Privacy Policy

1. Introduction

Pages.Health (“we”, “us”, “our”) is committed to protecting the privacy of our users and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth), as well as applicable state and territory health records legislation.

2. Information We Collect

2.1 Information You Provide

• Account registration details (name, email address, phone number)
• Professional credentials (AHPRA registration number, Medicare provider number, ABN)
• Practice information (facility address, operating hours, services offered)
• Payment and billing information (processed securely via Stripe)
• Content you provide for your website (biography, qualifications, photos)
• Communications with our support team

2.2 Information Collected Automatically

• Device information (browser type, operating system, device identifiers)
• Log data (IP address, access times, pages viewed)
• Usage analytics (features used, time spent on platform)
• Cookies and similar tracking technologies

2.3 Information from Third Parties

• AHPRA registration verification data
• ABN lookup verification via Australian Business Register
• Payment processing data from Stripe

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our platform services
• Generate and host your medical practice website
• Process payments and manage your subscription
• Verify your professional credentials and compliance status
• Send transactional emails (account updates, billing, support)
• Improve our platform through analytics and user feedback
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and regulatory requirements

4. Disclosure of Information

We may share your information with:

• Service Providers: Third-party vendors who assist us in operating our platform (hosting, payment processing, email services, analytics)
• Regulatory Bodies: AHPRA, Medicare Australia, or other regulators when required by law or to verify credentials
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organisational measures to protect your information:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Secure data centres located in Australia
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Employee training on data protection
• Incident response and data breach procedures

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. After account closure, we retain data for a period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Financial records are retained for 7 years in accordance with Australian taxation requirements.

7. Your Rights

Under Australian Privacy Principles, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Portability: Request your data in a portable format
• Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, please contact us using the details provided below.

8. Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Required for platform functionality and security
• Analytics cookies: Help us understand how users interact with our platform
• Preference cookies: Remember your settings and preferences

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

9. Third-Party Services

Our platform integrates with the following third-party services:

• Stripe: Payment processing (PCI DSS compliant)
• Supabase: Database and authentication services
• Mapbox: Location and mapping services (telemetry disabled)
• Resend: Transactional email delivery
• Google Gemini: Content generation

Each third-party service has its own privacy policy governing the use of your information.

10. Children's Privacy

Our platform is intended for use by healthcare professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.