Privacy

When you complete the HeyAggy assessment, your answers are used only to generate your plan in real time. They are not sent to any server, not stored in any database, and not linked to your identity. When you close or refresh the page, your answers are gone.

If you choose to email your key steps, we collect your email address. It is used only to send that one email from aggy@heyaggy.com. We do not store it for marketing purposes unless you explicitly opt in to further communication.

We use Microsoft Clarity to collect anonymous session data (heatmaps, scroll depth, click patterns). This data does not include your assessment answers and cannot be linked to you personally.

AggyPlus stores your aged care plan, plan history, document index (links only — never the documents themselves), letters and wishes, reminders, and account preferences in a secure database.

Nothing in AggyPlus is ever shared unless you explicitly send it — by using the "Send now" function — or unless you invite a family member to access your plan. Even then, they see only what you choose to share.

The Just In Case auto-send feature triggers only after an inactivity period you set yourself. The recipient is someone you nominate. You can change or cancel this at any time.

AggyPlus uses Clerk for authentication (Google, Apple, or email), Supabase for secure data storage, and Resend for email delivery. All data is stored in Australia.

We never sell your data to any third party. We never share your information with aged care providers, insurers, government agencies, or advertisers. HeyAggy has no financial relationships with providers — we are a navigation guide, not a referral business.

We never ask for Medicare numbers, tax file numbers, or any financial account details. The financial questions in the assessment ask only for a general picture — no specific amounts, account numbers, or identifiers.

AggyPlus's document index stores links to files, not the files themselves. You store your documents in Google Drive, iCloud, Dropbox, or wherever you choose. Aggy stores a note of what exists and where to find it. HeyAggy never has access to the contents of your documents.

We use Microsoft Clarity for anonymous behavioural analytics. This uses cookies to track session data — page views, clicks, scroll depth. No personally identifiable information is collected. You can opt out via your browser's cookie settings.

Clarity complies with the Australian Privacy Principles (APPs). Its data is not linked to your assessment answers.

Under the Australian Privacy Act 1988, you have the right to access, correct, or request deletion of any personal information we hold. For AggyPlus users, most of this is managed directly in your account settings. For any other request, contact us at aggy@heyaggy.com.

Privacy questions: aggy@heyaggy.com · heyaggy.com · Australian owned and operated.

When you use the Just In Case feature, HeyAggy may store health information including your medications list and allergy details. This information is classified as sensitive information under the Australian Privacy Principles and is protected by additional safeguards.

Health information is encrypted using industry-standard encryption. Only you and family members you explicitly invite can access it. You can delete it at any time from Settings → Delete my data.

If you use the medication photo feature, your photo is processed by our AI system to extract text and is immediately discarded. We do not store medication photos.

If you set up an emergency card, your nominated person receives an awareness email and can access the card via a secure link and phone verification. You can revoke this access at any time from your dashboard.

Family members can request access to a deceased person's account by emailing aggy@heyaggy.com with a death certificate or statutory declaration. We will respond within 24 hours. Read-only access is granted for 30 days.

HeyAggy complies with the Australian Notifiable Data Breaches scheme. If a data breach is likely to cause serious harm, we will notify affected users and the Office of the Australian Information Commissioner within 30 days of becoming aware of the breach.

For privacy questions or to request deletion of your data: aggy@heyaggy.com