Privacy Policy
CoverClear — Guardian
Last updated: 24 May 2026
Who we are
CoverClear (coverclear.au) is operated by CoverClear (ABN: 58 084 157 519). We built Guardian to help Australians track and maximise their private health insurance extras cover.
Questions about this policy: [email protected]
What information we collect
Information you provide directly
- Email address — collected when you sign in via magic link. Used solely to authenticate your account.
- Policy details — your health fund name, product name, state, and scale (single/couple/family/single parent). Stored against your account to personalise your benefit display.
- Policy start date — optional. Used to calculate waiting periods if provided.
- Claim records — service name, amount claimed, date of service, and provider name (optional). Entered manually by you or extracted from receipts you upload.
- Custom benefit limits — annual limits you enter manually for services where the regulator's dataset does not publish a limit.
- Receipt images and documents — if you use the receipt capture feature, you may upload photos or PDF documents of provider receipts. These are processed to extract claim details and are not retained after processing.
Information collected automatically
- Authentication session data — Supabase stores session tokens to keep you signed in. Sessions expire after 7 days.
- Usage data — standard server logs (page requests, response codes, timestamps). No advertising trackers. No third-party analytics beyond what Vercel collects for infrastructure monitoring.
What we do not collect
- We do not collect your Medicare number, private health insurance member number, or any government identifier.
- We do not connect to your health fund's systems. All benefit data displayed is sourced from the Public Health Insurance dataset published by the Private Health Information Ombudsman (PHIO).
- We do not collect your medical history, diagnoses, or clinical information.
- We do not serve advertising. We do not share your data with advertisers.
How we use your information
We use your information only to operate Guardian:
- To authenticate your account and maintain your session
- To display your benefit limits and track your claims against those limits
- To generate cost estimates and split-year savings calculations
- To send transactional emails (sign-in links, policy reset reminders, monthly benefit digests) — only emails you have signed up to receive
- To calculate your tax-time summary of premiums and benefits
We do not use your information for profiling, scoring, or automated decision-making that affects you in any significant way.
Health information
Your claim records and policy details may constitute health information under the Privacy Act 1988 (Cth). We treat this information as sensitive information and apply heightened protections:
- Access is restricted to you and the technical infrastructure required to deliver the service (Supabase, Vercel — see Third parties below)
- We do not disclose this information to any other person or organisation without your explicit consent, except where required by law
- We retain this information only for as long as your account is active
Third parties
Guardian is built on the following infrastructure providers. Your data may be stored or processed on their systems:
- Supabase (Supabase Inc, USA) — database and authentication. Your data is stored in Supabase's Sydney (ap-southeast-2) region. Supabase is SOC 2 Type II certified. supabase.com/privacy
- Vercel (Vercel Inc, USA) — web hosting and serverless functions. vercel.com/legal/privacy-policy
- Brevo (Sendinblue SAS, France) — transactional email delivery. Email addresses are processed by Brevo to deliver sign-in links and notifications. brevo.com/legal/privacypolicy
- Stripe (Stripe Inc, USA) — payment processing. Payment card details are handled entirely by Stripe and are never stored by CoverClear. stripe.com/privacy
We do not sell your data to any third party.
Data retention
- Active accounts — your data is retained while your account is active.
- Cancelled accounts — if you cancel your subscription, your account data is retained for 30 days, then permanently deleted. You may request immediate deletion (see Your rights below).
- Receipt images — processed and deleted immediately after claim details are extracted. Not retained.
Your rights under Australian Privacy Law
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Correct any personal information that is inaccurate or out of date
- Delete your account and all associated data
- Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your information: oaic.gov.au
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
Security
Your data is encrypted in transit (HTTPS/TLS) and at rest. Authentication uses short-lived tokens delivered via email — there are no passwords stored by CoverClear. Database access is restricted by row-level security policies: you can only access your own data.
No system is perfectly secure. If you become aware of a security concern, please contact us immediately at [email protected].
Changes to this policy
We will notify you by email if we make material changes to this policy. The “last updated” date at the top of this page reflects the most recent revision.