Privacy Policy

Last Updated: July 31, 2025

At onPsych, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you access or use our website onpsych.com.au, mobile application, APIs, or related services (collectively, the “Service”). By using the Service, you consent to the data practices described in this Policy.

1. Information We Collect

We collect the following categories of information:

1.1 Information You Provide

Information We Collect

We collect a range of information to deliver our services and support your experience. This includes:

  • Account Information: When you register or create an account, we collect details such as your name, email address, username, password, date of birth, and any optional profile information (for example, photo or bio).
  • User Content: Content you submit through the Service, including posts, comments, messages, reviews, or any files uploaded.
  • Communications: Information from your interactions with us, such as emails, support tickets, and customer service communications.
  • Forms and Surveys: Your responses to forms, questionnaires, or promotional surveys we may issue.
  • Payment Information: If you make purchases, we collect necessary payment details (such as credit card number and billing address) through our trusted third-party payment processors; we do not store full payment card details on our systems.
  • Health and Sensitive Information Collection:
    As a provider of mental health and disability support services, we also collect specific health-related information to facilitate access and appropriate care. This includes referrals from General Practitioners (GPs) and documented consent from parents or legal guardians where required, especially for clients who are minors. Collecting this information enables us to manage eligibility for bulk billing under Medicare and to coordinate services covered under the National Disability Insurance Scheme (NDIS), ensuring clients receive the appropriate funded support.

We collect and handle this sensitive information in accordance with the Australian Privacy Principles established under the Privacy Act 1988 (Cth) and relevant healthcare regulations, which require us to obtain informed consent and ensure the confidentiality and security of personal health information. This ensures compliance with national data protection standards while providing you with high-quality, lawful, and supportive care.

1.2 Information We Collect Automatically

  • Device and Usage Data:
    • IP address, browser type and version, operating system, device type, and unique device identifiers.
    • Pages visited, time spent on the Service, clickstream data, and referral URLs.
    • Location data (e.g., city or country inferred from IP address), unless you provide precise location data with consent.
  • Log Data: Server logs capturing access times, errors, and interactions with the Service.
  • Analytics Data: Aggregated or anonymized data about Service usage, such as feature popularity or user trends.

1.3 Information from Third Parties

  • Social Media: If you log in or connect via third-party platforms (e.g., Google, Facebook), we may collect your profile name, email, or other information shared by those platforms, subject to their privacy settings.
  • Partners and Vendors: Data from advertising partners, analytics providers, or other service providers to enhance the Service or deliver targeted ads.
  • Public Sources: Information available publicly, such as social media posts, if relevant to the Service.

2. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To operate, maintain, and provide the Service, including account management, content display, and feature functionality.
  • Personalization: To tailor content, recommendations, or ads based on your preferences, usage, or interests.
  • Communications:
    • Respond to your inquiries or provide customer support.
    • Send transactional emails (e.g., account verification, password resets).
    • Send promotional emails, newsletters, or offers (with your consent where required).
  • Security and Fraud Prevention: To detect, investigate, and prevent unauthorized access, fraud, or abuse of the Service.
  • Analytics and Improvement: To analyze usage trends, monitor performance, and improve the Service’s functionality, user experience, or security.
  • Legal Compliance: To comply with applicable laws, regulations, or legal processes
  • Business Operations: To manage billing, process payments, or conduct internal audits.

3. How We Share Your Information

We may share your information as follows:

3.1 With Service Providers

  • We engage third-party vendors to perform functions such as hosting, cloud storage, payment processing, email delivery, analytics, or customer support.
  • These providers access only the information necessary to perform their services and are contractually obligated to protect your data.

3.2 With Business Partners

  • With your consent, we may share data with partners for co-branded promotions, marketing campaigns, or integrated services.
  • For example, if you participate in a partner-hosted contest, we may share your entry details.

3.3 For Legal Purposes

  • We may disclose your information to:
    • Comply with legal obligations (e.g., court orders, tax reporting).
    • Respond to law enforcement requests.
    • Protect our rights, property, or safety, or that of our users or third parties.
    • Investigate violations of our Terms.

3.4 In Business Transfers

  • If we undergo a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity, subject to equivalent privacy protections.

3.5 With Your Consent

  • We may share your information for other purposes if you explicitly consent (e.g., sharing your profile with other users).

3.6 Aggregated or Anonymized Data

  • We may share aggregated or anonymized data (e.g., usage statistics) that cannot identify you for research, marketing, or other purposes.

Note: We do not sell your personal information to third parties for their own marketing purposes, as defined under applicable laws like the CCPA.

4. Cookies and Tracking Technologies

4.1 What We Use:

  • Cookies: Small text files stored on your device to remember preferences, authenticate sessions, or track usage.
  • Web Beacons/Pixels: Embedded images in emails or pages to track opens or clicks.
  • Analytics Tools: Services like Google Analytics to analyze traffic and behavior.
  • Advertising Tools: Third-party ad networks to deliver targeted ads based on your interests.
  • 4.2 Purposes: We use these technologies to:
  • Ensure the Service functions properly (e.g., maintaining login sessions).
  • Analyze usage patterns and optimize performance.
  • Deliver personalized content or ads.
  • Measure the effectiveness of marketing campaigns.
  • 4.3 Your Choices:
  • Adjust cookie preferences via our cookie consent tool (if applicable) or your browser settings.
  • Opt out of targeted ads through platforms like the Digital Advertising Alliance (DAA) or Network Advertising Initiative (NAI).
  • Note: Disabling cookies may affect Service functionality.

5. Your Choices and Rights

5.1 Account Management:

  • Update or correct your account information via your profile settings.
  • Request account deletion by contacting us at contact@onpsych.com.au. Deletion may take up to 30 days, and some data may be retained as required by law.
  • 5.2 Marketing Communications:
  • Opt out of promotional emails by clicking the “unsubscribe” link or contacting us at contact@onpsych.com.au
  • You may still receive transactional or service-related emails.
  • 5.3 Data Rights: Depending on your jurisdiction (e.g., GDPR, CCPA), you may have the right to:
  • Access: Request a copy of your personal information.
  • Correction: Request corrections to inaccurate or incomplete data.
  • Deletion: Request deletion of your data, subject to legal exceptions.
  • Restriction: Request limits on how we process your data.
  • Objection: Object to processing for certain purposes (e.g., direct marketing).
  • Portability: Receive your data in a machine-readable format.
  • Opt-Out of Sales: Opt out of the “sale” of your information (if applicable).
  • Non-Discrimination: We will not discriminate against you for exercising your rights.
  • 5.4 Exercising Rights: Submit requests at [support email]. We may verify your identity (e.g., by confirming your email) before processing. Responses typically take 30–45 days, per legal requirements.
  • 5.5 Do Not Track: Some browsers support “Do Not Track” (DNT) signals. We do not currently respond to DNT signals but offer other opt-out options as described above.

6. Data Security

6.1 Measures: We implement industry-standard technical and organizational measures to protect your information, such as:

  • Encryption (e.g., SSL/TLS) for data in transit.
  • Access controls and authentication for data at rest.
  • Regular security audits and vulnerability assessments.
  • 6.2 Limitations: No system is 100% secure. We cannot guarantee absolute protection against unauthorized access, breaches, or cyberattacks.
  • 6.3 Your Responsibilities: You are responsible for using strong passwords, securing your devices, and not sharing your credentials.

7. Data Retention

7.1 Retention Period: We retain your information only as long as necessary for the purposes described in this Policy, or as required by law. For example:

  • Account data is retained while your account is active and up to 6 months after deletion, unless required longer for legal purposes.
  • Usage data may be retained for up to 2 years for analytics.
  • Financial records are retained for 7 years per tax laws.
  • 7.2 Deletion Requests: You may request data deletion at [support email]. We will delete your data unless retention is required for legal, security, or operational reasons.

8. International Data Transfers

8.1 Cross-Border Transfers: Your information may be processed or stored in countries outside your jurisdiction (e.g., the United States), which may have different data protection laws.

8.2 Safeguards: We use safeguards like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) to ensure compliance with laws like GDPR for international transfers.

8.3 Risks: By using the Service, you consent to such transfers, acknowledging potential risks due to varying legal protections.

9. 9. Children’s Privacy

9.1 Access by Children and Young People
Our services are available to individuals of all ages, including children and young people. In accordance with Australian law and best practice guidelines in healthcare and education, individuals under 18 years of age are required to access and engage with our services only with the knowledge and involvement of a parent, legal guardian, or an appropriate responsible adult (such as a teacher, carer, or support worker).

9.2 Parental or Guardian Consent
Protecting the privacy of minors is a priority. By accessing or using our services, you affirm that if you are under 18 years of age, you have obtained all necessary and informed consent from a parent, legal guardian, or responsible adult prior to engagement. Where required, we will obtain verifiable parental or guardian consent before collecting or processing personal information from minors. We may request evidence of such consent to meet our legal and ethical obligations concerning privacy and child safety.

9.3 Handling of Data from Children
We do not knowingly collect personal information from children under the age of 18 without appropriate consent. If we discover that personal information has been collected from a child without the required consent, we will promptly delete such data. If you believe that we have inadvertently collected personal information without consent, please contact us immediately at contact@onpsych.com.au so we can take swift action.

9.4 Jurisdictional Compliance
Our services comply with applicable Australian laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you are accessing our services from jurisdictions with additional data protection requirements (such as the European Union’s GDPR), you are responsible for ensuring your use complies with those laws.

10. Third-Party Links and Services

10.1 External Sites: The Service may contain links to third-party websites, apps, or services (e.g., social media, payment processors). We are not responsible for their privacy practices or content.

10.2 Review Policies: Review the privacy policies of third-party services before providing personal information.

10.3 Embedded Content: Third-party content (e.g., YouTube videos, ads) may use their own tracking technologies, subject to their policies.

13. Changes to This Policy

13.1 Updates: We may revise this Policy to reflect changes in our practices, technology, or legal requirements.

13.2 Notification: We will notify you of material changes by:

  • Posting the updated Policy on the Service.
  • Sending an email to your registered address.
  • Displaying a notice on the Service.
  • Providing at least 30 days’ notice before changes take effect, unless required sooner by law.
    13.3 Acceptance: Your continued use of the Service after the updated Policy takes effect constitutes your consent. If you do not agree, stop using the Service.

14. Contact Us

For questions, concerns, or to exercise your rights under this Policy, please contact us at:

  • Email: contact@onpsych.com.au