Privacy Policy
Last updated: 05/07/2026
Fit'n'Well Hub ("we", "us", "our") respects your privacy and is committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). This policy explains what we collect, why, how we use and disclose it, and the rights you have.
1. What we collect
- Identity & contact: name, email, phone, suburb, state.
- Account & profile: password (hashed), display name, photo, role (Client/Provider).
- Provider business info: ABN, business name, services, pricing, qualifications, insurance details.
- Booking & transaction: bookings, messages, reviews, refunds.
- Payment data: card details are entered directly with our PCI-compliant processor Stripe — we never see or store your full card number.
- Health-related information (sensitive): only when you choose to provide it at booking (e.g. injury notes, NDIS plan info). We only collect this with your consent and use it solely to deliver the requested service.
- Technical: IP address, device, browser, cookies, analytics events.
2. Why we collect it (purpose)
To create and operate your account; to facilitate bookings, payments and communication between Clients and Providers; to send service emails (confirmations, reminders); to keep the marketplace safe and compliant; to improve the Platform; and to meet our legal and tax obligations.
3. Lawful basis & consent
We collect personal information with your consent (e.g. when you sign up or book), to perform a contract with you (e.g. to deliver a booking), or where required by Australian law. Sensitive health information is only collected with your explicit consent.
4. Who we share with
- The Provider you book receives the information needed to deliver the service (name, contact, booking details, any notes you provide).
- Service providers acting for us: Stripe (payments), Supabase (database & auth hosting), email/SMS delivery, analytics. They are bound by contract to use your data only to provide their service to us.
- Law enforcement or regulators where we are legally required.
- A buyer if the business is sold (we will notify you).
- We do not sell your personal information.
5. Overseas transfers
Some of our service providers (e.g. Stripe, Supabase, email infrastructure) process data on servers located outside Australia, including in the United States and the European Union. We take reasonable steps to ensure overseas recipients handle your data consistently with the APPs.
6. Data retention
We retain personal information only for as long as needed for the purposes above or as required by law (e.g. tax records for 7 years). When no longer needed we delete or de-identify it.
7. Security
We use encryption in transit (HTTPS/TLS), encrypted database storage, role-based access controls, and PCI-DSS compliant payment processing via Stripe. No system is 100% secure — please use a strong, unique password.
8. Cookies & analytics
We use essential cookies to keep you logged in and limited analytics to understand how the Platform is used. See our Cookie Policy for details and choices.
9. Marketing
We will only send you marketing emails if you have opted in. You can unsubscribe at any time via the link in any marketing email, in line with the Spam Act 2003 (Cth).
10. Your rights under the APPs
You may (a) request access to the personal information we hold about you; (b) correct inaccurate information; (c) request deletion where lawful; (d) withdraw consent for non-essential processing; and (e) complain to us about how we handled your information.
We will respond within 30 days. If you are not satisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.
11. Children
The Platform is not directed at children under 16. We do not knowingly collect their data without parental consent.
12. Notifiable data breaches
If a data breach is likely to result in serious harm, we will notify affected individuals and the OAIC as required by the Notifiable Data Breaches scheme.
13. Changes
We may update this policy. Material changes will be notified in-app or by email at least 14 days in advance.
14. Contact our Privacy Officer
Email privacy@fitnwellhub.com.