Privacy policy
How Sessional Limited (UK company no. 17159781) collects, uses, and protects your personal data.
Who we are
Sessional Limited (UK company no. 17159781) ("Sessional", "we", "us") is the entity responsible for personal information processed through sessional.com.au. We provide workflow software for Australian locum healthcare professionals.
Data protection contact: [email protected]
What data we collect
We collect the following categories of personal data:
Account information
- First name, last name, and email address
- Phone number (optional)
- Professional registration number (optional)
- Profile photo (optional)
- Password (stored as a one-way cryptographic hash. We cannot read your password.)
Professional information
- Business structure (sole trader, Pty Ltd, or trust) and superannuation details
- Primary specialty and professional biography
- Postcode (used for location-based search. Only the postcode is sent, not your name or other details)
- AHPRA registration number and provider numbers (used for invoicing and compliance, stored encrypted at rest). We do not collect or store your Tax File Number (TFN).
Workflow data
- Booking records (dates, times, rates, organisation details, payment terms, cancellation terms)
- Invoice data (amounts, GST, payment status, organisation references, delivery tracking)
- Billing details (bank name, BSB, account number, ABN, business registration, stored encrypted at rest)
- Expense records (category, amount, mileage, dates, receipt uploads)
- Professional documents (police checks, indemnity certificates, training records, stored encrypted in transit)
- Booking requests from organisations
- Availability calendar entries
- BAS and GST readiness calculations and records
- Notification preferences
- Support tickets and correspondence (Pro tier)
Technical and security data
- Authentication session records (login times, last activity)
- Audit logs of account actions (for security and compliance)
- Email delivery status (sent, delivered, bounced, via Postmark)
- API keys and usage logs (Pro tier)
How we use your data
| Purpose | Lawful basis |
|---|---|
| Providing the Sessional service (bookings, invoicing, BAS readiness, expenses) | Contract performance |
| Account creation, authentication, and email verification | Contract performance |
| Processing payments and managing subscriptions via Stripe | Contract performance |
| Sending transactional emails (booking confirmations, password resets, verification, invoice delivery to organisations) | Contract performance |
| Storing uploaded documents and receipts securely | Contract performance |
| Displaying your public profile to organisations in the locum directory | Contract performance (you control visibility) |
| Providing API access for automation (Pro tier) | Contract performance |
| Processing support tickets | Contract performance |
| Security monitoring, fraud prevention, and audit logging | Legitimate interests |
| Product updates and new feature announcements | Consent (you can unsubscribe at any time) |
Who we share your data with
We share your data only with the following third-party processors, and only to the extent necessary to provide the service:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing and subscription management | Email, name, payment method details |
| Postmark | Transactional email delivery (outbound) and inbound mail handling for support@/billing@/contact@/security@/hello@ aliases routed via the inbound subdomain (mail-in.sessional.com.au) | Email address, name, message bodies sent to the listed aliases |
| Cloudflare | CDN, WAF, DNS, Tunnel, and file storage (R2) | Profile photos, invoice PDFs, receipts, professional documents |
| Xero (if connected by user) | Accounting sync (Pro) | Invoices, expenses, contacts (only when user initiates connection) |
We do not sell your data. We do not share it with advertisers. We do not use your data for purposes other than providing and improving the service.
If you connect a third-party accounting integration (e.g. Xero), your invoice, expense, and contact data will be shared with that provider under their own privacy policy. You can disconnect at any time from your integrations page.
International data transfers
Your data is stored and processed in Australia where practicable. Stripe and Postmark are US-based companies that process some data outside Australia. Xero is Australia/NZ-based. Where personal information is disclosed overseas, we take reasonable steps to ensure each processor handles it consistently with the Australian Privacy Principles (APP 8).
How long we keep your data
| Data type | Retention period | Reason |
|---|---|---|
| Account and profile data | Until you delete your account + 30 days | 30-day grace period allows account recovery |
| Invoices and financial records | Duration of account + 30 days | Deleted with account. ATO record-keeping is the locum's own responsibility. |
| BAS and GST records | Duration of account + 30 days | Deleted with account. Locums should retain their own copies. |
| Uploaded documents and receipts | Duration of account + 30 days | Deleted with account. Download copies before requesting deletion. |
| API keys | Until revoked + 30 days | Security audit trail |
| Support tickets | Duration of account + 30 days | Support history |
| Audit logs | Duration of account + 1 year | Security and compliance |
| Authentication sessions | 30 days from last activity | Session management |
When you request account deletion, we remove all your personal data within 30 days, including invoices, bookings, expenses, and BAS records. We recommend you export your data before requesting deletion.
Your rights
Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to:
- Access: request a copy of all personal data we hold about you
- Rectification: correct any inaccurate data (you can do this directly in your profile settings)
- Erasure: request deletion of your account and personal data
- Portability: export your data in a machine-readable format
- Object: object to processing based on legitimate interests
- Withdraw consent: unsubscribe from marketing communications at any time
You can exercise your right to access and portability directly from your dashboard using the data export feature. For other requests, contact [email protected]. We will respond within 30 days.
If you are not satisfied with our response, you have the right to complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Data security
- Passwords are securely hashed with per-user salts. We never store or have access to your password in plain text.
- Sensitive personal data (bank details, AHPRA and provider numbers) is encrypted at rest using industry-standard encryption.
- All connections are encrypted in transit using TLS (HTTPS) with strict transport security enforced.
- Session management uses cryptographically secure tokens with appropriate browser security protections.
- Uploaded documents and receipts are stored securely with no public access. Files are only accessible through authenticated requests.
- Payment data is handled entirely by Stripe, a PCI DSS Level 1 certified payment processor. We never see or store card numbers.
- Access to production systems is restricted to authorised personnel and subject to audit logging.
- We implement standard web application security protections including cross-site scripting prevention, cross-site request forgery protection, and rate limiting.
Cookies
We use only strictly necessary cookies for authentication. We do not use analytics, advertising, or tracking cookies. See our cookie policy for full details.
Server-side visit logging
To count visitors accurately and detect abuse, we record each visit to our website with a daily-rotating SHA-256 hash of your IP address combined with your User-Agent string, the page URL, country and city derived from Cloudflare network-edge headers, the type of device used, and, if you are signed in, your account ID. We also record any UTM campaign parameters and click identifiers present in the inbound URL, and the page that referred you (if any).
We do not store raw IP addresses, do not set tracking cookies, do not use third-party analytics scripts, and do not share this data with any third party. The daily hash rotation means we cannot link visits across days back to an individual.
Records are retained for 90 days and then automatically deleted. We collect this information to measure website use, size infrastructure, and detect abuse, consistent with the Australian Privacy Principles. You can object to this processing at any time by contacting us at the address below; we will exclude your IP from future records on request.
Useful emails (opt-in only)
Our free public tools (the invoice template, cents-per-km calculator, and similar) include an optional tickbox that asks if you would like occasional, genuinely useful emails from Sessional: tax-deadline reminders, AHPRA registration renewal reminders, locum rate updates, occasional Sessional product updates, and the odd question about what we should build next. The box is unticked by default and you can use any of the tools without opting in.
When you tick the box we record: your email address, the tool you opted in from, the date and time, and a hashed copy of your IP and User-Agent (kept for audit so we can prove later that the consent came from a real session). We do not share this information with any third party, and we never sell your data. Each message contains a one-click unsubscribe link that works without logging in.
We send these emails only with your consent and in line with the Spam Act 2003 (Cth). You can withdraw consent at any time by clicking unsubscribe or emailing us. Withdrawal does not affect processing that took place before withdrawal.
Age restriction
Sessional is designed for qualified healthcare professionals. You must be at least 18 years old to create an account.
Changes to this policy
We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a notice in the application. The date at the bottom of this page shows when it was last updated.
AI assistant, CV summaries, document sharing, and messaging
How we use AI, and what we never do with it
Where Sessional uses AI (the assistant and the CV profile-summary tool), the relevant text is sent to our AI sub-processor, Anthropic (the Claude API), only to generate a result for you. Anthropic does not use data submitted through its API to train its models, and we do not use your data to train any model. Only your own data is ever sent, never another user’s. Anthropic is US-based; this overseas disclosure is handled consistently with the Australian Privacy Principles (APP 8).
AI assistant (Plus)
If you use the optional AI assistant, the text of your question, your recent chat turns, and a summary of your own Sessional data (your profession, plan, logged session count, your annualised earnings and tax-reserve estimates, and an operational snapshot such as outstanding invoices and upcoming sessions) are sent to Anthropic to generate a reply. The assistant provides general information, not regulated financial, tax, clinical, or regulatory advice.
CV profile summary
If you use the CV summary tool, the text of the CV you upload or paste is sent to Anthropic to draft a profile summary, which you review and edit before it is saved. It is not used to train any model. If you upload your CV as a file, a copy is saved to your own document store so you can reuse it; you can delete it there at any time. We do not retain the extracted CV text after the draft is generated.
Compliance document sharing (Plus)
When you create a compliance link, the documents you choose are made available to whoever holds the link (typically a workplace) through a time-limited, revocable URL, with no Sessional account required on their side. You decide what to include and can revoke the link at any time. We store metadata about the link (the documents included, its expiry, and view counts). We do not verify or validate the documents themselves; that is for you and the workplace.
Booking messages
Messages you exchange with a workplace on a booking are stored so the conversation history is available to you, and may be delivered to the workplace by email. We retain message content for the life of the booking record.
Contact
For any questions about this policy or how we handle your data:
Sessional Australia, a service of Sessional Limited (company no. 17159781)
Registered office: 128 City Road, London EC1V 2NX, United Kingdom
Email: [email protected]
Last updated: April 2026