Privacy Policy

Version 1.1 · Effective 17 February 2026

1. Introduction

1.1 This Privacy Policy explains how GP Culture and Care Pty Ltd (ABN 86 674 209 397), trading as Heart Bridge Health (“we”, “us”, “our”, or the “Operator”), collects, uses, stores, discloses, and protects personal information in connection with the Heart Bridge Health platform, Lumi GP, and associated websites (collectively, the “Platform”).

1.2 We are committed to protecting the privacy of all users of the Platform, including Doctors (GPs) and Clinics. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”).

1.3 By registering for, accessing, or using the Platform, you consent to the collection, use, storage, and disclosure of your personal information as described in this Privacy Policy.

1.4 We may update this Privacy Policy from time to time. We will notify you of any material changes through the Platform. Your continued use of the Platform following such notification constitutes acceptance of the updated Privacy Policy.

1.5 This Privacy Policy should be read in conjunction with our Terms of Business for Clinics and our Terms of Business for Doctors, as applicable.

2. Who We Are

2.1 Heart Bridge Health is operated by:

2.2 For all privacy-related enquiries, requests, or complaints, please contact us at team@heartbridgehealth.com.au.

3. Information We Collect

Information Provided by Doctors

3.1 When a Doctor registers on the Platform, we collect:

  • full legal name;
  • email address;
  • phone number;
  • AHPRA registration number and registration status;
  • medical qualifications and fellowship details (e.g. FRACGP, FACRRM);
  • visa status and type (where applicable);
  • Medicare provider number eligibility; and
  • any other information the Doctor voluntarily provides in their profile or communications on the Platform.

Information Provided by Clinics

3.2 When a Clinic registers on the Platform, we collect:

  • practice or business name;
  • ABN;
  • practice address and location details;
  • contact person name, email address, and phone number;
  • insurance details;
  • payment and billing information (processed through Stripe); and
  • any other information the Clinic voluntarily provides.

Information Collected Automatically

3.3 When you use the Platform, we may automatically collect:

  • device information, including device type, operating system, and unique device identifiers;
  • usage data, including pages visited, features used, actions taken, and time spent;
  • IP address and approximate geographic location;
  • browser type and version; and
  • cookie and tracking data as described in clause 10.

Information from Third Parties

3.4 We may receive information about you from third parties, including:

  • AHPRA, for the purposes of verifying Doctor registration status;
  • Stripe, in connection with payment processing; and
  • other users of the Platform, including ratings, reviews, and feedback.

4. How We Use Your Information

Platform Operations

  • to create and manage your account on the Platform;
  • to verify Doctor eligibility, qualifications, AHPRA registration, and insurance;
  • to facilitate the matching of Doctors with Clinics;
  • to process payments and refunds;
  • to facilitate communication between users and with our administration team;
  • to provide customer support and respond to enquiries; and
  • to enforce our Terms of Business, including investigating potential breaches.

Platform Improvement and Analytics

  • to analyse usage patterns and improve functionality, features, and user experience;
  • to generate de-identified and aggregated data for trend analysis and reporting; and
  • to monitor performance, security, and stability.

Communications and Marketing

  • to send service-related communications, including booking confirmations, reminders, and Platform updates;
  • to send marketing communications (see clause 8); and
  • to send push notifications related to Platform activity (see clause 8).

Legal and Regulatory

  • to comply with applicable laws, regulations, and legal processes;
  • to protect our rights, property, and safety, and the rights of our users; and
  • to respond to lawful requests from government authorities.

5. Disclosure of Your Information

5.1 We may disclose your personal information to other Platform users in accordance with our privacy-first framework, to third-party service providers (including Stripe for payments and analytics providers), and to government and regulatory bodies where required by law.

5.2 We do not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes.

6. Data Storage and Security

6.1 All personal information collected through the Platform is stored on servers located in Australia.

6.2 We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure, including encryption of data in transit and at rest, access controls, and regular security reviews.

6.3 If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

7. De-Identified Data and Trend Analysis

7.1 We use de-identified and aggregated data to identify workforce trends, improve the Platform, and contribute to policy discussions. This data does not identify any individual user and may be shared with government bodies and industry organisations.

8. Marketing and Communications

8.1 Service-related communications are necessary for Platform operation and cannot be opted out of while you maintain an account.

8.2 You can opt out of marketing communications at any time by using the unsubscribe link in any marketing email, adjusting your account settings, or contacting team@heartbridgehealth.com.au.

9. Data Retention

9.1 We retain your personal information for as long as your account is active, and for 7 years following deactivation or termination, to comply with legal, taxation, and financial reporting obligations.

9.2 After the retention period, we will securely delete or de-identify your personal information.

10. Cookies and Tracking

10.1 We use essential cookies (for Platform function), analytics cookies (for usage understanding), and marketing cookies (for relevant communications). You can manage preferences through your browser settings or by contacting us.

11. Your Rights

11.1 Under the Privacy Act 1988 (Cth), you have the right to access, correct, and request deletion of your personal information. To exercise these rights, contact team@heartbridgehealth.com.au. We will respond within 30 days.

12. Age Restriction

12.1 The Platform is intended for persons aged 18 years and over only. We do not knowingly collect personal information from individuals under 18.

13. Overseas Disclosure

13.1 All primary data storage is on servers located in Australia. Some third-party providers (e.g. Stripe) may process data overseas. We take reasonable steps to ensure overseas recipients handle information in accordance with the APPs.

14. Complaints

14.1 If you believe we have breached the Australian Privacy Principles, contact team@heartbridgehealth.com.au. We will acknowledge within 5 Business Days and respond within 30 days.

14.2 If not satisfied, you may escalate to the Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au | 1300 363 992 | enquiries@oaic.gov.au

15. Contact Us

For any questions about this Privacy Policy or the handling of your personal information:

In the spirit of reconciliation, Heart Bridge acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.