Privacy Policy

1. Introduction

PracticeSafe ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our training platform and services. This policy complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Name and email address
• Organization/employer name (optional)
• Payment information (processed securely by Stripe)
• Training progress and assessment results
• Certificate information and validation codes
• Login and access history
• Email verification and password reset tokens (temporary)
• Voucher redemption codes and usage history

2.2 Technical Information

We automatically collect:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on platform
• Referral source and entry pages
• Video watch progress (percentage completed, timestamps)
• Quiz interactions and individual question responses
• Test submission history including all answers and attempts
• Failed question analytics for platform improvement
• Module completion rates and time taken to complete courses

2.3 Administrative and Security Data

For security and compliance purposes, we collect:

• Admin action audit logs including IP addresses, user agents, and timestamps
• Email delivery status, bounce notifications, and complaint tracking
• Payment processing metadata and refund records
• Security event logs and access attempt records

2.4 Cookies and Tracking

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze usage patterns. You can control cookie settings through your browser, but some features may not function properly if cookies are disabled.

3. How We Use Your Information

We use collected information for:

• Providing and managing training services and module access
• Processing payments, refunds, and issuing certificates
• Tracking course progress and maintaining training records
• Sending certificate expiry notifications and reminders (30-day and 7-day warnings)
• Communicating service updates, support responses, and transactional emails
• Analyzing platform usage and training effectiveness through analytics
• Identifying difficult content through failed question tracking
• Improving our platform, course content, and user experience
• Managing voucher redemptions and bulk training programs
• Complying with legal obligations and record-keeping requirements (7-year certificate retention)
• Preventing fraud, abuse, and ensuring platform security
• Conducting internal audits and monitoring admin actions
• Generating compliance reports for employers and organizations

4. Information Sharing and Disclosure

4.1 Certificate Verification

Certificate information (name, module completed, completion date, validation code) may be publicly verified by employers, regulatory authorities, or other parties using our verification system. This is necessary for certificate authenticity validation.

4.2 Service Providers

We share information with trusted third-party service providers who assist in operating our platform:

• Vercel: Website hosting and deployment
• AWS (Amazon Web Services): Data storage, video hosting, and email services
• Stripe: Secure payment processing

These providers are contractually obligated to protect your information and use it only for the specified services.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.

4.4 Employer Reporting

If your training is sponsored by an employer or organization, we may provide them with reports on your progress, completion, and certification status as per their agreement with us.

5. Data Storage and Security

5.1 Data Location

Your data is primarily stored in Australia and the United States using AWS services in the Asia Pacific (Sydney) region where possible. Some services may store data in other regions.

5.2 Security Measures

We implement industry-standard security measures including:

• Encryption of data in transit (HTTPS/TLS)
• Secure password hashing
• Regular security audits and updates
• Access controls and authentication
• Secure payment processing (PCI DSS compliant via Stripe)

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5.3 Data Retention

We retain your personal information for as long as necessary to provide services and comply with legal obligations. Certificate records are retained for 7 years for audit and compliance purposes. You may request deletion of your account, subject to our legal retention requirements.

6. Your Rights and Choices

Under Australian privacy law, you have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account (subject to legal requirements)
• Opt-out: Unsubscribe from marketing emails (certificate notifications will continue)
• Portability: Request export of your training records
• Complaint: Lodge a complaint about privacy practices

To exercise these rights, contact us at support@practicesafe.com.au. We will respond within 30 days.

7. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

8. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies before providing any information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the platform. Continued use after changes constitutes acceptance of the updated policy. The "Last updated" date at the top indicates when changes were made.

10. Complaints and Contact

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):