Privacy Policy

Last updated: 28 October 2025

1. Who we are

This website and service ("Service") are operated by First Point Health Pty Ltd (ACN 691 756 671) ("we", "us", "our"). We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Contact: support@firstpointhealth.com.au

2. What this policy covers

How we collect, use, disclose, store, and protect your personal information when you use our website and Service.

3. Information we collect

Identity & contact: name, date of birth, email, phone, address.

Health information (sensitive): details you provide to us, whether during your consultation with health practitioners whom you connect with via our platform, and/or any Service we provide to you

Payments: processed by Stripe; we do not store card numbers.

Technical/operational: device/usage information necessary to run and secure the Service.

Communications: emails/messages related to your request.

If you provide information for someone else, you confirm that you are authorised to do so (e.g. a parent/guardian for a minor).

4. How we collect information

We collect information directly from you via online forms, our website, email, phone and consultation of which you have with health practitioners whom you connect with via our platform. We may also collect information from any practitioner you authorise, or as otherwise permitted by law.

5. How we use your information

Your information is used to verify identity, conduct the consultation (of which you have with health practitioners whom you connect with via our platform), and provide our Service to you. Your information is also used for purposes relating to the consultation (of which you have, with health practitioners whom you connect with, via our platform). Your information may also be used to communicate with you (to provide status updates, follow-up, receipts etc.), process payments and maintain records required by law and professional standards. We also use your information to operate, maintain and improve our Service (including but not limited to safety, security and quality), and to provide you with notices, news, special offers and general information about other goods and services.

We do not sell or rent your personal information.

6. Sensitive information

We process health data of which is categorised as sensitive information.

We collect and use health information to provide any Service, meet legal and professional obligations, and for related administrative purposes.

We do not use sensitive information for marketing.

We may from time to time disclose health data to health practitioners whom you connect with, via our platform and whilst using our Service.

We may from time to time employ external personnel to provide, assist or perform the Service, or assist us in analysing relevant data relating to our website and Service.

We may also disclose personal information:

  • to such external personnel for the abovementioned purposes; and
  • in accordance with clause 7.

7. Disclosures

We may also disclose personal information to:

  • practitioners whom you connect with, whilst using our platform and Service, to assess and issue certificates and/or provide other services to you,
  • service providers that support our operations (e.g. hosting/storage, email delivery, security tooling);
  • Stripe for payment processing; and
  • professional advisers (legal/accounting) and regulators/authorities where required or authorised by law (e.g. serious threat to life/health, subpoenas).

We may also disclose personal information when required to do so by law.

We take reasonable steps to ensure third parties protect your information and only use it for the purposes we direct.

8. Storage of data and overseas disclosure

Our primary application data is hosted on managed cloud infrastructure located in Australia. Payments are processed by Stripe, which may process personal information in the United States and/or the European Union overseas.

Some of the cloud service providers we engage may operate overseas servers or disaster recovery sites. If we disclose your personal information to a recipient located outside Australia, we will take reasonable steps to ensure that the recipient does not breach the Australian Privacy Principles in relation to your personal information and, where required by law, we will seek your consent before making such disclosures.

9. Security

We use administrative and organisational measures designed to keep personal information secure and to prevent unauthorised access, misuse, interference, loss, or disclosure. We may ask for proof of identity before releasing information to you.

However, no method of transmission or storage can be guaranteed to be completely secure.

10. Data breach response

If we become aware of unauthorised access, disclosure or loss of personal information, we will activate our data-breach plan, take reasonable steps to minimise risk of serious harm, and notify affected individuals and the OAIC where required under the Notifiable Data Breaches scheme.

11. Cookies & analytics

We use only what is necessary to operate the site and deliver the Service.

12. Retention & deletion

We keep records only as long as necessary and for the purposes set out in this Privacy Policy, and/or to meet legal/professional obligations. When no longer required, we securely delete or de-identify records. You may request deletion where permitted by law.

13. Access & correction

You may request access to, or correction of, your personal information. We may need to verify your identity before responding. Contact: support@firstpointhealth.com.au.

14. Marketing (if used)

If we send service updates or marketing, you can opt out at any time via the link in the message or by contacting us. We comply with the Spam Act 2003 (Cth).

15. Complaints

Email support@firstpointhealth.com.au and we will respond within a reasonable time. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au | 1300 363 992.

16. Changes to this policy

We may update this policy periodically. The latest version will always be available on this website and/or under privacy policy (/privacy-policy), with the effective date shown at the top.