Privacy Policy

1. About this policy

This Privacy Policy explains how The Mind Body Practice Pty Ltd(ABN 22 631 025 440), trading as PracticeSmart ("we", "us", "our"), collects, holds, uses, and discloses personal information through the PracticeSmart marketing website at practicesmart.com.au(the "Site").

We are committed to complying with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth).

2. What information we collect

We may collect the following personal information:

• Email address — when you subscribe to our mailing list or download a resource.
• Name — if you choose to provide it.
• Usage analytics — anonymised data about how you interact with the Site (pages visited, time on page, referral source). This data does not identify you personally.

We do not collect or process any clinical, health, or patient data through this Site.

3. How we collect information

We collect personal information directly from you when you voluntarily submit it — for example, by entering your email address in a subscription form. We may also collect anonymised usage data automatically through standard web analytics tools.

4. Why we collect your information

We collect personal information for the following purposes:

• To send you marketing emails about PracticeSmart products and updates.
• To deliver resources you have requested (e.g. cheat sheets, guides).
• To understand how visitors use the Site so we can improve it.
• To comply with our legal obligations under Australian law.

5. Anonymised and aggregated data

We may use anonymised, aggregated usage data for industry benchmarking and advisory reports. This data is stripped of any personally identifiable information and is only ever reported at a minimum cohort size of 20 or more practices, ensuring no individual or practice can be identified.

You may opt out of having your usage data included in aggregated reports at any time by contacting us. Opting out will not affect your access to any PracticeSmart product or service.

6. Third-party service providers

We use the following third-party providers to operate the Site and deliver our services:

• Resend — email delivery service. Your email address is shared with Resend to deliver marketing emails and resources. See Resend's Privacy Policy.
• Vercel — website hosting. See Vercel's Privacy Policy.
• Supabase — database and authentication services, hosted in the Sydney, Australia region (ap-southeast-2). See Supabase's Privacy Policy.

We do not sell, rent, or trade your personal information to any third party.

7. Data storage and residency

Your data is stored on Australian-hosted infrastructure. Our primary database is hosted with Supabase in the Sydney, Australia region (ap-southeast-2). Some service providers (Resend, Vercel) may process data in other jurisdictions. Where this occurs, we take reasonable steps to ensure that those providers maintain privacy protections consistent with the APPs.

8. Data security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These steps include encryption in transit (TLS), access controls, and regular security reviews.

In accordance with the Privacy Amendment (Notifiable Data Breaches) Act 2017, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals if we become aware of an eligible data breach that is likely to result in serious harm.

9. Your rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you.
• Correct any inaccurate or out-of-date information.
• Request deletion of your personal information (subject to any legal obligation to retain it).
• Unsubscribe from marketing emails at any time using the link in every email, or by contacting us directly.
• Opt out of anonymised data aggregation without affecting your access to our products.

To exercise any of these rights, email us at operations@mindbodypractice.info. We will respond within 30 days.

10. Australian Privacy Principles

We are bound by and comply with all 13 Australian Privacy Principles (APPs) set out in Schedule 1 of the Privacy Act 1988 (Cth):

1. Open and transparent management of personal information
2. Anonymity and pseudonymity
3. Collection of solicited personal information
4. Dealing with unsolicited personal information
5. Notification of the collection of personal information
6. Use or disclosure of personal information
7. Direct marketing
8. Cross-border disclosure of personal information
9. Adoption, use, or disclosure of government-related identifiers
10. Quality of personal information
11. Security of personal information
12. Access to personal information
13. Correction of personal information

11. Cookies and tracking

The Site may use essential cookies for functionality and analytics cookies to understand usage patterns. You can control cookie settings through your browser preferences. Disabling cookies may affect the functionality of the Site.

12. Complaints

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint by emailing operations@mindbodypractice.info. We will investigate your complaint and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

13. Changes to this policy

We may update this Privacy Policy from time to time. We will notify subscribers of material changes via email. The latest version will always be available at this page.

14. Contact us

If you have questions about this Privacy Policy or how we handle your personal information, contact us:

• Email: operations@mindbodypractice.info
• Entity: The Mind Body Practice Pty Ltd
• ABN: 22 631 025 440