1. About This Policy

This policy applies to:

• practitionerpro.com and all associated sub-domains (including app.practitionerpro.com)
• The PractitionerPro platform and all features accessible within it
• Marketing communications sent by PractitionerPro
• All interactions between PractitionerPro and natural health practitioners who subscribe to the platform

2. Who We Are

PractitionerPro is operated by Brandwithin Pty Ltd (ABN: 76 374 593652), a company registered in New South Wales, Australia.

Correspondence address: 6/7-9 Flood Street, Bondi NSW 2026, Australia
Contact email: hq@practitionerpro.com

3. What Personal Information We Collect

3.1 Information You Provide to Us

When you register for or use the PractitionerPro platform, we may collect:

• Your name, professional title, and modality (e.g., naturopath, nutritionist, herbalist)
• Business name and practice address
• Contact details including email address and phone number
• Billing information (processed securely via Stripe — we do not store card numbers)
• Login credentials (passwords are encrypted and never stored in plain text)
• Information you provide during onboarding, support requests, or feedback surveys
• Communications you send to us via email, phone, or in-platform messaging

3.2 Information We Collect Automatically

When you use the platform, we may automatically collect:

• IP address and device information
• Browser type and operating system
• Pages visited and features used within the platform
• Session duration and click-through behaviour
• Referring URLs

This information is collected via cookies, log files, and similar technologies. See Section 9 (Cookies) for more detail.

3.3 Information About Your Patients and Clients

As a PractitionerPro subscriber, you may input or collect personal information about your patients and clients within the platform (for example, their name, email address, phone number, and appointment history). This information belongs to you as the data controller. We process it solely on your instructions as your data processor and do not use it for our own purposes.

4. How We Use Personal Information

We use the personal information we collect to:

• Create and manage your PractitionerPro account
• Deliver the platform and all features included in your subscription
• Process payments and manage your billing relationship
• Send transactional communications (account setup, payment receipts, password resets)
• Provide customer support and respond to your enquiries
• Send product updates, platform announcements, and relevant educational content (where you have consented)
• Improve and develop the platform based on aggregate usage data
• Comply with our legal obligations
• Detect and prevent fraud, abuse, or security incidents

5. Disclosure of Personal Information

5.1 Service Providers

We engage trusted third-party service providers who assist us in operating the platform. These providers process personal information on our behalf under contractual obligations of confidentiality. They include:

• GoHighLevel Inc. (platform infrastructure, United States)
• Stripe Inc. (payment processing, United States)
• Mailgun Technologies (email delivery, United States)
• Twilio Inc. or LC Phone (SMS services, United States)
• Google LLC (analytics, calendar integration)

Some of these providers are located outside Australia. Where we transfer personal information overseas, we take reasonable steps to ensure the recipient handles it in accordance with the Australian Privacy Principles or equivalent standards.

5.2 Legal Requirements

We may disclose personal information if required to do so by law, court order, or regulatory authority, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of PractitionerPro, our subscribers, or others.

5.3 Business Transfers

If PractitionerPro or Brandwithin Pty Ltd is acquired, merged, or its assets are sold, personal information held by us may be transferred to the acquiring entity. You will be notified of any such transfer.

6. Marketing Communications

We may send you marketing and educational content by email or SMS where:

• You have subscribed to receive such communications, or
• You are an existing subscriber and the content relates to our platform or services (where permitted under the Spam Act 2003)

Every marketing communication we send includes a clear and functional unsubscribe mechanism. You may opt out at any time by:

• Clicking the unsubscribe link in any marketing email
• Replying STOP to any marketing SMS
• Emailing hq@practitionerpro.com with your unsubscribe request

Unsubscribing from marketing communications will not affect transactional messages related to your account (such as payment receipts or password resets), which we are required to send as part of our service.

7. Data Security

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

• Encryption of data in transit (TLS/HTTPS across all platform domains)
• Encrypted storage of passwords
• Role-based access controls within the platform
• Regular security monitoring and vulnerability assessments
• Data processing agreements with all third-party service providers

No method of electronic transmission or storage is completely secure. While we take all reasonable precautions, we cannot guarantee the absolute security of your personal information. If you suspect a security incident involving your account, please contact us immediately at hq@practitionerpro.com.

8. Data Retention

We retain personal information for as long as necessary to provide our services and meet our legal obligations. Specifically:

• Account information is retained for the duration of your subscription and for up to 7 years after account closure to meet financial record-keeping obligations under Australian taxation law
• Support and communication records are retained for up to 3 years
• Usage and analytics data may be retained in aggregated, de-identified form indefinitely

When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.

9. Cookies

The PractitionerPro website and platform use cookies and similar technologies to:

• Keep you logged in to the platform
• Remember your preferences
• Analyse how the platform is used (via aggregated analytics)
• Enable certain platform features

You may configure your browser to refuse cookies, but doing so may limit the functionality of the platform. We do not use cookies for third-party advertising purposes.

10. Your Privacy Rights

Under the Privacy Act 1988 and the Australian Privacy Principles, you have the right to:

10.1 Access

Request access to the personal information we hold about you. We will respond to access requests within 30 days.

10.2 Correction

Request correction of personal information that is inaccurate, incomplete, or out of date. You may also update your account information directly within the platform at any time.

10.3 Complaint

Lodge a complaint if you believe we have handled your personal information in breach of the Australian Privacy Principles. See Section 12 (Complaints) for the process.

10.4 Opt-Out of Marketing

Withdraw your consent to receive marketing communications at any time. See Section 6 for how to do this.

To exercise any of these rights, contact us at hq@practitionerpro.com or write to us at our postal address. We may need to verify your identity before fulfilling a request.

11. Children's Privacy

PractitionerPro is a professional SaaS platform designed for use by health practitioners. It is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately and we will take steps to delete it.

12. Complaints

If you have a concern or complaint about how we have handled your personal information, please contact us first:

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the platform, or applicable law. When we make material changes, we will notify you by:

• Posting the updated policy at practitionerpro.com/privacy-policy
• Sending an email notification to all active subscribers
• Updating the effective date at the top of this document

Your continued use of the platform following notification of changes constitutes your acceptance of the updated policy.

14. Contact Us

For any questions, requests, or concerns relating to this Privacy Policy: