Live
Skip recruiters. Skip commissions. Just connect.Backed by Australian GPs and clinical leadersPrivacy-first matchingNo agency fees. No middlemen. Ever.No ownership clausesZero placement fees. Forever.Ask Lumi anything: DPA, moratorium, PEP, FSPOnboard IMGs without the admin headacheBuilt for IMGs, registrars, locums and FRACGPsList your clinic freeSkip recruiters. Skip commissions. Just connect.Backed by Australian GPs and clinical leadersPrivacy-first matchingNo agency fees. No middlemen. Ever.No ownership clausesZero placement fees. Forever.Ask Lumi anything: DPA, moratorium, PEP, FSPOnboard IMGs without the admin headacheBuilt for IMGs, registrars, locums and FRACGPsList your clinic free

Privacy Policy

Version 1.2 · Effective 30 April 2026

1. Introduction

1.1 This Privacy Policy explains how GP Culture and Care Pty Ltd (ABN 86 674 209 397), trading as Heart Bridge Health (“we”, “us”, “our”, or the “Operator”), collects, uses, stores, discloses, and protects personal information in connection with the Heart Bridge Health platform, mobile application, and website (collectively, the “Platform”).

1.2 We are committed to protecting the privacy of all users of the Platform, including Doctors (GPs) and Clinics. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”).

1.3 By registering for, accessing, or using the Platform, you consent to the collection, use, storage, and disclosure of your personal information as described in this Privacy Policy.

1.4 We may update this Privacy Policy from time to time. We will notify you of any material changes through the Platform. Your continued use of the Platform following such notification constitutes acceptance of the updated Privacy Policy.

1.5 This Privacy Policy should be read in conjunction with our Terms of Business for Clinics and our Terms of Business for Doctors, as applicable.

2. Who We Are

2.1 Heart Bridge Health is operated by:

2.2 For all privacy-related enquiries, requests, or complaints, please contact us at team@heartbridgehealth.com.au.

3. Information We Collect

Information Provided by Doctors

3.1 When a Doctor registers on the Platform, we collect:

  • full legal name;
  • email address;
  • phone number;
  • AHPRA registration number and registration status;
  • medical qualifications and fellowship details (e.g. FRACGP, FACRRM);
  • professional indemnity insurance details;
  • visa status and type (where applicable);
  • Medicare provider number eligibility; and
  • any other information the Doctor voluntarily provides in their profile or communications on the Platform.

Information Provided by Clinics

3.2 When a Clinic registers on the Platform, we collect:

  • practice or business name;
  • ABN;
  • practice address and location details;
  • contact person name, email address, and phone number;
  • insurance details;
  • payment and billing information (processed through Stripe); and
  • any other information the Clinic voluntarily provides in vacancy listings, profiles, or communications on the Platform.

Information Collected Automatically

3.3 When you use the Platform, we may automatically collect:

  • device information, including device type, operating system, and unique device identifiers;
  • usage data, including pages visited, features used, actions taken, and time spent on the Platform;
  • IP address and approximate geographic location;
  • browser type and version (for website access);
  • app version and crash reports; and
  • cookie and tracking data as described in clause 10.

Information from Third Parties

3.4 We may receive information about you from third parties, including:

  • AHPRA, for the purposes of verifying Doctor registration status;
  • Stripe, in connection with payment processing; and
  • other users of the Platform, including ratings, reviews, and feedback.

4. How We Use Your Information

4.1 We use the personal information we collect for the following purposes:

Platform Operations

  • to create and manage your account on the Platform;
  • to verify Doctor eligibility, qualifications, AHPRA registration, and insurance;
  • to facilitate the matching of Doctors with Clinics for Shift bookings;
  • to process payments, Escrow transactions, and refunds through Stripe;
  • to administer the ratings and review system;
  • to facilitate communication between users and with our administration team;
  • to provide customer support and respond to enquiries; and
  • to enforce our Terms of Business, including investigating potential breaches.

Platform Improvement and Analytics

  • to analyse usage patterns and improve the Platform's functionality, features, and user experience;
  • to generate de-identified and aggregated data for trend analysis and reporting (see clause 7); and
  • to monitor the performance, security, and stability of the Platform.

Communications and Marketing

  • to send you service-related communications, including booking confirmations, reminders, payment notifications, and Platform updates;
  • to send you marketing communications, including newsletters, promotional offers, and information about new features (see clause 8); and
  • to send you push notifications related to bookings, messages, and other Platform activity (see clause 8).

Legal and Regulatory

  • to comply with applicable laws, regulations, and legal processes;
  • to protect our rights, property, and safety, and the rights, property, and safety of our users and the public; and
  • to respond to lawful requests from government authorities and law enforcement agencies.

5. Disclosure of Your Information

5.1 We may disclose your personal information to the following categories of recipients:

Other Platform Users

5.2 Your information is disclosed to other users of the Platform in accordance with our privacy-first framework:

  • Clinic information (suburb, ratings, payment terms, travel and accommodation options, and description) is visible to Doctors browsing the Platform. The Clinic's name and identifying details are disclosed to a Doctor only after a Shift booking has been confirmed.
  • Doctor information (ratings and general profile details) is visible to Clinics. The Doctor's name and identifying details are disclosed to a Clinic only after the Clinic has accepted the Doctor's application for a Shift.
  • Ratings and reviews provided by either party are published on the Platform and are visible to other users.

Third-Party Service Providers

5.3 We share personal information with the following third-party service providers who assist us in operating the Platform:

  • Stripe, Inc. and its affiliates, for payment processing, Escrow management, and related financial services. Stripe's handling of your information is governed by Stripe's own privacy policy;
  • push notification service providers, for delivering notifications to your mobile device; and
  • analytics providers, for understanding how the Platform is used and improving our services.

5.4 We require all third-party service providers to handle personal information in accordance with applicable privacy laws and only for the purposes for which it was disclosed.

Government and Regulatory Bodies

5.5 We may disclose personal information to government authorities, regulatory bodies, or law enforcement agencies:

  • where required by law, regulation, or legal process;
  • in response to a lawful request from a government authority; or
  • where we reasonably believe disclosure is necessary to prevent harm to a person or to public safety.

De-Identified Data

5.6 We may share de-identified and aggregated data with third parties, including government bodies, for the purposes set out in clause 7. This data does not identify any individual user.

No Sale of Personal Information

5.7 We do not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes. We do not share your personal information with advertisers or data brokers.

6. Data Storage and Security

6.1 All personal information collected through the Platform is stored on servers located in Australia.

6.2 We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

  • encryption of data in transit and at rest;
  • access controls limiting who within our organisation can access personal information;
  • regular security reviews and updates; and
  • use of reputable and secure third-party service providers.

6.3 While we take reasonable precautions, no method of electronic storage or transmission is completely secure. We cannot guarantee the absolute security of your personal information.

6.4 If we become aware of a data breach that is likely to result in serious harm to any individual, we will notify the affected individuals and the Office of the Australian Information Commissioner (“OAIC”) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

7. De-Identified Data and Trend Analysis

7.1 We use de-identified and aggregated data derived from Platform activity to:

  • identify trends and patterns in the locum and general practice workforce market;
  • provide Clinics with insights and recommendations on how to improve their offerings and better attract Doctors;
  • generate reports on workforce supply and demand, remuneration trends, and regional distribution; and
  • contribute to policy discussions and workforce planning.

7.2 De-identified data means data that has been processed so that it does not identify, and cannot reasonably be used to identify, any individual user. All personally identifiable information is removed or anonymised before data is used for the purposes described in this clause.

7.3 We may share de-identified and aggregated data with:

  • Clinics registered on the Platform, for the purpose of improving their practices and attracting Doctors;
  • Australian federal, state, and territory government bodies, including but not limited to the Department of Health and Aged Care, for workforce planning and policy purposes; and
  • industry bodies and research organisations, for the purpose of improving the healthcare workforce.

7.4 No individual Doctor, Clinic, or user will be identifiable in any de-identified data shared under this clause.

8. Marketing and Communications

Service Communications

8.1 We will send you service-related communications that are necessary for the operation of the Platform, including booking confirmations, payment notifications, security alerts, and important Platform updates. These communications are not marketing and you cannot opt out of them while you maintain an account on the Platform.

Marketing Communications

8.2 We may send you marketing communications, including newsletters, promotional offers, feature announcements, and other information we believe may be of interest to you.

8.3 You can opt out of marketing communications at any time by:

  • using the unsubscribe link in any marketing email;
  • adjusting your communication preferences in your account settings on the Platform; or
  • contacting us at team@heartbridgehealth.com.au.

8.4 If you opt out of marketing communications, we will action your request promptly and in any event within 5 Business Days. Opting out of marketing communications does not affect service-related communications.

Push Notifications

8.5 If you have enabled push notifications on your device, we may send you notifications related to:

  • new Shift opportunities matching your preferences;
  • booking confirmations, updates, and reminders;
  • messages from Clinics or the administration team;
  • ratings and review activity; and
  • promotional or marketing information.

8.6 You can disable push notifications at any time through your device settings or your account settings on the Platform.

9. Data Retention

9.1 We retain your personal information for as long as your account is active on the Platform, and for a period of 7 years following account deactivation or termination.

9.2 The 7-year retention period is maintained to:

  • comply with applicable legal, taxation, and financial reporting obligations;
  • resolve any disputes that may arise after account closure;
  • enforce our Terms of Business; and
  • maintain the integrity of ratings, reviews, and transaction records on the Platform.

9.3 After the retention period has expired, we will securely delete or de-identify your personal information, unless we are required by law to retain it for a longer period.

9.4 De-identified and aggregated data derived from your use of the Platform may be retained indefinitely for the purposes described in clause 7.

10. Cookies and Tracking Technologies

10.1 We use cookies and similar tracking technologies on the Platform to enhance your experience and to collect information about how the Platform is used.

Types of Cookies We Use

10.2 We use the following categories of cookies:

  • Essential cookies: These are necessary for the Platform to function correctly, including session management, authentication, and security. You cannot disable these cookies.
  • Analytics cookies: These help us understand how users interact with the Platform, including which pages are visited, how long users spend on the Platform, and which features are most popular. We use this information to improve the Platform.
  • Marketing cookies: These are used to deliver relevant advertising and promotional content to you, and to measure the effectiveness of our marketing campaigns. These cookies may track your activity across other websites and services.

Managing Cookies

10.3 You can manage your cookie preferences as follows:

  • through the cookie consent banner displayed when you first access the Platform;
  • through your browser settings, where you can block or delete cookies; and
  • by contacting us at team@heartbridgehealth.com.au.

10.4 Please note that disabling certain cookies may affect the functionality of the Platform.

11. Your Rights

11.1 Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights in relation to your personal information:

Right of Access

11.2 You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days.

Right of Correction

11.3 You have the right to request that we correct any personal information we hold about you that is inaccurate, incomplete, out of date, or misleading. We will respond to your request within 30 days.

Account Deletion

11.4 You may request deletion of your account and personal information by contacting us at team@heartbridgehealth.com.au. Please note that:

  • we may retain certain information for the period specified in clause 9 to comply with our legal obligations;
  • de-identified and aggregated data derived from your information may be retained as described in clause 7; and
  • ratings and reviews you have provided may remain on the Platform in an anonymised form.

How to Exercise Your Rights

11.5 To exercise any of your rights under this clause, please contact us at team@heartbridgehealth.com.au. We may require you to verify your identity before processing your request.

12. Age Restriction

12.1 The Platform is intended for use by persons aged 18 years and over only. We do not knowingly collect personal information from individuals under the age of 18.

12.2 If we become aware that we have collected personal information from a person under the age of 18, we will take steps to delete that information promptly.

13. Overseas Disclosure of Personal Information

13.1 All primary data storage is on servers located in Australia.

13.2 Some of our third-party service providers may store or process data in countries outside Australia. In particular:

  • Stripe, Inc. is headquartered in the United States and may process payment-related data in the United States or other jurisdictions in which it operates; and
  • push notification services may process data in jurisdictions outside Australia.

13.3 Where personal information is disclosed to an overseas recipient, we take reasonable steps to ensure that the recipient handles the information in accordance with the APPs, or that the recipient is subject to a law or binding scheme that is substantially similar to the APPs.

14. Intellectual Property and Copyright

14.1 All content, materials, designs, source code, databases, user interfaces, text, graphics, logos, icons, images, photographs, audio, video, animations, training and onboarding materials (including any clinic manual, video walkthrough, FAQ, sales documentation or template), and all other works made available on or through the Platform (collectively, the “Platform Materials”) are owned by, or licensed to, GP Culture and Care Pty Ltd (the “Operator”).

14.2 The Platform Materials are protected by, without limitation, the Copyright Act 1968 (Cth), the Trade Marks Act 1995 (Cth), the law of confidential information, and applicable international intellectual property treaties to which Australia is a party.

14.3 The trade marks, trade names, logos, service marks and brand elements “Heart Bridge”, “Heart Bridge Health”, “Lumi”, “Lumi GP”, “Lumi Clinic”, “Locum Lounge” and the heart-with-cross device (whether or not registered) (collectively, the “Marks”) are the property of the Operator. No right or licence to use the Marks is granted to you by this Privacy Policy or by your use of the Platform.

14.4 Subject to your continuing compliance with these terms and any applicable Terms of Business, the Operator grants you a personal, non-exclusive, non-transferable, non-sublicensable, revocable, royalty-free licence to access and use the Platform Materials solely for the internal business purposes of your own clinic or your own medical practice, and only for the duration of your authorised access to the Platform.

14.5 All rights not expressly granted under clause 14.4 are reserved by the Operator. Nothing in this Privacy Policy or in your use of the Platform transfers any title, ownership, copyright, patent right, trade mark, design right, database right, trade secret or any other intellectual property right in the Platform Materials to you.

14.6 You acknowledge that the Operator and its personnel hold moral rights in respect of the Platform Materials under Part IX of the Copyright Act 1968 (Cth), and you must not engage in any conduct that would constitute an infringement of those moral rights, including any false attribution of authorship or any treatment of the Platform Materials that is prejudicial to the honour or reputation of the author.

14.7 Where you submit, upload, post, or otherwise contribute any content to the Platform (including profile information, vacancy listings, ratings, reviews, messages and feedback) (“User Content”), you retain ownership of your User Content, but you grant the Operator a worldwide, perpetual, irrevocable, royalty-free, sublicensable, transferable licence to host, store, reproduce, modify (only to the extent reasonably necessary to operate, display and promote the Platform), communicate, publish and display that User Content for the purposes of operating, providing, improving and promoting the Platform.

14.8 You warrant that any User Content you submit does not infringe the intellectual property, privacy or other rights of any third party, and you indemnify the Operator against any loss, claim, cost or damage arising from a breach of that warranty.

14.9 The compilation, arrangement, structure, sequence, “look and feel”, and presentation of the Platform Materials (including any database of clinics, doctors, vacancies, ratings or reviews) are the exclusive property of the Operator and are protected by copyright and database rights.

14.10 © 2025–2026 GP Culture and Care Pty Ltd. All rights reserved. The unauthorised reproduction, adaptation, communication or distribution of the Platform Materials is an infringement of the Operator’s rights and may give rise to civil and criminal liability.

15. Confidentiality of Platform Materials

15.1 In the course of accessing the Platform, you may be given access to information that is by its nature confidential, including the Heart Bridge clinic manual, video walkthroughs, training and onboarding materials, pricing methodologies, matching algorithms, product roadmaps, internal know-how, business processes and any commercially sensitive information about doctors, clinics or other users (“Confidential Information”).

15.2 You must:

  • treat the Confidential Information as strictly confidential;
  • use the Confidential Information solely for the permitted purpose for which it was provided to you;
  • take all reasonable steps to protect the Confidential Information against unauthorised access, use or disclosure (and at least the same degree of care you take to protect your own confidential information of comparable importance, and never less than a reasonable standard of care);
  • not disclose the Confidential Information to any person other than your own employees, directors, contractors and professional advisers who have a genuine need to know it for the permitted purpose, and who are bound by obligations of confidentiality at least as protective as those set out in this clause 15; and
  • on the Operator’s written request, promptly return or permanently destroy all copies of the Confidential Information in your possession, custody or control, and certify that destruction in writing if requested.

15.3 The obligations in clause 15.2 do not apply to information that you can demonstrate, by contemporaneous written records, was: (a) in the public domain at the time of disclosure (other than as a result of a breach of these terms); (b) lawfully in your possession before disclosure by the Operator and free of any obligation of confidence; (c) lawfully received from a third party without restriction and without breach of any obligation of confidence; or (d) independently developed by you without use of, or reference to, the Confidential Information.

15.4 Your obligations under this clause 15 survive termination or expiry of your access to the Platform and continue for so long as the relevant information retains the character of confidential information.

16. Restrictions on Use, Reverse Engineering and Competing Platforms

16.1 You must not, and must not authorise or permit any other person to:

  • copy, reproduce, republish, broadcast, transmit, frame, mirror, scrape, harvest, index or otherwise distribute the Platform Materials, except as expressly permitted by clause 14.4 or by mandatory law that cannot be lawfully excluded;
  • modify, adapt, translate, create derivative works of, or prepare any work based upon the Platform Materials;
  • reverse engineer, decompile, disassemble or otherwise attempt to derive the source code, underlying ideas, algorithms, structure, organisation or method of operation of the Platform, except to the limited extent that such activity is expressly permitted by applicable law notwithstanding this restriction (in which case you must first give the Operator reasonable prior written notice and an opportunity to provide the information itself);
  • remove, alter or obscure any copyright, trade mark, attribution, watermark or other proprietary notice on or in the Platform Materials;
  • sell, lease, licence, sublicense, rent, distribute or commercially exploit the Platform Materials, or use them on behalf of any third party as part of any service bureau, time-sharing, hosted or managed service offering;
  • use the Platform Materials, or any Confidential Information, to design, develop, train, build, fund, promote, operate or assist any product, service, business or platform that competes (directly or indirectly) with the Platform, including any competing online marketplace, matching service or recruitment platform for doctors, general practitioners or healthcare clinics in Australia;
  • disclose, share, post, publish, forward, demonstrate, screen-record or screenshot the Platform Materials or any part of them to any competitor of the Operator, or to any person whom you reasonably suspect intends to use the information for a competing purpose;
  • use any robot, spider, crawler, scraper, automated tool, machine learning model or other automated means to access, monitor, copy or extract any part of the Platform or the Platform Materials, except where the Operator has given express written permission;
  • circumvent, disable or interfere with any security, authentication, access control, rate-limiting, watermarking or other technical protection feature of the Platform; or
  • use the Platform or the Platform Materials in any manner that breaches any law, infringes the rights of any person, or is otherwise misleading, deceptive, defamatory, harassing, abusive or contrary to good faith.

16.2 You acknowledge and agree that the restrictions in clause 16.1 are reasonable, are no greater than necessary to protect the Operator’s legitimate business interests in its goodwill, intellectual property, confidential information and trade connection, and are proportionate to the harm that would be caused to the Operator by any breach.

16.3 If a court of competent jurisdiction holds that any restriction in this clause 16 is void, unenforceable or unreasonable, the restriction is to be read down to the extent necessary so that it is valid and enforceable; and if it cannot be read down, it is severable from the remainder of these terms, which continue in full force.

16.4 You acknowledge that damages alone may not be an adequate remedy for a breach of clauses 14, 15 or 16, and that the Operator is entitled to seek and obtain interlocutory and final injunctive and other equitable relief, in addition to any other remedy available at law or in equity, to restrain or remedy any actual or threatened breach.

16.5 You indemnify the Operator and its directors, officers, employees and agents against all loss, damage, cost (including legal costs on a full indemnity basis), expense, claim or liability suffered or incurred by any of them as a result of, or in connection with, your breach of clause 14, 15 or 16, except to the extent that the loss is caused by the Operator’s own negligent or wrongful act or omission.

17. Complaints

17.1 If you believe that we have breached the Australian Privacy Principles or otherwise mishandled your personal information, you may lodge a complaint with us by contacting team@heartbridgehealth.com.au.

17.2 We will acknowledge receipt of your complaint within 5 Business Days and will investigate and respond to your complaint within 30 days.

17.3 If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au
  • Post: GPO Box 5218, Sydney NSW 2001

18. Contact Us

18.1 For any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal information, please contact us:

Acknowledgement of Country

In the spirit of reconciliation, Heart Bridge Health acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present, and extend that respect to all Aboriginal and Torres Strait Islander peoples today.

Always was, always will be Aboriginal land.