Contents
| Part | Clauses |
|---|---|
| Main terms | 1–46 |
| Schedule 1 — Professional Use and AI Limitations | S1.1–S1.12 |
| Schedule 2 — Data Processing and Security Addendum | S2.1–S2.22 |
| Schedule 3 — Website and Marketing Terms | S3.1–S3.18 |
| Schedule 4 — Order Form Terms | S4.1–S4.2 |
1. Parties
These Terms of Service form a legal agreement between SYMALA Pty Ltd ACN 697 854 596 ABN 89 697 854 596, trading as SYMALA, and the Customer.
Customer means the person, clinic, practice, organisation, company, school, education provider or other entity that creates an account, purchases a Subscription, signs an Order Form, or otherwise accesses or uses the Service.
If an individual accepts these Terms on behalf of an organisation, that individual represents that they have authority to bind that organisation.
2. Agreement to these Terms
By creating an account, accessing the Service, purchasing a Subscription, signing an Order Form, submitting Customer Data or otherwise using the Service, the Customer agrees to these Terms.
If the Customer does not agree to these Terms, the Customer must not access or use the Service.
These Terms include all schedules attached to them. The schedules form part of the agreement between SYMALA and the Customer.
3. Definitions
| Term | Meaning |
|---|---|
| Account | The account created to access the Service. |
| Admin User | A User authorised to manage the Customer account, billing, users, permissions and settings. |
| AI Output | Any text, summary, draft, evidence table, resource, explanation, gap-identification note, citation note, draft pathway consideration, report text or other output generated or assisted by the Service for professional review. AI Output does not mean a final diagnosis, treatment determination, therapy plan, intervention plan, risk triage decision, funding eligibility decision or autonomous clinical decision. |
| Client Data | Information about a patient, client, student, family member, caregiver or other third party entered, uploaded where functionality is made available, generated through, or otherwise submitted by or on behalf of the Customer. |
| Customer Data | All data, content, prompts, inputs, Client Data, account data, usage data, support data, generated outputs and other materials submitted to or generated through the Service by or on behalf of the Customer. |
| Direct Identifiers | Information that directly identifies or is designed to directly identify an individual, including full name, date of birth, address, phone number, email address, Medicare number, NDIS number, claim number, school identifier, medical record number or other unique identifier. |
| Documentation | User guides, help articles, service descriptions, technical notes, policy documents or onboarding materials published by SYMALA. |
| Material Breach | A breach of these Terms that is incapable of remedy, or that is capable of remedy but is not remedied within 14 days after written notice from the non-breaching party requiring remedy. |
| Order Form | A signed or online order, checkout, proposal, statement of work or other ordering document specifying plan, fees, users, modules or special terms. |
| Privacy Policy | The SYMALA Privacy Policy published at https://www.symala.io as updated from time to time. |
| Service | The SYMALA platform, website, software, AI tools, evidence retrieval features, evidence-bound information output features, gap-identification features, drafting features, resources, support services and related functionality provided by SYMALA. |
| Subscription | The paid access plan purchased by the Customer. |
| User | An individual authorised by the Customer to access or use the Service. |
4. Order of precedence
If there is inconsistency between documents, the following order applies unless a signed or negotiated agreement states otherwise:
signed Order Form or negotiated agreement;
these Terms;
Schedule 2 — Data Processing and Security Addendum;
Privacy Policy;
Documentation.
5. Service description
SYMALA provides a software platform designed to support authorised professional users with evidence search and summarisation, evidence-bound information output, gap identification, drafting support for workflow and professional documents, and related professional-use functions.
At launch, the Service may include modules for evidence search and summarisation, evidence-bound output generation, gap identification, drafting support and professional workflow support. Features may vary by plan, configuration, availability and dependency on third-party providers.
The Service is not intended to replace professional judgement, direct assessment, supervision, clinical governance, professional standards, legal obligations, workplace policies or funder requirements.
6. Website use and general information
The website at https://www.symala.io is operated by SYMALA. Website content is general information only and is not medical advice, therapy advice, professional supervision, legal advice, regulatory advice, funding advice, business advice or a substitute for professional judgement.
Product descriptions explain intended features and capabilities at a general level. Features may change over time and may be unavailable, limited, in development, subject to plan restrictions or dependent on third-party providers.
7. Intended users
The Service is intended for use by qualified allied health professionals, allied health assistants or students operating under appropriate supervision, authorised clinic, practice or organisational staff, education professionals where the Service is used within scope, and other users expressly authorised by SYMALA.
The Service is not intended for direct use by patients, clients, students, families or the general public to obtain diagnosis, treatment, therapy, crisis advice or health advice.
8. Professional responsibility and AI limitations
The Customer acknowledges that:
AI Outputs may be incomplete, inaccurate, inappropriate, outdated, misleading, unsupported or unsuitable for a particular client or context;
SYMALA outputs are intended to be grounded in identified source material, published evidence, guidelines or user-provided professional information;
where information or evidence is insufficient, SYMALA should identify the gap, uncertainty or limitation rather than generate an unsupported conclusion;
the Service may not identify all relevant literature, guidelines, risks, contraindications, client-specific factors, cultural considerations, legal requirements or practice obligations;
the Customer and its Users remain solely responsible for reviewing, verifying, modifying, approving and using any AI Output;
the Service is not intended to monitor a disease, injury, disability or health condition, predict prognosis, triage urgent or emergency risk, or provide medical-device clinical decision support system functionality;
the Service does not diagnose, prescribe, determine treatment, determine funding eligibility, replace assessment, replace professional reasoning and/or clinical governance or make autonomous clinical decisions; and
the Service must not be used as the sole basis for clinical, therapeutic, educational, legal, financial, safeguarding, funding, risk or professional decisions.
The Customer must ensure that all Users understand and comply with Schedule 1 — Professional Use and AI Limitations.
8A. TGA and medical device status
SYMALA is intended to be used as professional support software for authorised professional users. It supports evidence search and summarisation, evidence-bound information output, gap identification, drafting support and professional workflow support.
SYMALA is not intended to diagnose, prescribe, determine treatment, determine funding eligibility, triage urgent or emergency risk, monitor a disease, injury, disability or health condition, predict prognosis, replace professional assessment, replace professional reasoning, replace clinical governance or make autonomous clinical decisions.
SYMALA is not intended to be supplied as medical-device clinical decision support system software.
SYMALA does not represent that the Service is TGA-approved, TGA-registered, TGA-compliant, TGA-exempt, TGA-excluded, outside TGA regulation or CDSS exempt.
SYMALA may reassess its regulatory position if the intended purpose, features, outputs, claims, data types or regulatory requirements change. The Customer must not use the Service outside its intended purpose or in a way that would convert outputs into diagnosis, treatment determination, risk triage, funding eligibility decisions or autonomous clinical decisions.
9. No emergency, crisis or urgent-use function
The Service must not be used for emergency care, crisis support, urgent clinical decision-making, imminent risk assessment, acute safeguarding decisions or any situation where delay, error or incomplete information may cause harm.
If urgent risk is present, the Customer and Users must follow their professional obligations, workplace procedures, emergency services pathways and applicable laws.
10. Account setup and access
The Customer must provide accurate account, billing and contact information. The Customer is responsible for selecting and managing Admin Users, maintaining accurate User lists, removing access for staff who leave or no longer require access, ensuring secure account practices, preventing unauthorised account sharing, notifying SYMALA promptly of suspected unauthorised access, and ensuring all Users comply with these Terms.
SYMALA may refuse, suspend or terminate access where account information is false, incomplete or misleading or where access presents a legal, privacy, security or operational risk that cannot reasonably be mitigated.
11. Customer Data and authority to use data
The Customer remains responsible for Customer Data submitted to the Service. The Customer represents and warrants that it has the right, authority and any required consents to submit Customer Data to the Service, has complied with applicable privacy, confidentiality, consent, health records, professional and workplace obligations before submitting Customer Data, and will ensure Users understand what data may and may not be submitted.
The Customer must not submit unnecessary Direct Identifiers or sensitive information. The Customer must ensure Client Data is de-identified, pseudonymised or minimised where practicable.
12. Direct identifiers, de-identification and user review
Unless the Customer has received written confirmation from SYMALA that a specific feature is designed and approved to process Direct Identifiers, the Customer must not submit Direct Identifiers to the Service.
The Customer must remove or avoid entering names, dates of birth, addresses, phone numbers, email addresses, Medicare numbers, NDIS numbers, claim numbers, school identifiers, record numbers and other identifying details unless strictly necessary and authorised.
SYMALA includes automatic redaction and de-identification functionality designed to detect and remove direct personal identifiers before information is submitted for downstream processing by cloud AI providers. This is a product safeguard. It is not a guarantee that all identifiers, sensitive information or re-identification risks will be removed.
The Service is designed to require User review of the auto-redacted or de-identified version before submission to downstream cloud AI providers. Customers and Users remain responsible for checking all information before submission and ensuring that unnecessary personal information, Direct Identifiers and sensitive information are removed or minimised.
Detailed clinical, functional, behavioural, disability, education or family context may still be sensitive or potentially identifying even after direct identifiers are removed.
13. AI processing and model training position
Customer Data may be processed by AI/model providers used by SYMALA to provide the Service. Customer Data is not used by SYMALA to train third-party foundation models, and SYMALA does not authorise its AI/model providers to use Customer Data to train their foundation models unless expressly agreed by the Customer in writing.
SYMALA may use de-identified or aggregated information for analytics, security, benchmarking and product improvement where individuals and Customers are not reasonably identifiable.
14. Customer restrictions
The Customer and Users must not:
use the Service unlawfully or outside its intended purpose;
use the Service to provide direct patient-facing diagnosis, treatment or crisis advice;
use the Service to rank, select or prioritise a specific intervention as clinically indicated for a specific client;
use the Service to generate a treatment plan, therapy plan or intervention plan presented as ready for clinical implementation;
use assessment scores entered into the Service to determine severity, diagnosis, prognosis, treatment need, clinical risk level or funding eligibility;
use AI Outputs as medical-device clinical decision support, clinical recommendations, treatment determinations, diagnostic outputs, risk triage, prognosis, monitoring decisions or autonomous clinical conclusions;
represent SYMALA outputs as TGA-reviewed, TGA-approved, TGA-exempt, TGA-excluded, CDSS-exempt, clinically validated or independently verified clinical recommendations;
rely on AI Outputs without professional review;
submit Customer Data without authority, consent or lawful basis;
submit excessive or unnecessary sensitive information;
upload malware or harmful code;
attempt to reverse engineer, scrape, overload, probe or interfere with the Service;
share login credentials;
use the Service to create misleading, fraudulent or deceptive documents;
misrepresent AI Outputs as independently verified professional conclusions where they have not been reviewed;
use the Service to determine funding eligibility;
use the Service to triage emergency, crisis, safeguarding or urgent-risk situations;
infringe intellectual property rights;
breach confidentiality, privacy, professional, safeguarding or workplace duties; or
remove or obscure warnings, disclaimers or source information.
15. Evidence, sources and third-party content
The Service may retrieve, summarise, quote, rank, cite, classify or refer to third-party research, guidelines, web content, publications or resources. SYMALA does not guarantee that all relevant sources are identified, that sources are current or accurate, that source rankings are clinically correct, that cited material applies to a particular client, that links remain available, that third-party content is free of error or bias, or that every gap, limitation, contraindication, precaution, risk or alternative will be identified.
The Customer and Users must inspect and verify source material where professional reliance is required.
16. Demos, examples, downloads and website resources
Demos, screenshots, sample outputs, sample cases, examples, templates, downloadable resources and illustrations are provided for general information and demonstration only. They must not be treated as advice, clinical recommendations, validated outputs, real client records or guaranteed product behaviour.
Any sample client, case, clinic, user, document or scenario is fictional unless expressly stated otherwise. Users must adapt resources to their own context and must not rely on them without considering client-specific, professional, legal, workplace and local requirements.
Downloaded resources may not be resold, redistributed, republished or represented as SYMALA-approved professional advice unless SYMALA gives written permission.
17. Enquiry forms, marketing communications and tracking
Where a person submits an enquiry, booking request, demo request, contact form, waitlist form or other website form, SYMALA may use the submitted information to respond to the enquiry, provide requested information, arrange a demo or meeting, assess customer suitability, provide onboarding information, send service-related communications, send marketing communications where permitted, and maintain business records.
SYMALA may send marketing communications where permitted by law. Marketing communications will identify SYMALA as the sender and include a functional unsubscribe mechanism where required by the Spam Act 2003 (Cth). SYMALA will honour unsubscribe requests within 5 business days as required by section 16 of the Spam Act 2003 (Cth).
Launch website tracking tools are limited to Google Analytics 4 through Google Tag Manager and the LinkedIn Insight Tag, used only on public marketing pages. SYMALA does not use Meta Pixel or TikTok Pixel at launch. Tracking pixels must not be installed inside authenticated app areas or on pages where client, case, health, disability, education or other sensitive Customer Data is entered or displayed.
18. Subscription, fees and payment
The Customer must pay the fees set out in the applicable Order Form, pricing page or subscription checkout. Billing periods may be monthly or annual. Fees are in Australian dollars unless otherwise stated. Fees include GST where GST applies, unless stated otherwise.
Payments may be processed by Xero and/or another payment service notified to the Customer. Unless otherwise stated:
Subscriptions renew automatically at the end of each billing period;
the Customer authorises SYMALA or its payment provider to charge the nominated payment method;
the Customer must keep billing details current; and
SYMALA may suspend access for unpaid fees after providing the notice and cure period in clause 33.
For annual Subscriptions, SYMALA will send a renewal reminder to the billing contact at least 14 days before the renewal date. For monthly Subscriptions, the Customer may cancel at any time in accordance with clause 19 and a reminder is not provided before each monthly renewal.
19. Plan changes, cancellation and refunds
The Customer may upgrade, downgrade or cancel a Subscription in accordance with account settings or by contacting support@symala.io. Downgrades or cancellations take effect at the end of the current billing period unless SYMALA agrees otherwise in writing.
Where a downgrade reduces available features, storage, users or usage limits, the Customer is responsible for exporting or deleting data before the downgrade takes effect.
Except where required by law or expressly agreed by SYMALA, fees are non-refundable once the relevant billing period has commenced. The Customer may request a refund for a mistaken purchase within 14 days of purchase, and SYMALA will refund the fees in full unless the Customer has materially used the Service during that period. Duplicate charges caused by billing error will be refunded or credited.
Nothing in this clause excludes, restricts or modifies any right or remedy of the Customer under the Australian Consumer Law that cannot be excluded, restricted or modified by agreement.
20. Service availability, support and changes
SYMALA will use reasonable efforts to provide the Service with reasonable skill and care. SYMALA does not guarantee uninterrupted, error-free, secure or always-available operation.
SYMALA may modify, suspend, restrict or discontinue features where reasonably necessary for security, legal compliance, maintenance, technical improvement or a change in a third-party provider. SYMALA will give the Customer reasonable prior notice of any change that would materially and adversely reduce the functionality of a paid feature on which the Customer relies, unless the change is required to address a security, legal or safety issue.
If SYMALA discontinues a paid feature that materially and adversely affects the Customer's use of the Service, the Customer may terminate the affected Subscription with effect from the date the change takes effect and SYMALA will refund any pre-paid fees for the period after termination on a pro-rata basis.
Support is available via support@symala.io during Australian business hours, Monday to Friday, excluding Queensland public holidays. Target response times are:
Critical issue: 2 business days;
High priority issue: 4 business days;
General support: 5 business days.
These response times are targets only unless an executed Service Level Agreement states otherwise.
21. Customer systems and integrations
The Customer is responsible for internet access, devices, browsers, networks, practice management systems, permissions and third-party tools used with the Service. Where the Service integrates with third-party systems, SYMALA is not responsible for errors, outages, data loss, security issues or changes caused by those third parties, except to the extent caused by SYMALA's negligence or breach of these Terms.
22. Intellectual property
SYMALA and its licensors own all rights, title and interest in the Service, software, models, workflows, designs, interface, documentation, templates, prompts, systems, methods, databases, branding, website content and platform content, except Customer Data.
The Customer receives a limited, non-exclusive, non-transferable, revocable right to access and use the Service during the Subscription term in accordance with these Terms. The Customer must not copy, modify, reproduce, resell, sublicense, reverse engineer or create derivative works from the Service except as expressly permitted.
23. Customer Data ownership
The Customer retains ownership of Customer Data. The Customer grants SYMALA a limited licence to host, process, transmit, store, analyse, display, generate outputs from and otherwise use Customer Data as required to provide, secure, support, maintain and improve the Service in accordance with these Terms, the Privacy Policy and Schedule 2 — Data Processing and Security Addendum.
24. AI Outputs
Subject to payment of applicable fees and compliance with these Terms, the Customer may use AI Outputs for its internal professional and business purposes.
The Customer is responsible for reviewing, editing and approving AI Outputs before using them in reports, professional notes, client resources, emails, plans, records, funding-related documents, education materials or other professional contexts.
AI Outputs are evidence-bound professional information outputs for User review. They are not final professional advice, diagnosis, treatment determination, funding eligibility decision, emergency decision support or autonomous clinical decision-making.
AI Outputs must not be treated as clinical recommendations, treatment plans, therapy plans, intervention plans, risk classifications, prognosis, monitoring decisions or medical-device clinical decision support.
SYMALA may generate similar or identical outputs for other customers because AI systems and evidence-based content may produce overlapping material.
25. Feedback
If the Customer or Users provide suggestions, comments, ideas, corrections, feature requests or other feedback, SYMALA may use that feedback without restriction or payment, provided SYMALA does not disclose Customer confidential information or personal information contrary to its legal obligations.
26. Confidentiality
Each party must keep the other party's confidential information confidential and must not use or disclose it except to perform obligations under these Terms, with consent, to professional advisers under confidentiality obligations, to comply with law, court order or regulator request, or as otherwise permitted by these Terms.
Confidential information does not include information that is public, already known without breach, independently developed or lawfully received from another source.
27. Privacy and security
SYMALA handles personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, the Privacy Policy and Schedule 2 — Data Processing and Security Addendum. The Customer must comply with its own privacy, health records, consent, confidentiality and professional obligations.
28. Regulatory and professional compliance
The Customer is responsible for determining whether and how use of the Service fits within the Customer's professional, regulatory, clinical governance, recordkeeping, supervision, consent, insurance, workplace and funder obligations.
SYMALA does not provide legal, medical, therapeutic, professional supervision, insurance, funding or regulatory advice.
29. Australian Consumer Law
Nothing in these Terms excludes, restricts or modifies any consumer guarantee, right, remedy, condition or warranty that cannot lawfully be excluded, restricted or modified, including under Schedule 2 to the Competition and Consumer Act 2010 (Cth) (Australian Consumer Law). Subject to those non-excludable rights, the Service is provided on an “as is” and “as available” basis.
To the extent the Customer is a consumer and the Service is of a kind ordinarily acquired for personal, domestic or household use or consumption, and to the extent permitted by section 64A of the Australian Consumer Law, SYMALA's liability for a failure to comply with a consumer guarantee is limited at SYMALA's election to one of: re-supplying the Service; or paying the cost of having the Service re-supplied.
30. Disclaimers
To the maximum extent permitted by law, SYMALA does not warrant that the Service will be uninterrupted, secure, error-free or free from harmful components; that AI Outputs will be accurate, complete, current, appropriate or suitable for any particular client or purpose; that all relevant evidence, risks, gaps, limitations, contraindications, precautions or alternatives will be identified; that the Service will meet the Customer's specific professional, operational or regulatory requirements; or that defects will be corrected within a particular timeframe.
31. Liability
To the maximum extent permitted by law, neither party is liable to the other for indirect, consequential, special, exemplary or punitive loss, loss of profit, loss of revenue, loss of goodwill, loss of opportunity, loss of data, business interruption, professional liability, clinical decisions, funding decisions, treatment decisions or claims arising from a Customer or User's reliance on AI Outputs without appropriate professional review.
Subject to the rights and remedies that cannot be excluded under law, SYMALA's aggregate liability to the Customer arising out of or relating to these Terms in any 12-month period is limited to the greater of: (a) the fees paid by the Customer to SYMALA in the 12 months immediately before the event giving rise to the claim; and (b) AUD 5,000.
The limitation in this clause does not apply to liability for: a party's breach of clause 22 (Intellectual property); a party's breach of clause 26 (Confidentiality); SYMALA's wilful misconduct or fraud; or liability that cannot be limited by law.
32. Customer indemnity
The Customer indemnifies SYMALA against direct losses, liabilities, costs and expenses (including reasonable legal costs on a solicitor and own client basis) suffered or incurred by SYMALA as a result of, or in connection with, a third-party claim arising from:
Customer Data submitted without authority, consent or lawful basis;
misuse of the Service by the Customer or its Users in breach of these Terms;
breach of privacy, confidentiality, professional, workplace or regulatory obligations by the Customer or its Users;
professional decisions, reports, advice, recommendations or services provided by the Customer or its Users; or
use of AI Outputs by the Customer or its Users without appropriate professional review.
The Customer's liability under this indemnity is reduced to the extent the relevant claim is caused or contributed to by SYMALA's breach of these Terms, negligence or wilful misconduct. The exclusion of indirect and consequential loss in clause 31 applies to this indemnity.
33. Suspension
SYMALA may suspend access to the Service if:
fees are unpaid after the Customer has been given at least 7 days’ written notice and an opportunity to remedy;
there is reasonably suspected unauthorised access to the Account;
the Customer or a User has breached these Terms in a way that, if not stopped, would expose SYMALA, the Customer or a third party to material legal, privacy, security or safety risk;
suspension is required by law, a regulator or a court order; or
a third-party provider on which the Service depends requires suspension for security or legal reasons.
Except where suspension is required immediately to address a security, legal or safety issue, SYMALA will give the Customer reasonable prior notice and an opportunity to remedy before suspending access. Suspension will be no broader and no longer than reasonably necessary to address the issue.
34. Termination
Either party may terminate a Subscription for convenience in accordance with the applicable Order Form, subscription settings or by giving 30 days’ written notice (or such shorter notice as the parties agree in writing).
Either party may terminate these Terms immediately by written notice if the other party commits a Material Breach, becomes insolvent, has an administrator, liquidator or receiver appointed, enters into an arrangement with creditors, or ceases to carry on business.
SYMALA may also terminate these Terms immediately by written notice if continued provision of the Service would expose SYMALA to material legal, regulatory or safety risk that cannot reasonably be mitigated.
On termination, access ends, unpaid fees become due, Customer Data will be retained, exported or deleted in accordance with Schedule 2, and clauses intended to survive termination continue to apply (see clause 43).
35. Changes to these Terms
SYMALA may update these Terms from time to time. SYMALA will give the Customer at least 30 days’ written notice of any change that materially and adversely affects the Customer's rights or obligations, unless the change is required to comply with a law, regulator request or court order.
If the Customer does not accept a material change, the Customer may terminate the affected Subscription with effect from the date the change takes effect and SYMALA will refund any pre-paid fees for the period after termination on a pro-rata basis. Continued use of the Service after the effective date of an updated version of these Terms is taken to be acceptance of the updated Terms.
Non-material changes (including drafting corrections, formatting changes and clarifications that do not materially affect the Customer's rights or obligations) may be made by publishing an updated version of these Terms at https://www.symala.io.
36. Notices
Notices to SYMALA must be sent in writing to legal@symala.io.
Notices to the Customer may be sent by email to the account owner, Admin User, billing contact or other email address associated with the Account, or by in-app notification.
A notice sent by email is taken to be received at the time the email is sent unless the sender receives an automated delivery failure response.
37. Insurance
SYMALA will maintain insurance appropriate to the nature, scale and risk of the Service, which at launch is intended to include public liability insurance, professional indemnity insurance and cyber liability insurance, in each case with limits reasonably considered appropriate by SYMALA from time to time having regard to the size of the Customer base and the nature of Customer Data processed by the Service.
SYMALA will, on reasonable written request from a Customer, provide a written summary of the insurance maintained by SYMALA, subject to any confidentiality restrictions of its insurer.
38. Assignment and subcontracting
The Customer must not assign, novate or transfer any of its rights or obligations under these Terms without SYMALA's prior written consent, which will not be unreasonably withheld.
SYMALA may assign, novate or transfer its rights and obligations under these Terms, or any part of them, to a related body corporate or in connection with a sale of all or substantially all of the business of SYMALA, on written notice to the Customer.
SYMALA may subcontract the performance of any of its obligations under these Terms, but remains responsible to the Customer for the performance of those obligations.
39. Force majeure
Neither party is liable for any failure or delay in performing its obligations under these Terms (other than an obligation to pay money) to the extent the failure or delay is caused by an event beyond its reasonable control, including natural disaster, pandemic, epidemic, war, terrorism, civil unrest, government action, large-scale failure of internet or telecommunications infrastructure, failure of a third-party provider that the affected party could not reasonably have avoided, or cyber attack of a kind that could not reasonably have been prevented through industry-standard security controls.
The affected party must promptly notify the other party of the event and use reasonable efforts to mitigate its effect. If the event continues for more than 30 consecutive days and prevents performance of a material obligation, either party may terminate the affected Subscription by written notice, and SYMALA will refund any pre-paid fees for the period after termination on a pro-rata basis.
40. Severability
If any provision of these Terms is held by a court or tribunal of competent jurisdiction to be invalid, illegal or unenforceable, that provision is severed to the minimum extent necessary and the remaining provisions continue in full force and effect.
41. Entire agreement
These Terms (including the schedules and any Order Form or written agreement signed by the parties) constitute the entire agreement between the parties in relation to the subject matter of these Terms and supersede any prior representations, agreements, statements or understandings, whether written or oral. Each party acknowledges that it has not relied on any representation, statement or warranty that is not set out in these Terms.
42. No waiver
A failure or delay by a party in exercising a right or remedy under these Terms does not operate as a waiver of that right or remedy. A single or partial exercise of a right or remedy does not prevent any further exercise of that or any other right or remedy. A waiver is only effective if given in writing and signed by the party giving the waiver.
43. Survival
The following clauses survive termination or expiry of these Terms: clause 3 (Definitions), clause 8 (Professional responsibility and AI limitations), clause 8A (TGA and medical device status), clause 13 (AI processing and model training position), clause 22 (Intellectual property), clause 23 (Customer Data ownership), clause 25 (Feedback), clause 26 (Confidentiality), clause 27 (Privacy and security), clause 30 (Disclaimers), clause 31 (Liability), clause 32 (Customer indemnity), clause 36 (Notices), clause 40 (Severability), clause 41 (Entire agreement), clause 42 (No waiver), this clause 43, clause 44 (Dispute resolution), clause 45 (Governing law), and any provision of these Terms which expressly or by its nature is intended to survive termination.
44. Dispute resolution
If a dispute arises out of or in connection with these Terms, the party raising the dispute must give written notice to the other party setting out the nature of the dispute and the outcome sought. The parties must then negotiate in good faith for at least 21 days to resolve the dispute.
If the dispute is not resolved within 21 days of the notice, either party may refer the dispute to mediation administered by the Resolution Institute (or its successor) under the Resolution Institute Mediation Rules. The mediator's fees are to be shared equally between the parties unless the mediator orders otherwise.
This clause does not prevent either party from seeking urgent interlocutory or injunctive relief from a court.
45. Governing law
These Terms are governed by the laws of Queensland, Australia. The parties submit to the exclusive jurisdiction of the courts of Queensland, Australia and the courts of appeal from them.
46. Interpretation
In these Terms, headings are for convenience only and do not affect interpretation. A reference to legislation includes that legislation as amended or replaced from time to time. The singular includes the plural and vice versa. “Including” and “includes” are not words of limitation. A reference to a party includes that party's permitted successors and assigns. A reference to “writing” includes email.
Schedule 1 - Professional Use and AI Limitations
S1.1 Purpose
This Schedule explains the intended professional use of SYMALA and the limits of AI-generated outputs. All Customers and Users must read and comply with this Schedule before using SYMALA for professional work.
S1.2 Intended purpose
SYMALA is designed to support professional users with evidence search and summarisation, evidence-bound information output, gap identification, drafting support for workflow and professional documents, structured professional reasoning support, professional reflection and supervision preparation, and professional workflow support.
SYMALA outputs must be grounded in identified source material, published evidence, guidelines or user-provided professional information. Where there is insufficient evidence or insufficient user-provided information, SYMALA will identify the gap, uncertainty or limitation rather than generate an unsupported conclusion.
SYMALA is intended to assist qualified professionals. It is not intended to replace qualified professional judgement.
S1.3 Intended users
qualified allied health professionals;
supervised allied health students or assistants;
authorised clinic, practice or organisational staff;
education professionals using the Service within scope; and
authorised organisational users.
SYMALA is not intended for direct use by patients, clients, students, families or the general public for health, therapy, diagnosis, crisis, emergency or treatment advice.
S1.4 What SYMALA does not do
diagnose;
prescribe;
determine treatment;
determine funding eligibility;
replace assessment;
replace professional reasoning;
replace supervision;
replace clinical governance;
replace informed consent;
replace safeguarding procedures;
replace legal, regulatory, professional or insurance obligations;
provide emergency or crisis advice;
guarantee clinical, educational, functional or funding outcomes; or
make autonomous clinical decisions.
S1.5 Human review is mandatory
Users must independently review, verify, edit and approve all SYMALA outputs before use. Professional review must consider client-specific context, assessment findings, goals and preferences, risks and contraindications, cultural and family context, disability and developmental profile, professional scope of practice, relevant laws and standards, workplace policies, funder requirements, current evidence and professional judgement.
S1.6 AI output limitations
SYMALA outputs may still be incorrect, incomplete, outdated, overconfident, unsupported, unsuitable for the client, based on limited sources, affected by bias, poorly matched to local requirements, missing key risks, missing alternatives, affected by source, retrieval or model limitations, or incorrectly cited or linked to sources requiring manual verification.
Users must not assume that an output is accurate because it appears structured or confident.
S1.7 Evidence and citation limitations
Where SYMALA provides sources, citations, evidence summaries or ranked resources, Users must understand that not all relevant evidence may be retrieved, source ranking may be imperfect, citations may require manual verification, evidence may not apply to a specific client, older or lower-quality evidence may appear, local guidelines or policies may be missed, access restrictions may affect retrieved material, summaries may omit important limitations, and source material may be unavailable or insufficient for a requested output.
Users must inspect source material where professional reliance is required.
S1.8 Redaction and data minimisation
SYMALA includes automatic redaction and de-identification functionality designed to detect and remove direct personal identifiers before information is submitted for downstream processing. Direct identifiers may include names, dates of birth, addresses, phone numbers, email addresses, Medicare numbers, NDIS numbers, claim numbers, school identifiers, record numbers and similar identifiers.
Redaction and de-identification are additional safeguards. They do not replace User review. Customers and Users remain responsible for checking all information before submission and ensuring that unnecessary personal information, direct identifiers and sensitive information are removed or minimised.
S1.9 Excluded uses
emergency decision-making;
crisis response;
imminent risk assessment;
a substitute for assessment;
the sole basis for therapy or intervention planning;
the sole basis for reports or funding recommendations;
determining funding eligibility;
generating direct patient-facing diagnosis or treatment advice;
making autonomous decisions about a person;
use outside the User’s professional scope; or
use that breaches privacy, confidentiality or consent obligations.
S1.10 Professional records
If a User relies on a SYMALA output, the User remains responsible for deciding what is entered into the professional record, documenting clinical reasoning, documenting evidence relied on, documenting client-specific adaptations, documenting consent where required, and meeting recordkeeping standards.
SYMALA outputs must not be pasted into reports, plans, resources or records without professional review and editing.
S1.11 Use in supervision and team discussion
SYMALA may support supervision preparation, case reflection and team discussion. SYMALA does not replace supervision by an appropriately qualified professional.
S1.12 Mandatory signup acknowledgement
Each User must accept the following acknowledgement at signup. SYMALA will record acceptance against the User account.
“I understand that SYMALA is a professional support tool. It provides evidence-bound information output, gap identification and draft material for professional review. It does not diagnose, prescribe, determine treatment, determine funding eligibility or replace professional judgement and reasoning. I remain responsible for reviewing, verifying and approving all outputs before professional use.”
Schedule 2 — Data Processing and Security Addendum
S2.1 Purpose
This Data Processing and Security Addendum describes how SYMALA processes, protects, retains, deletes and supports Customer Data in connection with the Service. It forms part of these Terms and is intended to be publicly available so Customers can review SYMALA's data processing, subprocessor and security position before using the Service.
S2.2 Scope
This Addendum applies to Customer Data submitted to, generated through, stored in, or otherwise processed by the Service by or on behalf of a Customer. Customer Data may include Client Data, prompts, user-approved case inputs, generated outputs, account data, usage data, support data and uploaded documents where upload functionality is made available.
This Addendum does not apply to general website visitor data except where that data is also Customer Data. Website visitor data is addressed in the Privacy Policy and Schedule 3.
S2.3 Role of SYMALA and Customer
The Customer retains all rights in Customer Data. SYMALA receives a limited right to process Customer Data only as required to provide, maintain, secure, support, administer and improve the Service, or as otherwise agreed.
For privacy regimes that use controller and processor concepts, the Customer is generally the controller or equivalent decision-maker for Client Data, and SYMALA is generally a processor or service provider for that Client Data. SYMALA may act as an independent controller or equivalent decision-maker for account administration, billing, security, legal compliance, business communications, de-identified or aggregated data, and other processing it determines independently.
The Customer remains responsible for its own professional services, client relationships, consent, notices, recordkeeping, clinical or educational decisions, professional judgment and legal obligations.
S2.4 Processing purposes
account creation and administration;
authentication and access control;
operation, maintenance and improvement of the Service;
evidence-bound information output generation;
gap identification, evidence retrieval, evidence ranking, summarisation and drafting support;
support for workflow and professional document drafting;
customer support, onboarding and training;
billing, subscription management and account administration;
security monitoring, audit logging, abuse prevention and incident response;
error detection, debugging, reliability monitoring and service diagnostics;
de-identified or aggregated analytics, benchmarking and product improvement where individuals and Customers are not reasonably identifiable;
backup, disaster recovery, legal compliance and dispute management.
S2.5 Customer responsibilities
determining what data may be submitted to the Service;
obtaining consents or ensuring another lawful basis exists before submitting personal information or sensitive information;
providing required notices to clients, patients, students, families, carers, staff and other relevant individuals;
minimising Direct Identifiers and sensitive information;
reviewing and approving the redacted or de-identified version before submission for downstream processing;
controlling User access and removing access when no longer required;
ensuring Users comply with account, data-entry and professional-use requirements;
reviewing AI Outputs before use;
maintaining its own records where required; and
complying with its own privacy, health records, professional, workplace, funder and contractual obligations.
S2.6 Direct identifiers and de-identification workflow
Unless expressly agreed in writing, Customers and Users must not submit Direct Identifiers to the Service. If the Customer requires features that process Direct Identifiers, those features must be documented in an Order Form or separate written agreement, including any additional safeguards and retention settings.
SYMALA provides automatic redaction and de-identification functionality as a safeguard before downstream cloud AI processing. The workflow is designed so that the User reviews the auto-redacted or de-identified version before approving submission. The Customer and User remain responsible for that review and for ensuring unnecessary personal information, Direct Identifiers and sensitive information are removed or minimised.
No redaction or de-identification system is perfect. Detailed contextual information may still be sensitive or potentially identifying even where direct identifiers are removed.
S2.7 AI processing and training position
Customer Data is not used to train third-party foundation models. Customer Data may be processed by AI providers solely to provide the Service, subject to provider terms, technical safeguards and configuration selected by SYMALA.
SYMALA may use de-identified or aggregated information for analytics, security, benchmarking and product improvement where individuals and Customers are not reasonably identifiable.
S2.8 Subprocessors
SYMALA uses third-party providers to provide, host, secure, support, monitor, bill, communicate about and improve the Service. The material subprocessors used by SYMALA at launch are listed below.
| Provider | Purpose | Data processed | Location / region | Notes |
|---|---|---|---|---|
| OpenAI | AI model processing and output generation | Prompts, user-approved de-identified or minimised case inputs, generated outputs and related metadata | United States and other locations where OpenAI and its subprocessors operate | Used only to provide the Service. Customer Data is not authorised for third-party foundation model training. |
| Anthropic | AI model processing and output generation | Prompts, user-approved de-identified or minimised case inputs, generated outputs and related metadata | United States and other locations where Anthropic and its subprocessors operate | Used only to provide the Service. Customer Data is not authorised for third-party foundation model training. |
| Vercel | Application hosting, deployment, edge / network services and platform logs | Account data, application data, usage data, technical logs and service metadata | Global infrastructure, with primary serving region in Sydney, Australia where available | Used for application hosting and deployment. Sensitive Customer Data is not intentionally sent into logs. |
| Supabase | Database, authentication and storage | Account data, Customer Data, generated outputs, authentication data, audit logs and storage objects where enabled | ap-southeast-2 (Sydney, Australia) project region, plus Supabase global support infrastructure | Encryption and backups managed through Supabase configuration. Region confirmed in internal records. |
| Resend | Transactional email and customer communications | Email addresses, message content, delivery metadata and communication records | United States and other locations where Resend and its subprocessors operate | Used for account, onboarding, support and transactional email. |
| Xero | Billing, invoicing and payment administration | Billing contact details, invoice history, payment status, subscription and transaction metadata | Australia, New Zealand, United States and other locations where Xero and its subprocessors operate | SYMALA does not store full payment card details. |
| Google Analytics 4 / Google Tag Manager | Website analytics and tag management | Website usage events, device and browser metadata, approximate location and analytics identifiers | Australia, United States and other locations where Google and its subprocessors operate | Public marketing pages only. Not installed inside authenticated app areas handling Customer Data. |
| LinkedIn Insight Tag | B2B marketing attribution and website campaign measurement | Public website visit and conversion metadata, device and browser metadata and LinkedIn advertising identifiers where applicable | United States, European Union and other locations where LinkedIn / Microsoft and their subprocessors operate | Public marketing pages only. Loaded subject to the cookie consent mechanism described in section 11 of the Privacy Policy. |
SYMALA will take reasonable steps to assess subprocessors before use and require appropriate confidentiality, privacy and security obligations.
S2.9 Subprocessor changes
SYMALA may add, remove or replace subprocessors. SYMALA will give the Customer at least 30 days’ prior written notice of a material subprocessor change by email or in-app notice, unless a shorter period is required for security, legal or continuity reasons.
If the Customer has a reasonable privacy or security objection to a proposed material subprocessor change, the Customer may notify legal@symala.io within the notice period. The parties will discuss the objection in good faith. If the objection cannot reasonably be resolved within a further 30 days, the Customer may terminate the affected Subscription with effect from the date the change takes effect, and SYMALA will refund any pre-paid fees for the period after termination on a pro-rata basis.
S2.10 Overseas processing
Customer Data may be processed in Australia and overseas by SYMALA and its subprocessors. Known or expected processing locations include Australia, the United States, the European Union and other countries or regions where SYMALA's subprocessors or their subprocessors operate.
SYMALA remains accountable under Australian Privacy Principle 8 for the handling of personal information disclosed to overseas recipients. SYMALA takes reasonable steps to require overseas recipients to handle personal information consistently with the Australian Privacy Principles, including through provider due diligence, contractual terms, technical safeguards, access controls and data minimisation.
S2.11 Confidentiality and access
SYMALA restricts access to Customer Data to personnel and contractors who need access for authorised purposes. Personnel with access to Customer Data are subject to confidentiality obligations. Administrative access is limited to directors, authorised technical personnel and authorised support personnel. Access is granted, reviewed and revoked according to SYMALA's internal access control process.
S2.12 Security controls
| Control area | Current control | Owner | Review frequency |
|---|---|---|---|
| Encryption in transit | HTTPS / TLS used for data transmitted between users, SYMALA and core service providers where supported. | Directors / technical lead | At least annually and after material system changes |
| Encryption at rest | Data encrypted at rest by SYMALA's cloud infrastructure and database / storage providers where supported. | Directors / technical lead | At least annually and after material system changes |
| Authentication | User authentication managed through SYMALA's authentication provider and account access controls. | Directors / technical lead | At least annually and after material system changes |
| MFA for admin systems | MFA required for key administrative access where supported by the relevant system. | Directors / technical lead | At least annually and after material system changes |
| Role-based access | Access restricted to authorised personnel based on role and operational need. | Directors / technical lead | At least annually and when personnel change |
| Audit logging | Administrative, authentication, security and system events logged where supported by the relevant system. | Directors / technical lead | At least annually and after material system changes |
| Backup process | Backups managed through infrastructure and database providers, with retention controlled by provider settings and SYMALA configuration. | Directors / technical lead | At least annually |
| Vulnerability management | Dependencies, provider alerts and material security issues reviewed and remediated where required. | Directors / technical lead | At least annually and after material system changes |
| Secure development | Material changes reviewed before deployment with security and privacy risks considered. | Directors / technical lead | Ongoing |
| Secrets management | API keys, credentials and secrets stored in restricted environment or provider-managed secret settings and not intentionally stored in source code. | Directors / technical lead | At least annually and after material system changes |
| Incident response | Privacy and data breach response process maintained. | Directors | At least annually and after incidents |
| Supplier review | Subprocessors reviewed for role, data type, location and security and privacy suitability. | Directors | Before onboarding and at least annually |
S2.13 Support access
SYMALA support personnel may access Customer Data only where reasonably required to respond to a support request, troubleshoot an error, investigate suspected misuse or security risk, comply with legal obligations, or perform authorised administration.
Support access approval is required where access to Customer Data is needed. Support access is logged where supported by the relevant system or provider logs. Customer approval is not generally required where access is necessary to provide support, investigate security issues or comply with legal obligations.
S2.14 Security incidents and data breaches
SYMALA maintains an incident response process. If SYMALA becomes aware of a confirmed or reasonably suspected security incident affecting Customer Data, SYMALA will:
take reasonable steps to contain and assess the incident;
notify the Customer without undue delay where the incident materially affects Customer Data;
provide available information reasonably required by the Customer to assess its own obligations, including under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act 1988 (Cth);
take reasonable remediation steps; and
comply with legal notification obligations where applicable, including any obligation to notify the Office of the Australian Information Commissioner.
Customer notification target: as soon as practicable, and in any event within 72 hours, after SYMALA becomes aware of a confirmed or reasonably suspected incident materially affecting Customer Data. Notification may be sent to the Customer account owner, Admin User, privacy contact, security contact or other nominated Customer contact.
S2.15 Government access requests
SYMALA will only disclose Customer Data in response to a request from a law enforcement, regulatory or government body where required by Australian law or by another applicable law that binds SYMALA or one of its subprocessors.
Where lawful and practicable, SYMALA will notify the affected Customer before disclosure and will take reasonable steps to limit any disclosure to the minimum necessary to comply with the relevant requirement.
S2.16 Data retention
| Data category | Default retention | Customer-configurable? | Notes |
|---|---|---|---|
| Account data | For life of account, then up to 7 years after account closure | No | Retained for account administration, legal, tax, billing, dispute and compliance purposes. |
| User profile data | For life of account, then up to 7 years after account closure | Limited | User access may be removed earlier by the Customer. |
| Prompts / case inputs | For life of account, then deleted or de-identified within 90 days after account closure unless retention required by law or contract | Limited | Customers may request earlier deletion where technically and legally practicable. |
| Uploaded documents, where available | For life of account, then deleted within 90 days after account closure unless retention required by law or contract | Limited | Applies only where upload functionality is available. |
| Generated outputs | For life of account, then deleted or de-identified within 90 days after account closure unless retention required by law or contract | Limited | Retained so Users can access previous outputs during subscription. |
| Evidence retrieval cache | Up to 90 days unless retained as de-identified or non-customer-specific reference data | No | Direct Identifiers are not intentionally retained in the evidence cache. |
| Audit logs | Up to 7 years | No | Retained for security, access monitoring, misuse investigation, legal and compliance purposes. |
| Error logs | Up to 90 days | No | Sensitive Customer Data is not intentionally written to error logs. |
| Support tickets | Up to 7 years | No | Retained for customer support history, dispute management, legal and compliance purposes. |
| Billing records | 7 years | No | Retained for accounting, tax, audit and legal recordkeeping purposes. |
| Backups | Up to 90 days | No | Deleted data may remain in encrypted backups until the normal backup expiry cycle completes. |
S2.17 Data deletion
The Customer may request deletion of Customer Data by contacting support@symala.io or using available account deletion settings. The deletion-request target completion time is 30 calendar days where technically and legally practicable.
Deletion process: request received; requester identity and authority verified; data scope confirmed; deletion performed from active systems where technically practicable; deletion recorded; backup deletion occurs through the normal backup expiry cycle unless earlier deletion is technically feasible.
S2.18 Data export
Account export is limited and available on request where technically practicable. Case and output export is available where technically supported by the Service or by reasonable manual export process. Format may include PDF, DOCX, CSV or JSON depending on data type and technical availability. Export requests may be made to support@symala.io. The export completion target is 30 calendar days where technically practicable.
S2.19 De-identified and aggregated data
SYMALA may use de-identified or aggregated information for analytics, security, benchmarking and product improvement where individuals and Customers are not reasonably identifiable. Controls may include removal of Direct Identifiers, aggregation of usage metrics, restriction of access to raw datasets, review of de-identified datasets before wider use, and exclusion of rare or unique combinations where re-identification risk is material.
S2.20 Return or deletion on termination
After termination or expiry of the Subscription, Customer access remains available for export for 30 calendar days unless access is suspended for serious breach, security risk or legal reason. Customer Data is deleted from active systems within 90 days unless retention is required by law, contract, billing, dispute, security or compliance purposes. Backups expire within 90 days through the normal backup expiry cycle. Billing and legal records may be retained for up to 7 years. De-identified or aggregated data may be retained where individuals and Customers are not reasonably identifiable.
S2.21 Security questionnaires and audits
SYMALA may respond to reasonable security questionnaires from prospective or current Customers. Audit rights, if any, are limited to security questionnaires, summary security documentation, reasonable written information requests and independent audit reports if available. On-site audits are not available unless expressly agreed in writing.
S2.22 Customer obligations for downstream use
The Customer is responsible for ensuring that its use of SYMALA outputs, exports, reports, resources and records complies with applicable privacy, health records, professional, workplace, funder and legal obligations. The Customer must not represent SYMALA outputs as independently verified professional conclusions unless those outputs have been reviewed, edited and approved by an appropriately qualified person.
Schedule 3 — Website and Marketing Terms
S3.1 Website operator
The website at https://www.symala.io is operated by SYMALA Pty Ltd ACN 697 854 596 ABN 89 697 854 596, trading as SYMALA. Website enquiries may be sent to hello@symala.io.
S3.2 Website information
Information on the website is general information only. It is not medical advice, therapy advice, professional supervision, legal advice, regulatory advice, funding advice, business advice or a substitute for professional judgement. Users should obtain appropriate professional advice before relying on website content.
S3.3 Product descriptions
Product descriptions explain intended features and capabilities at a general level. Features may change over time. Some features may be unavailable, limited, in development, subject to plan restrictions or dependent on third-party providers. Where a feature is described as AI-enabled, outputs must be reviewed by a qualified professional before use.
S3.4 Demo content and examples
Demos, screenshots, sample outputs, sample cases, examples, templates and illustrations are provided for demonstration only. They must not be treated as advice, clinical recommendations, validated outputs, real client records or guaranteed product behaviour. Any sample client, case, clinic, user, document or scenario is fictional unless expressly stated otherwise.
S3.5 No outcome guarantees
SYMALA does not guarantee improved client outcomes, reduced professional risk, funding approval, diagnostic accuracy, treatment effectiveness, report acceptance, time savings, compliance with a specific professional obligation, error-free outputs, or identification of all relevant evidence, risks, gaps, limitations, contraindications, precautions or alternatives.
Any performance, time-saving, quality, compliance or outcome claim must be accurate and supported before publication.
S3.6 Testimonials and case studies
Testimonials, reviews and case studies must be accurate, consented, not misleading and not presented as guaranteed outcomes. SYMALA must not publish confidential or identifying information without authority, create unreasonable expectations, or imply guaranteed clinical, educational, functional or funding outcomes.
S3.7 Marketing claims
SYMALA must not publish claims that are false, misleading, unsupported or likely to create unreasonable expectations. Safer wording may include: supports professional reasoning; helps retrieve and review evidence; provides evidence-bound information output; identifies information gaps and limitations; drafts outputs for professional review; designed for qualified professionals; human review required; supports professional workflow.
S3.8 Website intellectual property
Website content, branding, text, design, interface, graphics, videos, downloads, templates and other materials are owned by SYMALA or its licensors unless stated otherwise. Users must not copy, reproduce, modify, distribute, publish, sell or commercially exploit website content without written permission. Users may view website content and download resources for their internal professional or business use where expressly permitted.
S3.9 Third-party links and resources
The website may contain links to third-party websites, publications, tools, articles, services or resources. SYMALA does not control and is not responsible for third-party content, availability, privacy practices, security, accuracy or suitability. Links are provided for convenience only and do not imply endorsement unless expressly stated.
S3.10 Cookies, analytics and advertising technology
The website may use cookies, pixels, local storage and analytics tools for essential website functions, security, analytics, remembering preferences, marketing attribution, improving website performance and understanding visitor behaviour.
Launch tools are Google Analytics 4 through Google Tag Manager and the LinkedIn Insight Tag on public marketing pages only. SYMALA does not use Meta Pixel or TikTok Pixel at launch. Non-essential tags load subject to the cookie consent mechanism described in section 11 of the Privacy Policy. Users can manage some cookies through browser settings. Some website functions may not work without essential cookies.
Tracking pixels must not be installed inside authenticated app areas or on pages where client, case, health, disability, education or other sensitive Customer Data is entered or displayed.
S3.11 Enquiry forms and contact forms
Where a person submits an enquiry, booking request, demo request, contact form, waitlist form or other website form, SYMALA may use submitted information to respond to the enquiry, provide requested information, arrange a demo or meeting, assess customer suitability, provide onboarding information, send service-related communications, send marketing communications where permitted, and maintain business records. Personal information submitted through website forms is handled in accordance with SYMALA's Privacy Policy.
S3.12 Marketing communications and unsubscribing
SYMALA may send marketing communications where permitted by law. Marketing communications will identify SYMALA as the sender, include accurate contact details and include a functional unsubscribe mechanism where required by the Spam Act 2003 (Cth). Users may unsubscribe by clicking the unsubscribe link in an email, replying as instructed in the message, or contacting support@symala.io. SYMALA will action unsubscribe requests within 5 business days as required by section 16 of the Spam Act 2003 (Cth).
SYMALA may still send transactional or service-related messages, including account verification, password reset, billing notices, subscription changes, security alerts, important service notices, support messages, onboarding messages and legal or policy update notices. Transactional messages will not include unnecessary promotional content.
S3.13 Social media
SYMALA social media content is general information only. Comments, direct messages or social media interactions do not create a professional, clinical, therapeutic, legal, regulatory or advisory relationship. SYMALA may remove, hide or moderate comments that are spam, abusive, misleading, confidential, identifying, unlawful, promotional, discriminatory, defamatory or inconsistent with community standards.
Users should not post personal information, client information, health information, confidential information or case details in public comments or social media messages.
S3.14 User comments and public submissions
Where the website allows comments, reviews, submissions or other user-generated content, users must not submit content that is unlawful, misleading, abusive, discriminatory or defamatory; infringes intellectual property rights; contains confidential information; identifies a client, patient, student, family or third party without authority; contains health information or sensitive information without authority; creates unreasonable expectations about clinical, educational, functional or funding outcomes; or promotes unsafe or inappropriate use of SYMALA. SYMALA may remove or moderate user-generated content at its discretion.
S3.15 Website availability and security
SYMALA does not guarantee that the website will be uninterrupted, secure, error-free or free from harmful components. SYMALA may modify, suspend or discontinue website content, pages, resources or features at any time. Users are responsible for using appropriate security measures when accessing the website, including secure devices, updated browsers and appropriate malware protection.
S3.16 Pricing and subscription information
Pricing, plans, features, inclusions and limits displayed on the website are subject to change unless expressly agreed in a signed Order Form or active subscription terms. Prices are in Australian dollars unless stated otherwise. Prices include GST where GST applies, unless stated otherwise.
S3.17 Accuracy of website content and website liability
SYMALA uses reasonable efforts to keep website content current and accurate. However, website content may contain errors, omissions, outdated information or incomplete descriptions. Users should not rely on website content as the sole basis for professional, clinical, educational, legal, funding, business or purchasing decisions.
To the maximum extent permitted by law, SYMALA is not liable for loss, damage, cost or expense arising from reliance on website content, use or inability to use the website, errors, omissions or outdated information, third-party links or resources, downloads or user-generated content, or unauthorised access, malware or technical issues affecting the website. Nothing in this clause excludes, restricts or modifies rights that cannot lawfully be excluded, restricted or modified.
S3.18 Relationship with other documents
Use of the SYMALA platform is governed by these Terms or an applicable Customer agreement. Handling of personal information is governed by SYMALA's Privacy Policy. Customer data processing and security arrangements are governed by Schedule 2.
Schedule 4 — Order Form Terms
S4.1 Order Forms
Where an Order Form is used, it should specify relevant commercial and account details, such as Customer legal name, Customer ABN or ACN, billing contact, Admin User, plan, number of users, included modules, billing period, fees, start date, renewal date and special terms.
An Order Form may be a signed proposal, online checkout confirmation, subscription page, invoice, statement of work or other ordering document accepted by SYMALA.
S4.2 Special terms
Special terms in a signed or expressly accepted Order Form override inconsistent provisions in these Terms only to the extent of the inconsistency. All other Terms continue to apply.