Privacy Policy

1. Introduction

Postnatal Recovery (“we”, “us”, “our”) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and online program (the “Service”).

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and applicable state and territory health records legislation.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, and password when you create an account
• Health assessment data: weeks postpartum, delivery type, GP clearance status, symptom ratings (pelvic heaviness, urinary incontinence, back pain, pain during intimacy), diastasis recti assessment, pelvic floor awareness, and recovery goals
• Program progress: completed sessions, streaks, and exercise minutes
• Payment information: processed securely by Stripe; we do not store your credit card details

2.2 Information Collected Automatically

• Device type, browser type, and operating system
• IP address and approximate location (country level)
• Pages visited, time spent, and interaction data
• Referring website or source

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Track your program progress and display your achievements
• Process payments and manage your account
• Send transactional emails (account confirmation, password resets, program updates)
• Improve the Service based on usage patterns
• Respond to your enquiries and support requests
• Comply with legal obligations

We will never sell your personal information or health data to third parties.

4. Health Information

We recognise that health assessment data is sensitive information under the Privacy Act. We handle this information with additional care:

• Health data is collected only with your explicit consent during the onboarding assessment
• Health data is used solely to display your profile information back to you and to improve the program
• Health data is stored securely with encryption at rest and in transit
• You can request deletion of your health data at any time

5. Third-Party Services

We use the following third-party services:

• Supabase (database and authentication) — data stored in Australia/Singapore region
• Stripe (payment processing) — PCI DSS Level 1 compliant
• Vercel (website hosting) — data processed in accordance with their privacy policy
• Vimeo (video hosting) — for exercise video delivery

Each service has its own privacy policy. We encourage you to review their policies.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it by law.

Payment records are retained for 7 years in accordance with Australian tax requirements.

7. Your Rights

Under Australian privacy law, you have the right to:

• Access your personal information held by us
• Correct inaccurate or incomplete information
• Delete your personal information (subject to legal retention requirements)
• Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Privacy Act

To exercise any of these rights, contact us at hello@postnatalrecovery.com.au.

8. Cookies

We use essential cookies to maintain your login session and remember your preferences. These are strictly necessary for the Service to function and cannot be disabled.

We may also use analytics cookies to understand how the Service is used. You can opt out of analytics cookies through your browser settings.

9. Security

We implement appropriate technical and organisational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL)
• Encryption of data at rest
• Row-level security policies on database access
• Regular security updates and monitoring
• Limited access to personal data on a need-to-know basis

10. Children's Privacy

This Service is intended for adults aged 18 and over. We do not knowingly collect personal information from children under 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Your continued use of the Service after any changes constitutes acceptance of the updated policy.