant names stored in plaintext, billing data, support communications, API transmission records, access logs, error logs, or other operational data — may still constitute personal information and may create breach notification obligations if involved in an incident. Capacoty will assess each potential incident having regard to the nature of the information involved, whether it was encrypted or otherwise protected, the likelihood of access, and the risk of serious harm, and will notify as required.
9.2 If you become aware of or suspect a security incident involving your Capacoty account, notify us immediately at hello@capacoty.com.au. We will investigate and respond in accordance with our NDB obligations.
9.3 Where a breach involves participant health information you have entered into the Platform, you may also have independent notification obligations to affected clients under applicable health records legislation and your professional standards. Capacoty's NDB notification does not discharge your own obligations as the health records custodian.
10.1 Account information is retained for two (2) years following account termination, after which it is deleted or de-identified.
10.2 Billing records and financial transaction data are retained for seven (7) years in accordance with GST record-keeping requirements under the Taxation Administration Act 1953 (Cth).
10.3 Draft clinical data is retained on Capacoty's servers in end-to-end encrypted form for the duration of your active account, subject to a maximum inactivity period of 90 consecutive days without login — after which encrypted draft data is permanently deleted as a privacy measure. Where practicable, Capacoty will attempt to send an advance reminder before inactivity-based deletion occurs. Capacoty cannot access this data at any time. You may delete individual drafts within the Platform at any time. Upon account termination, all encrypted draft data is permanently and irrevocably deleted from Capacoty's servers. Generated report output (the AI-produced document) is not retained by Capacoty after delivery to you.
10.4 You may request deletion of your account and associated personal information at any time by contacting hello@capacoty.com.au. We will process requests within 30 days, subject to our legal retention obligations under clause 10.2. Deletion of your account results in the permanent deletion of all encrypted draft data from Capacoty's servers; as Capacoty does not hold decryption keys, this data is irrecoverable following deletion.
11.1 Access (APP 12): You have the right to request access to the personal information we hold about you. Contact hello@capacoty.com.au. We will respond within 30 days. A reasonable administrative fee may apply for requests requiring significant effort. Because clinical draft content is protected by end-to-end encryption, Capacoty cannot produce the plaintext of that content in response to an access request; it is accessible to you directly within the Platform using your own credentials.
11.2 Correction (APP 13): You have the right to request correction of inaccurate, outdated, or incomplete personal information. Direct requests to hello@capacoty.com.au. We will action requests within 30 days. Corrections to clinical draft content must be made by you directly within the Platform, as Capacoty cannot access or modify encrypted draft data.
11.3 Complaints: If you believe we have breached the Australian Privacy Principles, lodge a complaint at hello@capacoty.com.au with "Privacy Complaint" in the subject line. We will acknowledge within 5 business days and endeavour to resolve within 30 days.
11.4 OAIC Escalation: If unsatisfied with our response, you may escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.
The Platform does not use tracking cookies, behavioural advertising, or third-party analytics services. Stripe may set cookies in connection with payment processing in accordance with their own privacy policy. No participant or clinical data is transmitted to any analytics platform.
We may update this Policy from time to time. Material changes will be communicated to registered users by email at least 14 days before taking effect. Continued use of the Platform following the effective date constitutes acceptance. The current version is always available at capacoty.app.
Capacoty Pty Ltd as trustee for the Capacoty Trust
ABN 91 805 655 016 · South Australia, Australia
Email: hello@capacoty.com.au
Website: capacoty.app
For privacy enquiries, data access or correction requests, and data breach reports, include "Privacy" in your subject line.