Echidna Systems Brandmark
Sign In

Privacy Policy

Last updated: 6 October 2025

1. Introduction

Echidna Systems Pty Ltd (“Echidna Systems”, “we”, “us”, “our”) provides a SaaS FHIR Terminology API service (the “Service”). This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you use the Service or otherwise interact with us.

Important assumption: We expect users to avoid sending personal health information (PHI) or other personally identifiable information (PII) through API requests. If such data are sent, they will be processed according to this policy.

2. Scope

This policy covers personal and usage information collected in connection with our Service, website, billing and support processes, and related communications. The Service is intended for businesses and individual professionals (for example, system integrators) rather than children.

3. Information We Collect

3.1 Information Collected Automatically (Service & Logs)

We collect data needed to operate, secure, and improve the Service. Examples include:

  • Pseudonymized IP address for authenticated traffic;
  • Raw IP address for unauthenticated requests (those without a valid API key) to support rate limiting and abuse prevention;
  • Originating country (provided by our CDN/security provider);
  • Request metadata: host, method, route/path, query parameter names and values, user-agent, response status, and response time;
  • Request body (where applicable) and any identifiers you include in requests (for example, customer or user IDs when sent with a valid API key).

3.2 Account, Billing & Support Information

When you create an account or purchase a subscription we may collect:

  • Organization and contact details (name, email, company name);
  • Subscription and billing-related details (subscription status, billing IDs provided by our payment processor);
  • Public identifiers associated with API keys and metadata needed to manage access and usage.

3.3 Communications

We retain the email addresses and content necessary to send transactional and support emails, and any content you provide in communications with our team.

4. How We Use Information

We use collected data to:

  • Provide, operate, maintain and improve the Service;
  • Manage accounts, subscriptions, billing and customer support;
  • Enforce usage limits, detect and prevent abuse and fraud;
  • Monitor performance, diagnose and fix technical and operational issues;
  • Comply with legal obligations and respond to lawful requests.

5. Sub-processors & Data Sharing

We use trusted third-party service providers (“subprocessors”) to help us deliver our services, including infrastructure hosting, payment processing, customer communications, and observability. These subprocessors may process limited personal information on our behalf solely for the purpose of providing their services to us.

We carefully evaluate all subprocessors to ensure they meet appropriate security and privacy standards. A current list of our subprocessors is maintained on a dedicated page and may be updated from time to time.

Examples of the types of providers we use are:

  • Hosting & infrastructure providers (CDN, VPS, storage);
  • Payment processors and billing platforms;
  • Observability and logging providers;
  • Email delivery providers.

In addition to the core service providers, we may also engage subprocessors to support:

  • Customer relationship management (CRM)
  • Customer support and helpdesk operations
  • Accounting and financial reporting

You can view the current list of subprocessors at: https://echidna.systems/subprocessors.

6. Data Retention

Unless you request otherwise, we retain account, billing, and usage information indefinitely to support ongoing subscriptions, audit and security needs, and for troubleshooting. If you wish to request deletion of your account data, contact us at privacy@echidna.systems (see Section 11).

7. International Transfers

We operate globally. Your information may be processed or stored in countries outside your jurisdiction (primarily the United States and European Union). Where required by law, we use appropriate safeguards for international transfers, such as standard contractual clauses.

8. Legal Basis (for EEA residents)

For individuals in the EEA, our lawful bases for processing include:

  • Performance of a contract: processing required to provide the Service and manage subscriptions;
  • Legitimate interests: such as improving and securing the Service, preventing abuse, and troubleshooting (we balance these interests against user rights);
  • Legal obligations: where processing is required by law;
  • Consent: where we rely on consent (for example, for optional marketing communications).

9. Security

We implement reasonable technical and organizational measures to protect data, including encryption in transit, hashing of secrets, limited access controls, and monitoring. While we strive to protect your information, no security measure is perfect or impenetrable.

10. Children

Our Service is not directed to children under 16. We do not knowingly collect personal data from children. If we learn that we have collected such data, we will take steps to delete it.

11. Your Rights & Choices

Subject to local law, you may have the right to:

  • Request access to personal data we hold about you;
  • Request correction or deletion of your personal data;
  • Request portability of your personal data;
  • Object to or restrict certain processing (for example, direct marketing based processing).

To exercise your rights or submit privacy requests, contact us at privacy@echidna.systems. We will verify requests as required by law before taking action.

12. Changes to This Policy

We may update this Privacy Policy occasionally. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify account contacts. The current authoritative policy will always be available on our website.

13. Contact

For privacy questions or to make a request, please contact:

Echidna Systems Pty Ltd
Email: privacy@echidna.systems