Privacy Policy
Effective Date: February 17, 2026
Welcome to The Care First Physiotherapy Service (ABN: 65114676757).
We are deeply committed to protecting your privacy and securing your personal and sensitive health information while you use our “Spine Resilience Protocol” and digital health platform. This Privacy Policy is strictly aligned with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and adheres to the confidentiality guidelines set forth by the Australian Health Practitioner Regulation Agency (AHPRA).
1. Information We Collect
To provide you with clinical-grade physiotherapy and a seamless digital experience, we collect data across three primary categories:
- Personal Identity Data: Your full name, email address, phone number, and residential address (collected during application submissions or account creation).
- Sensitive Clinical Data: Your medical history, musculoskeletal conditions (e.g., Osteoarthritis, Osteoporosis), surgical history, current medications, and biometric data gathered during the “Spinal Audit” video analysis. This information is collected exclusively with your explicit, informed consent.
- Technical & Telemetry Data: When you access our Headless LMS and website, we automatically collect IP addresses, browser types, device information, session durations, and course progress tracking to ensure platform stability and optimal content delivery.
2. How We Collect Your Data
- Directly from You: Via our intelligent intake forms (Application/Quiz), 1:1 Telehealth video sessions, and clinical assessments.
- Automatically: Through cookies, server logs, and tracking pixels when you navigate our digital ecosystem (website and LMS dashboard).
3. How We Use Your Data
Your data is utilized strictly to facilitate effective clinical outcomes and maintain platform security:
- Clinical Delivery: To customize your 12-Week Spine Resilience Protocol and make informed, clinical-grade decisions regarding your kinetic chain rehabilitation.
- Service Provision: To manage your LMS portal access, deliver course modules (drip-feed content), and send automated operational communications (e.g., appointment reminders, onboarding instructions).
- Payment Processing: To securely facilitate High-Ticket transactions and payment plans via certified gateways (e.g., Stripe). We do not store your raw credit card details on our servers.
- System Optimization: To analyze platform performance and improve our zero-latency user experience.
4. Third-Party Integrations & Data Sharing
We do not sell, rent, or trade your personal or clinical data. To operate our sophisticated health-tech infrastructure, we integrate with industry-leading, highly secure third-party processors:
- GoHighLevel (CRM): For secure client communication, appointment scheduling, and automated SMS/Email pipelines.
- Stripe: For PCI-DSS compliant financial transactions.
- LearnDash / Custom LMS: For hosting educational curriculum and tracking your rehabilitation progress.
- Meta Conversions API (CAPI) & Google Analytics: Utilized strictly for server-side marketing attribution. IMPORTANT: We only transmit anonymized, technical conversion signals (e.g., a completed booking or purchase). Your sensitive medical data and clinical history are NEVER shared with advertising networks.
5. Data Security Architecture
Protecting your digital health footprint is our highest priority. Our infrastructure employs enterprise-grade security protocols:
- Encryption: All data transmitted between your device and our servers is secured via SSL/TLS end-to-end encryption.
- Infrastructure: Our databases are shielded by advanced firewalls, server-side security protocols, and strict access controls.
- Access Limitation: Sensitive clinical data is restricted exclusively to certified healthcare practitioners involved directly in your care.
6. Your Rights & Control
Under Australian privacy laws, you retain full sovereignty over your personal data:
- Right to Access: You may request a copy of the personal and clinical data we hold about you.
- Right to Correction: You may request updates to any inaccurate or outdated information.
- Right to Erasure (Right to be Forgotten): You may request the deletion of your account and associated data, provided it does not conflict with our mandatory medical record retention obligations under Australian law.
- Right to Opt-Out: You may unsubscribe from any non-essential marketing communications at any time.
7. Policy Updates
As our digital platform evolves and legal frameworks are updated, we may revise this Privacy Policy. Any significant architectural or legal changes will be communicated to you via your registered email address or an active notification on our platform.
8. Contact Our Data Controller
If you have any questions regarding this Privacy Policy or wish to exercise your data rights, please contact us at:
- Email: info@thecarefirstphysiotherapyservice.com.au
- Phone: 0431949491
- Website: thecarefirstphysiotherapyservice.com.au
- Business: The Care First Physiotherapy Service (ABN: 65114676757)