User Data Deletion

User Data Deletion & Retention Policy

Effective Date: February 17, 2026

At The Care First Physiotherapy Service (ABN: 65114676757), we deeply respect your digital sovereignty and your right to be forgotten under the Australian Privacy Principles (APPs).

However, as a specialized clinical practice governed by the Australian Health Practitioner Regulation Agency (AHPRA), we operate under strict medico-legal data retention laws. This policy clearly outlines the distinction between the data you can instantly delete and the clinical data we are legally mandated to retain.

1. Data Eligible for Immediate Erasure

You have the absolute right to request the immediate deletion of your marketing and non-clinical footprint from our digital ecosystem. Upon request, we will scrub the following from our CRM (GoHighLevel), LMS servers, and tracking networks (Meta CAPI/Google):

  • Marketing & Communications: Removal from all promotional email lists, SMS campaigns, and newsletter databases.
  • LMS Account Data: Deletion of your login credentials and standard profile information on our learning portal (provided you have completed or terminated your protocol).
  • Analytics & Telemetry: Purging of any identifiable tracking cookies or server-side marketing identifiers associated with your IP address.

2. Data Exempt from Immediate Erasure (Mandatory Retention)

Under Australian healthcare laws and financial regulations, we cannot delete certain records upon request. The following data must be securely retained for a minimum of seven (7) years from the date of your last interaction:

  • Clinical Records: Intake forms, medical history, “Spinal Audit” video assessments, and clinician treatment notes (Mandated by AHPRA).
  • Financial Transactions: High-Ticket transaction logs, invoices, and payment histories processed via Stripe (Mandated by the Australian Taxation Office – ATO).

Once the mandatory 7-year retention period expires, these records are automatically and permanently destroyed using enterprise-grade cryptographic scrubbing.

3. How to Submit a Deletion Request

To exercise your right to erasure for eligible data, please use the secure Data Deletion Request Form below.

Alternatively, you may email our Data Protection Team directly at info@thecarefirstphysiotherapyservice.com.au with the subject line: “DATA DELETION REQUEST – [Your Full Name]”. For your security, all requests undergo a strict identity verification process before any data is purged. We aim to process all verified erasure requests within 14 business days.

Secure Data Erasure Portal

Notice: By submitting this form, you understand that clinical and financial records cannot be legally deleted prior to their 7-year statutory retention period.