Privacy Policy

Effective date: 10 May 2025  ·  Last updated: 3 July 2026

Kin Tho (ABN 37 320 140 514) ("we", "us", "our") operates the For Samuel mobile application ("App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our App. We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Who we are

For Samuel is developed and operated by Kin Tho (ABN 37 320 140 514), an Australian sole trader. For privacy enquiries, contact us at privacy@forsamuel.com.au.

2. Information we collect

We collect information you provide directly, information generated through your use of the App, and limited technical information.

3. How we use your information

We do not use your personal information for direct marketing, and we do not sell or rent it (APP 7). Because For Samuel is a shared care record that links carers to the people they support, the service cannot be used anonymously or under a pseudonym — an identified account is required to attribute care entries and control who can access them (APP 2.2(b)).

4. Data sharing

We do not sell your personal information. We share data only with the following sub-processors who help us operate the service:

All third-party service providers are contractually required to protect your data and use it only to provide services to us.

5. Sensitive information

Care data entered into For Samuel may constitute sensitive health information under the Privacy Act. We treat all care data as sensitive: it is stored in a household-scoped, access-controlled database, never used for advertising, never shared with third parties beyond the sub-processors listed above, and never used to train AI models.

6. Data retention

We retain data in accordance with the following schedules:

7. Data security

All data is encrypted in transit using TLS 1.2+. Data at rest is encrypted using AES-256 by our infrastructure providers. Access to your care data is restricted to members of your household using authenticated sessions and row-level security policies enforced at the database layer.

In addition:

8. Your rights

Under the Privacy Act 1988 and the APPs you have the right to:

For anything you can't do in-app, contact us at privacy@forsamuel.com.au. We will respond within 30 days.

9. Children and children's data

For Samuel is directed at adults. Its subject matter is care coordination and record-keeping by carers; its features (shift schedules, invoicing, care plans, funding paperwork) are adult tasks; its visual design, language, and marketing are aimed at adults; it is not listed in any app-store "Made for Kids" or "Made for Families" category; and it contains no advertising of any kind. The App is intended for use by adults (18+) or by minors under the direct supervision of a parent or guardian who holds the account; by creating an account you confirm you are 18 or older, or that a parent or guardian is supervising your use.

We do not ask your age. Account creation deliberately collects no date of birth — a data-minimisation choice: an adult-directed service does not need it, so we do not hold it.

Care data about a child is entered by their authorised carers (parents or guardians), who hold responsibility for that data. The account-holding adult controls those records as far as our service is concerned, including their correction, export, and deletion.

United States (COPPA). Because the App is directed at adults and any information about a child is provided by the responsible adult account holder, we do not knowingly collect personal information directly from a child under 13. If you become aware that a child under 13 has independently created an account, contact us at privacy@forsamuel.com.au and we will delete the account and its data.

Privacy by default for every account (this also reflects the UK Children's Code and the California Age-Appropriate Design Code): only data you choose to record is stored; profiling for advertising is never performed; geolocation is never collected; there are no dark-pattern nudges to share more; and the highest-privacy protections (App Lock, biometric re-authentication on destructive actions, household-scoped access only) are available to every user without an upgrade.

10. Your rights by region

The rights described in section 8 reflect the Australian Privacy Principles. If you reside outside Australia, the following additional or equivalent rights apply.

We do not respond to legacy Do-Not-Track browser signals (no widely-adopted standard exists), but we do not engage in cross-site tracking or sale of personal information, which is what those signals were intended to address.

11. International transfers

Your care records and health data are stored at rest in Australia (Sydney region). Our application server, which processes your requests in transit, may be hosted in the United States; data is encrypted with TLS during transmission and is not retained on the application server beyond the duration of the request. Some of our service providers are located outside Australia, including in the United States and the European Union. Pseudonymous usage analytics are processed in the European Union, which maintains data protection standards broadly equivalent to the Australian Privacy Principles. Where personal data is transferred to the United States, we ensure it is protected by contractual arrangements at least equivalent to the Australian Privacy Principles, including Standard Contractual Clauses where applicable. For users in the UK and the European Economic Area: your data is transferred outside the UK/EEA (to Australia, and to the service providers listed in section 4) under appropriate safeguards, including the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and/or the UK Extension to the EU-U.S. Data Privacy Framework, as applicable to each provider.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email. Continued use of the App after the effective date constitutes acceptance of the updated policy.

13. Contact us

For privacy questions, to exercise your rights, or to report a suspected security issue or data breach affecting your information:
Email: privacy@forsamuel.com.au
Kin Tho (ABN 37 320 140 514), Australia

Security researchers and members of the public who identify a vulnerability that could affect personal information held in For Samuel are invited to email the same address. We respond to good-faith disclosures within five business days and will not take adverse action against researchers who follow responsible disclosure practice. If your report triggers our obligations under the Notifiable Data Breaches scheme, we will notify affected users and the Office of the Australian Information Commissioner within the statutory timeframe.


See also: Terms of Service  ·  Refund Policy  ·  Return to For Samuel