Source repository access and usage

This policy governs the access requirements to the HeartAI source repository, which is managed as a private repository hosted by GitHub. This policy also specifies the expected use of this repository and corresponding HeartAI source code. The governance of this policy typically applies to HeartAI administrators and developers in relation to their ongoing access and use of repository source code and corresponding assets, but also applies more generally to user access to these resources, including non-commercial and commercial access.

Policy

  1. In relation to access to the HeartAI source repository:
    1.1. The HeartAI source repository is hosted as a private repository through GitHub. The private nature of this repository necessitates an access control mechanism that requires users of the repository to have a specified level of assigned permissions in order to access the repository.
    1.2. Assignment of the necessary permissions to access the repository is possible by invitation from or by requesting to HeartAI administrators. In either case, the purposes of access should be specified and where appropriate the period of access should be specified.
    1.3. To accept an invitation or to request access, the user must communicate with HeartAI administrators with the email address with which the user also proposes to use for access to the repository.
    1.4. Before access is granted, the user must read and understand this policy, and provide acknowledgement that this policy is agreed to using the same email address with which access is proposed.
    1.5. HeartAI reserves the right to modify or revoke user access at any time.
    1.6. If the access of a user ceases or is revoked the user must securely remove all HeartAI source code and associated resources from their devices or any other mechanism of access.
  2. In relation to potential sensitive information:
    2.1. Exposure to potentially sensitive information should be minimised within the HeartAI source code repository. This includes but is not limited to information such as passwords, credentials, personal details, identity details, and general confidential information relating to HeartAI or any collaborating organisations or persons.
    2.2. If at any time a user discovers potentially sensitive information within the source code repository, this discovery must be reported immediately to HeartAI administrators.
  3. In relation to the protection of HeartAI rights:
    3.1. The HeartAI source code and corresponding resources may be used freely for non-commercial or research purposes. However, any potentially commercial use of these assets, or following from the use of these assets, whether intentional or incidental, must allow for the maximum utility of rights associated to HeartAI Pty Ltd generally.
    3.2. HeartAI Pty Ltd reserves all rights associated with access to and use of the HeartAI source code repository and corresponding resources.
    3.3. The HeartAI source code and corresponding resources should not be transported beyond the immediate device environment of the user without the consent of an authorised representative of HeartAI Pty Ltd.
    3.4. HeartAI Pty Ltd reserves the right to modify or revoke the allowances made by this policy at any time. For HeartAI employees and for instances where a formal partnership exists, this policy is governed by obligations to inform these parties of any changes of significant substance.
  4. In relation to the ongoing review of this policy:
    4.1. This policy should be reviewed at least every 6 months. This review should assess the appropriateness of the existing policy, and should propose any modifications or extensions to the policy where needed.
    4.2. Modifications or extensions to this policy should be reviewed and approved by corresponding governing authorities.
    4.3. This policy welcomes suggestions and feedback.
  5. In relation to the governance and compliance of this policy:
    5.1. This policy must be understood and agreed to by HeartAI administrators and developers before the approval of access to HeartAI platform components.
    5.2. Where this policy does not provide a specification to, or conflicts with, a mandated SA Health or SA Government policy, the existing SA Health or SA Government policy will take precedence. HeartAI administrators will resolve policy deficits by approved modification or extension to HeartAI policy.
    5.3. HeartAI administrators are responsible for ensuring that this policy is compliant with SA Health and SA Government policies.