Privacy

Until you sign up and choose to save your plan, your answers are not sent to any server, not stored in any database, and not linked to your identity. They are used only to generate your plan in real time. When you close or refresh the page, your answers are gone.

If you choose to email your key steps, we collect your email address. It is used only to send that one email from aggy@heyaggy.com. We do not store it for marketing purposes unless you explicitly opt in to further communication.

We use anonymous analytics services to collect session data (heatmaps, scroll depth, click patterns). This data does not include your assessment answers and cannot be linked to you personally.

AggyPlus stores your aged care plan, plan history, documents, letters and wishes, reminders, and account preferences in a secure database.

Nothing in AggyPlus is ever shared unless you explicitly send it — by using the "Send now" function — or unless you invite a family member to access your plan. Even then, they see only what you choose to share.

The Just In Case auto-send feature triggers only after an inactivity period you set yourself. The recipient is someone you nominate. You can change or cancel this at any time.

The information you give us — your aged care plan, account, AggyPlus emergency card, documents, letters, carer log — is stored in Australia. Our primary database is hosted in the AWS Sydney region.

Like most modern web services, we use third-party providers to handle specific functions:

• Authentication and account management — for sign-in security
• Email delivery — for welcome emails, magic links, and reminders
• Web hosting and serverless functions — to run the website
• Payment processing — to handle AggyPlus subscriptions (we never see or store your card details)
• Anonymous analytics — to understand how the product is used
• AI assistance (AskAggy) — to power the AI Q&A feature

Some of these providers operate outside Australia, primarily in the United States. We choose providers carefully, all are bound by data-processing agreements, and they process information on our behalf rather than for their own purposes.

Your medical information — medications, conditions, emergency card details, uploaded documents — remains in our Australian database and is not shared with these providers.

About AskAggy: When you ask Aggy a question, the question and relevant plan context is sent to our AI provider to generate a response. We don't include your name, email, or identifying details in those requests.

We never sell your data to any third party. We never share your information with aged care providers, insurers, government agencies, or advertisers. HeyAggy has no financial relationships with providers — we are a navigation guide, not a referral business.

Free service: We don't collect Medicare numbers, tax file numbers, or financial account details on the free /plan tool. Your aged care plan is generated without any identifying information.

AggyPlus subscribers: Your emergency card includes optional fields where you can choose to add medical information including your Medicare number. These fields are never required — you choose what to share. If you add a Medicare number, it's stored encrypted at rest in our Australian database alongside your other emergency card details. Only you, and any nominee you explicitly authorise, can access it.

Documents in AggyPlus: Just-In-Case lets you organise important documents in three ways:

1. Describe where it is — text-only entry (e.g. "POA original is in the second drawer of my desk"). No document is stored, just your description.
2. Link to it — paste a link to where the document lives elsewhere (e.g. cloud storage). We store the link, not the document.
3. Upload it — if you choose to upload a file, it's stored in our Australian database, encrypted at rest, accessible only to you and any nominee you explicitly authorise.

Only the third option results in HeyAggy storing the actual document. The first two are descriptions or pointers.

We use anonymous analytics services for behavioural analytics. This uses cookies to track session data — page views, clicks, scroll depth. No personally identifiable information is collected. You can opt out via your browser's cookie settings.

Under the Australian Privacy Act 1988, you have the right to access, correct, or request deletion of any personal information we hold. For AggyPlus users, most of this is managed directly in your account settings. For any other request, contact us at aggy@heyaggy.com.

When you use the Just In Case feature, HeyAggy may store health information including your medications list and allergy details. This information is classified as sensitive information under the Australian Privacy Principles and is protected by additional safeguards.

Health information is encrypted using industry-standard encryption. Only you and family members you explicitly invite can access it. You can delete it at any time from Settings → Delete account.

If you use the medication photo feature, your photo is processed by our AI system to extract text and is immediately discarded. We do not store medication photos.

If you set up an emergency card, your nominated person receives an awareness email and can access the card via a secure link and a verification code sent to their email. You can revoke this access at any time from your dashboard.

Family members can request access to a deceased person's account by emailing aggy@heyaggy.com with a death certificate or statutory declaration. We will respond within 24 hours. Read-only access is granted for 30 days.

HeyAggy complies with the Australian Notifiable Data Breaches scheme. If a data breach is likely to cause serious harm, we will notify affected users and the Office of the Australian Information Commissioner within 30 days of becoming aware of the breach.

For privacy questions or to request deletion of your data: aggy@heyaggy.com