Skip to content
First Practice

Privacy Policy.

How First Practice collects, uses, and protects your personal information.

Draft. This page is a structured outline pending legal review before publication. Do not rely on it as final legal copy.

1. Effective date

Last updated: [Insert date - must be kept current. Update whenever the policy materially changes.]

2. Who we are

First Practice ([legal entity name + ABN once registered]) is an Australian provider of subscription websites for NDIS providers. We are bound by the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

This policy explains what personal information we collect, how we use it, who we share it with, and how you can exercise your rights.

3. What personal information we collect

From visitors to our marketing site

  • Information you submit through our contact form (name, email, business stage, what you're looking for, and any notes you choose to share).
  • Anonymous analytics data (page views, referral source, device type) via [Plausible / GA4 - confirm at build].
  • Standard server logs (IP address, browser, timestamps) retained for security and debugging.

From customers (NDIS providers)

  • Business information you provide during onboarding (business name, ABN, NDIS registration status, services offered, suburbs served).
  • Brand assets you share (logo, colours, photos).
  • Content drafts and approved content for your website.
  • Billing information processed by Stripe (we do not store your card details directly).

What we do NOT collect

  • Information about your participants or clients. The websites we build are marketing/discovery sites - we don't handle clinical records, support plans, or participant personal information.

4. How we use your information

  • To deliver the service you've signed up for (build and host your website).
  • To communicate with you about your account, support requests, and service changes.
  • To improve our service through aggregated, de-identified analytics.
  • To send you occasional product updates and relevant information (you can unsubscribe anytime).

We do not sell your personal information. We do not use your data to train AI models or share it with third parties for marketing purposes.

5. Who we share information with

We share limited information with the following third-party service providers, only to the extent necessary to deliver our service:

ServicePurposeWhere data is stored
StripePayment processingInternational - Standard Contractual Clauses
Google Cloud PlatformHosting and infrastructureAustralia-hosted region where possible
Resend (or equivalent)Transactional emailInternational - confirm at build
Plausible / GA4AnalyticsConfirm at build
CloudflareDNS and DDoS protectionGlobal edge network

Each of these providers has their own privacy policy and security commitments. We choose providers who meet reasonable Australian and international privacy standards.

6. How we store and protect your data

  • All data is stored on GCP infrastructure, with Australian data residency where the service supports it.
  • Encryption in transit (TLS 1.2+) and at rest.
  • Access to customer data is limited to the founder and any future staff who require it to deliver the service.
  • We retain customer data for as long as your subscription is active, plus a reasonable period afterwards for legal and operational requirements (typically 7 years for tax/business records).

7. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you.
  • Correct any information that is inaccurate or out-of-date.
  • Request deletion of your personal information (subject to legal retention requirements).
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we've breached our obligations.

To exercise these rights, email us at hello@firstpractice.com.au. We aim to respond within five business days.

OAIC contact: oaic.gov.au | 1300 363 992.

8. Cookies and tracking

Our marketing site uses cookies and similar technologies for:

  • Essential function (e.g. remembering form state) - required for the site to work.
  • Analytics - to understand how visitors use the site.

No advertising cookies. No third-party advertising trackers. No cross-site tracking.

9. Changes to this policy

We may update this policy occasionally - for example, when we add a new service provider or when laws change. Material changes will be notified to existing customers via email. The "last updated" date at the top reflects the most recent version.

10. Contact

Questions about this policy? Email hello@firstpractice.com.au.

If you're not satisfied with our response, you can complain to the OAIC: oaic.gov.au.