← Back to home

Privacy Policy

Last updated: January 2026

At RongoLab, we are committed to protecting privacy and handling personal information responsibly.

This Privacy Policy explains how we collect, use, store, and safeguard information when you use our website, request a demo, contact us, or use our clinic management platform.

Introduction

At RongoLab, we are committed to protecting privacy and handling personal information responsibly.

This Privacy Policy explains how we collect, use, store, and safeguard information when you use our website, request a demo, contact us, or use our clinic management platform.

This includes practitioners using our platform, clinics managing patient data, and individuals who interact with us for sales, support, or onboarding.

Definitions

"We", "us", and "our" refer to RongoLab.

"Service" refers to our clinic management platform and related website services.

"Customer" refers to a clinic, business, or practitioner using the Service.

"Personal Information" means information that identifies, or could reasonably identify, an individual.

"Patient Data" means information Customers record about their patients, including appointment history, treatment notes, clinical records, and ACC-related data.

Information We Collect

We collect information in three main ways.

  • Information collected directly from you, including your name, email address, phone number, clinic details, and billing information when you sign up, request a demo, or contact us.
  • Patient Data recorded by Customers when they use the platform. This may include patient identity details, appointments, treatment notes, clinical records, and ACC-related forms such as ACC45 and ACC32.
  • Technical and usage information such as IP address, browser type, device information, pages visited, and usage patterns.

How We Use Information

  • To provide, operate, maintain, and improve the Service.
  • To support clinic workflows including scheduling, records, billing, memberships, and ACC-related administration.
  • To respond to demo requests, onboarding questions, and support enquiries.
  • To protect system security, detect misuse, and maintain the integrity of the platform.
  • To send product updates, service notices, and relevant communications. You can opt out of non-essential marketing communications at any time.

Data Ownership and Our Role

For clinic software, this distinction matters. Customers control and own the patient data they enter into the platform.

RongoLab acts as a service provider and processor for that data. We do not treat patient data as our own business asset, and we do not use patient records for our own marketing purposes.

  • Customers decide what patient data is entered and how it is used for clinical or administrative purposes.
  • We process patient data only to provide the Service, support Customers, secure the platform, or comply with legal obligations.
  • Requests relating to patient records should usually be directed to the relevant clinic first. We will assist the clinic where appropriate.

Data Sharing

We do not sell personal information or patient data.

  • We may share information with trusted service providers such as hosting, communications, analytics, or support infrastructure providers acting on our behalf.
  • We may disclose information when required by law, regulation, court order, or lawful request.
  • We may use or disclose information where reasonably necessary to protect the Service, our rights, or the safety of Customers and users.
  • If RongoLab is involved in a merger, acquisition, restructuring, or sale of assets, information may be transferred as part of that transaction subject to appropriate safeguards.

Data Security

We take security seriously and use reasonable technical and organisational measures designed to protect personal information and clinic data.

  • Secure cloud infrastructure.
  • Encrypted transmission over HTTPS.
  • Restricted access controls and role-based access practices where appropriate.
  • Operational safeguards designed to reduce unauthorised access, loss, or misuse.

No system can guarantee absolute security, but we work to maintain protections appropriate to the nature of the information we process.

If a breach affecting personal information occurs, we will notify affected parties where required by applicable law.

Cookies

We use cookies and similar technologies to maintain login sessions, improve usability, understand product performance, and support security controls.

You can disable cookies in your browser, but some parts of the Service may not function properly if you do.

Your Rights

Depending on your location and applicable law, including the New Zealand Privacy Act 2020, you may have rights to access or correct personal information we hold about you and, in some cases, request deletion.

Where a request relates to patient records held by a clinic, the clinic is usually the first point of contact because it controls that patient data.

Data Retention

We retain personal information only for as long as reasonably necessary to provide the Service, meet legal and contractual obligations, resolve disputes, and enforce our agreements.

Third-Party Services

We may use third-party providers for infrastructure and related services, including hosting, communications, email delivery, and analytics. These providers process data only on our behalf and subject to appropriate safeguards.

Children's Privacy

Our Service is intended for clinics and practitioners and is not directed to individuals under 18 for consumer use. We do not knowingly collect personal information directly from children through our public website.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update this page and revise the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or how information is handled, contact us at hello@rongokit.co.nz.