Back to home

Privacy Policy

Last updated: May 27, 2026

Introduction

We (“we”, “our”, or “us”) operates Holli, an AI-powered practice management platform for kinesiology and complementary health practitioners. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We take your privacy seriously and are committed to protecting your personal information and maintaining confidentiality of your practice data in accordance with applicable privacy laws, including the Australian Privacy Principles (APPs) and GDPR where applicable.

Information We Collect

Account Information

  • Name and email address
  • Password (encrypted)
  • Professional credentials and practice details
  • Payment information (processed securely by third-party payment processors)

Practice Data

  • Client information you enter (names, contact details, session notes)
  • Session transcriptions and recordings
  • Documents you upload (assessments, protocols, research papers)
  • AI-generated insights and recommendations
  • Journey recaps and pattern analyses

Usage Information

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage patterns and feature interactions
  • Performance data and error reports

How We Use Your Information

  • Provide Service: Deliver AI-powered insights, document generation, and practice management features
  • Improve Service: Analyze usage patterns to enhance features and user experience
  • Communication: Send service updates, security alerts, and support messages
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Compliance: Meet legal obligations and enforce our terms

Data Storage & Security

Storage Infrastructure

Your data is stored on Supabase (ISO 27001, SOC 2 Type II certified) with servers located in secure data centers. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3.

Security Measures

  • End-to-end encryption for sensitive data
  • Regular security audits and penetration testing
  • Multi-factor authentication support
  • Role-based access controls
  • Automated backups with 30-day retention
  • Secure API endpoints with rate limiting

Data Retention

We retain your account and practice data for as long as your account is active. Upon account deletion, we permanently remove your data within 30 days, except where required by law to retain records.

Data Sharing & Third Parties

We Do NOT Sell Your Data

We will never sell, rent, or trade your personal information or practice data to third parties for marketing purposes.

Service Providers

We share data with trusted service providers who help us operate Holli:

  • Supabase: Database and authentication (Data Processing Agreement in place)
  • OpenAI: AI processing for insights and document generation (no training on your data)
  • Deepgram: Speech-to-text transcription services
  • Resend: Transactional email delivery
  • Vercel: Hosting and content delivery

All service providers are bound by data protection agreements and process data solely for providing services to us.

Legal Requirements

We may disclose information if required by law, court order, subpoena, or to protect our rights, property, or safety.

Your Rights & Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your account and data
  • Export: Download your practice data in portable formats
  • Opt-out: Unsubscribe from marketing communications
  • Restrict Processing: Limit how we use certain data

To exercise these rights, contact us at hello@hollihq.com or use the account settings within the application.

Cookies & Tracking

We use essential cookies to maintain your session and authentication. We do not use third-party tracking cookies or analytics that identify individual users.

Essential cookies include:

  • Authentication tokens
  • Session management
  • Security and fraud prevention

Children's Privacy

If you believe a child has provided us with personal information, please contact us immediately.

International Data Transfers

If you access Holli from outside Australia, your data may be transferred to and processed in Australia or other countries where our service providers operate. We ensure adequate data protection through standard contractual clauses and other approved mechanisms.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the application. Continued use of Holli after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: hello@hollihq.com

Mail: KineDesign AI, [Address], Australia

Complaints

If you believe we have not handled your personal information appropriately, you have the right to lodge a complaint with:

  • Australia: Office of the Australian Information Commissioner (OAIC) atwww.oaic.gov.au
  • EU: Your local data protection authority