Skip to content
First Practice

Privacy Policy.

How First Practice collects, uses, and protects your personal information.

1. Effective date

Last updated: 25 May 2026.

2. Who we are

First Practice (ABN 34 525 542 428) is an Australian provider of subscription websites for NDIS providers. We are bound by the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

This policy explains what personal information we collect, how we use it, who we share it with, and how you can exercise your rights.

3. What personal information we collect

From visitors to our marketing site

  • Information you submit through our contact form (name, email, business stage, what you're looking for, and any notes you choose to share).
  • Anonymous behavioural analytics (page views, clicks, scrolls, referral source, device type) via Microsoft Clarity. Clarity does not record form field values by default.
  • Standard server logs (IP address, browser, timestamps) retained for security and debugging.

From customers (NDIS providers)

  • Business information you provide during onboarding (business name, ABN, NDIS registration status, services offered, suburbs served).
  • Brand assets you share (logo, colours, photos).
  • Content drafts and approved content for your website.
  • Billing information processed by Stripe (we do not store your card details directly).

What we do NOT collect

  • Information about your participants or clients. The websites we build are marketing/discovery sites - we don't handle clinical records, support plans, or participant personal information.

4. How we use your information

  • To deliver the service you've signed up for (build and host your website).
  • To communicate with you about your account, support requests, and service changes.
  • To improve our service through aggregated, de-identified analytics.
  • To send you occasional product updates and relevant information (you can unsubscribe anytime).

We do not sell your personal information. We do not use your data to train AI models or share it with third parties for marketing purposes.

5. Who we share information with

We share limited information with the following third-party service providers, only to the extent necessary to deliver our service:

ServicePurposeWhere data is stored
StripePayment processingInternational, Standard Contractual Clauses apply
VercelSite hosting and edge networkGlobal edge with Australian region where supported
Google Cloud PlatformCloud infrastructure for customer sites and data storageAustralian region where the service supports it
SlackReceives a notification when you submit our contact form (name, email, stage, plan interest, notes) so we can respondInternational, US-hosted
Microsoft ClarityAnonymous analytics and session-pattern recordingInternational, Microsoft data centres

Each of these providers has their own privacy policy and security commitments. We choose providers who meet reasonable Australian and international privacy standards.

6. How we store and protect your data

  • All data is stored on reputable cloud infrastructure, with Australian data residency where the service supports it.
  • Encryption in transit (TLS 1.2+) and at rest.
  • Access to customer data is limited to the founder and any future staff who require it to deliver the service.
  • We retain customer data for as long as your subscription is active, plus a reasonable period afterwards for legal and operational requirements (typically 7 years for tax/business records).

7. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you.
  • Correct any information that is inaccurate or out-of-date.
  • Request deletion of your personal information (subject to legal retention requirements).
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we've breached our obligations.

To exercise these rights, email us at outreach@firstpractice.com.au. We aim to respond within five business days.

OAIC contact: oaic.gov.au | 1300 363 992.

8. Cookies and tracking

Our marketing site uses cookies and similar technologies for:

  • Essential function (e.g. remembering form state), required for the site to work.
  • Anonymous analytics via Microsoft Clarity, to understand how visitors use the site. Clarity records page views, clicks, and scrolls. It does not record form field values by default.

No advertising cookies. No third-party advertising trackers. No cross-site tracking.

9. Changes to this policy

We may update this policy occasionally - for example, when we add a new service provider or when laws change. Material changes will be notified to existing customers via email. The "last updated" date at the top reflects the most recent version.

10. Contact

Questions about this policy? Email outreach@firstpractice.com.au.

If you're not satisfied with our response, you can complain to the OAIC: oaic.gov.au.