Cookies are small text files placed on your device by a website or web application when you visit or log in. They are widely used to keep services working correctly, to remember your preferences, and — where permitted — to collect aggregate information about how a service is used.
We also use related technologies that work in a similar way, including session storage and local storage (which store data in your browser rather than as a file on your device) and security tokens transmitted as HTTP headers. This policy covers all of these technologies collectively when we use the word "cookies".
Under the Privacy Act 1988 (Cth), cookies may constitute personal information where they can reasonably identify an individual. Where our cookies do so, we handle that information in accordance with the Australian Privacy Principles and our Privacy Policy.
ADMRL operates two distinct web services, each with a different purpose and a different cookie footprint:
- admrl.ai — Marketing website
- The public website you are reading now. It is used by prospective customers, referring practitioners, and the general public. It carries essential and analytics cookies.
- app.admrl.ai — Clinical platform
- The clinical assessment and reporting platform used exclusively by registered health practitioners and their authorised staff. It carries essential and security cookies only. No analytics or advertising cookies are used on the clinical platform.
Clinical context
Because the clinical platform processes health information — which is sensitive information under the Privacy Act 1988 (Cth) — we apply a deliberately minimal cookie footprint there. No third-party analytics, no remarketing, no behavioural tracking.
Essential cookies are strictly necessary for a service to function safely and correctly. They cannot be switched off without breaking core functionality. Under APP 3, we collect only what is reasonably necessary — these cookies meet that standard on both services.
Essential cookies do not require your prior consent under Australian law; however, we disclose them here in the spirit of APP 1 (open and transparent management of personal information).
admrl.ai — essential
| Cookie name |
Purpose |
Duration |
Type |
| cf_clearance |
Cloudflare DDoS and bot protection. Set after a browser challenge is passed. Required for uninterrupted access to the site. |
30 minutes |
Security |
| __cf_bm |
Cloudflare Bot Management. Distinguishes human visitors from automated traffic. Required to submit the waitlist form. |
30 minutes |
Security |
We use Google Analytics 4 (GA4) on the admrl.ai marketing website to understand aggregate traffic patterns — which pages are visited, how long visitors stay, and broad geographic and device trends. This helps us improve the website for health practitioners researching our platform.
Analytics cookies are used on admrl.ai only. They are not present on the clinical platform (app.admrl.ai), which handles health information.
We have enabled IP anonymisation in our GA4 configuration. Google anonymises your IP address before it is stored, meaning we do not retain a complete IP address in our analytics data.
Google Analytics data is processed by Google LLC and may be stored on servers in the United States. Google LLC is Privacy Shield successor-certified and processes data under standard contractual clauses. We have configured data retention at the minimum available period (2 months for user and event data). Under APP 8, we are satisfied that Google provides substantially similar privacy protections to those under the Australian Privacy Principles for this purpose.
admrl.ai — analytics
| Cookie name |
Purpose |
Duration |
Type |
| _ga |
Google Analytics client identifier. Distinguishes unique visitors for aggregate traffic reporting. Does not identify you personally. |
2 years |
Analytics |
| _ga_G-2205GT98NM |
GA4 session persistence cookie for the ADMRL property. Maintains session state across pages for aggregate session reporting. |
2 years |
Analytics |
| _gid |
Distinguishes unique visitors for a 24-hour window. Resets daily. |
24 hours |
Analytics |
What Google Analytics does not do
GA4 on admrl.ai does not track you across other websites, build an advertising profile, or link your browsing behaviour to your identity. The data we receive is aggregate and anonymised at the IP level. We do not use the remarketing, advertising, or user-ID features of GA4.
05
Clinical platform cookies
The ADMRL clinical platform (app.admrl.ai) uses only the cookies required to run a secure, authenticated session. No analytics, advertising, or third-party tracking cookies are present. Every cookie on the clinical platform is first-party, HttpOnly, and Secure-flagged.
| Cookie name |
Purpose |
Duration |
Type |
| admrl_session |
Authenticated session token. Keeps you logged in as you navigate between platform pages. Invalidated on sign-out or inactivity timeout. |
Session / configurable inactivity timeout |
Essential |
| admrl_refresh |
Secure token used to issue a new session token without requiring re-login, within the platform's configured session window. |
Configurable per organisation policy |
Essential |
| admrl_csrf |
Cross-site request forgery (CSRF) protection token. Included in all state-changing requests to verify they originate from the authenticated session. Required for platform security. |
Session |
Security |
| admrl_prefs |
Stores non-sensitive display preferences (e.g., sidebar state, report layout defaults). Does not contain clinical or patient data. |
12 months |
Essential |
These cookies are set on the app.admrl.ai domain only. They are not readable by admrl.ai or any third-party domain.
06
Third-party technologies
The following third-party services are integrated into our website. Each operates under its own privacy policy; we link to those policies below.
Google Analytics 4
Operated by Google LLC (Mountain View, California, USA). Used on admrl.ai only for aggregate traffic analysis. Not present on the clinical platform.
Cloudflare Turnstile
Operated by Cloudflare, Inc. (San Francisco, California, USA). Used on admrl.ai as a privacy-preserving CAPTCHA alternative to protect the waitlist and contact forms from automated submissions. Turnstile is designed to verify human visitors without behavioural fingerprinting or advertising tracking.
Cloudflare (network layer)
Both admrl.ai and app.admrl.ai are served through Cloudflare's network for DDoS protection and performance. Cloudflare may set essential security cookies (see section 03) and processes network request metadata (including IP addresses) as a data processor on ADMRL's behalf. Cloudflare does not use this data for advertising.
No other third parties
We do not embed social media sharing widgets, advertising networks, affiliate trackers, or third-party video players on either service. The technologies listed above are the complete set of third-party integrations that may set cookies or process network data when you use our services.
Australian law does not require opt-in consent before setting essential cookies. Analytics cookies on admrl.ai can be limited or blocked using the options below.
Browser cookie controls
All modern browsers allow you to view, block, or delete cookies. Blocking all cookies will prevent the clinical platform from operating (authentication requires session cookies) and may break some features on the marketing website. Instructions for common browsers:
Google Analytics opt-out
To block Google Analytics across all websites you visit, Google provides a browser add-on: tools.google.com/dlpage/gaoptout. Installing this add-on prevents the GA JavaScript from sharing data with Google Analytics.
Do Not Track
We respect the browser-level Do Not Track (DNT) signal. If your browser sends a DNT:1 header, we suppress the Google Analytics tag on admrl.ai for that session. DNT has no effect on essential or security cookies, which remain active regardless.
Clinical platform — essential cookies
The session, refresh, CSRF, and preference cookies on app.admrl.ai cannot be disabled without preventing the platform from operating. If you are a registered practitioner and have concerns about any platform cookie, please contact our Privacy Officer (see section 10).
08
Sensitive & health information
Health information is sensitive information under the Privacy Act 1988 (Cth) and is subject to heightened protections under APP 3 and APP 6.
No cookie on any ADMRL service contains, embeds, or encodes health information, clinical data, or patient identifiers. Session and authentication tokens are opaque random values with no clinical meaning.
Patient data entered into the clinical platform is stored in ADMRL's Australian-hosted database infrastructure, not in browser cookies or local storage. It is never transmitted to Google Analytics or any other third-party service.
Where a cookie on the clinical platform is associated with an authenticated practitioner account, the linkage between that cookie value and the practitioner's identity is held only in ADMRL's secure server-side session store — it is not readable from the cookie value itself.
Patient data protection
If you are a patient whose practitioner uses the ADMRL platform, your health data does not reach this website (admrl.ai) in any form. You would only encounter admrl.ai if you visited it directly. The cookie footprint of that visit is limited to Cloudflare security cookies and Google Analytics aggregate analytics — neither of which is linked to your clinical record.
09
Changes to this policy
We may update this Cookie Policy from time to time as our services evolve or as legal requirements change. When we do, we will update the version number and effective date at the top of this page. Where a change is material — such as introducing a new category of cookie — we will take reasonable steps to bring it to your attention, which may include a notice on the website or, for platform users, an in-app notification.
We encourage you to review this page periodically. Continued use of our services after a revised policy is published constitutes acceptance of the updated terms, to the extent permitted by applicable law.
If you have a question about this Cookie Policy, wish to exercise your rights under the Privacy Act 1988 (Cth) (including access to or correction of personal information we hold), or wish to make a privacy complaint, please contact our Privacy Officer:
- ADMRL Privacy Officer
- Email: privacy@admrl.ai
- Postal address
- ADMRL Pty Ltd, ACN 682 597 520
Please contact us by email for the current postal address.
We will acknowledge your enquiry within 5 business days and aim to respond fully within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
For clinical platform queries relating to health records specifically held by your treating practitioner's organisation, you may also have rights under relevant state health records legislation (for example, the Health Records Act 2001 (Vic) or the Health Records and Information Privacy Act 2002 (NSW)). Please contact your practitioner's organisation directly in those cases, or the relevant state authority.