Privacy Policy

Mental Health Directory (“we”, “us”, “our”) operates mentalhealthdirectory.com.au. We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains what personal information we collect, how we use and disclose it, and how you can access, correct or complain about our handling of your information.

Consumers (people searching for practitioners)

We do not require consumers to create an account. When you use our search or send an enquiry to a practitioner, we may collect:

• Your name and email address (if you submit an enquiry form)
• Location data (suburb or postcode entered for search, or approximate GPS location if you use “Near me”)
• Search queries and filter selections
• Device and browser information via server logs

Enquiry data is transmitted to the practitioner and is not retained on our systems beyond what is required for delivery.

Practitioners

When you register as a practitioner, we collect:

• Name, email address, and professional phone number
• AHPRA registration number and/or credential documents
• Practice location(s), fees, specialties, and session formats
• Profile photo
• Payment information (processed by Stripe; we do not store card details)

Automatically collected information

When you visit our website, we automatically collect IP address, browser type, pages visited, and referral source for security, analytics, and performance purposes.

We use personal information to:

• Operate and improve the directory
• Verify practitioner credentials and AHPRA registration
• Process practitioner subscription payments
• Transmit consumer enquiries to practitioners
• Send transactional emails (magic link sign-in, subscription receipts)
• Send updates and launch notifications to subscribers (with consent)
• Detect and prevent fraud or misuse
• Comply with our legal obligations

We do not use your information for unsolicited marketing without your consent, and we do not sell personal information to third parties.

We may share personal information with:

• Practitioners — when a consumer submits an enquiry
• Stripe — for payment processing (practitioners only)
• Amazon Web Services — our infrastructure provider (data stored in ap-southeast-2, Sydney)
• Brevo — for transactional and marketing email
• Google — for location search (Places API)
• AHPRA — to verify practitioner registration status

We require all third-party providers to handle personal information in accordance with applicable privacy laws. We do not transfer personal information outside Australia except as described above, and only to providers with appropriate data protection obligations.

We use essential cookies required for site functionality (e.g. session management) and analytics cookies to understand how people use our site. Analytics data is aggregated and does not identify individuals.

You can disable cookies in your browser settings. Disabling essential cookies may affect site functionality for practitioners signing in.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Our infrastructure is hosted within AWS Sydney (ap-southeast-2) with encryption at rest and in transit. Practitioner credential documents are stored in private S3 buckets accessible only to authorised administrators.

No method of transmission over the internet is completely secure. If you believe your information has been compromised, please contact us immediately.

We retain personal information for as long as necessary to provide our services and meet our legal obligations. Practitioners may request deletion of their account and profile data at any time. Consumer enquiry data is not retained on our systems beyond transmission to the practitioner.

Under the Privacy Act 1988, you have the right to request access to the personal information we hold about you, and to ask us to correct it if it is inaccurate or out of date.

To make a request, contact us at privacy@mentalhealthdirectory.com.au. We will respond within 30 days.

If you believe we have handled your personal information in a way that breaches the APPs, please contact us first so we can try to resolve your concern.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

We may update this policy from time to time. The current version is always available at mentalhealthdirectory.com.au/privacy. Material changes will be notified to registered practitioners by email.

For privacy enquiries, contact us at: privacy@mentalhealthdirectory.com.au