Privacy Policy

Version 1.1 · Effective 17 February 2026

1. Introduction

1.1 This Privacy Policy explains how GP Culture and Care Pty Ltd (ABN 86 674 209 397), trading as Heart Bridge Health (“we”, “us”, “our”, or the “Operator”), collects, uses, stores, discloses, and protects personal information in connection with the Heart Bridge Health platform, mobile application, and website (collectively, the “Platform”).

1.2 We are committed to protecting the privacy of all users of the Platform, including Doctors (GPs) and Clinics. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”).

1.3 By registering for, accessing, or using the Platform, you consent to the collection, use, storage, and disclosure of your personal information as described in this Privacy Policy.

1.4 We may update this Privacy Policy from time to time. We will notify you of any material changes through the Platform. Your continued use of the Platform following such notification constitutes acceptance of the updated Privacy Policy.

1.5 This Privacy Policy should be read in conjunction with our Terms of Business for Clinics and our Terms of Business for Doctors, as applicable.

2. Who We Are

2.1 Heart Bridge Health is operated by:

2.2 For all privacy-related enquiries, requests, or complaints, please contact us at team@heartbridgehealth.com.au.

3. Information We Collect

Information Provided by Doctors

3.1 When a Doctor registers on the Platform, we collect:

  • full legal name;
  • email address;
  • phone number;
  • AHPRA registration number and registration status;
  • medical qualifications and fellowship details (e.g. FRACGP, FACRRM);
  • professional indemnity insurance details;
  • visa status and type (where applicable);
  • Medicare provider number eligibility; and
  • any other information the Doctor voluntarily provides in their profile or communications on the Platform.

Information Provided by Clinics

3.2 When a Clinic registers on the Platform, we collect:

  • practice or business name;
  • ABN;
  • practice address and location details;
  • contact person name, email address, and phone number;
  • insurance details;
  • payment and billing information (processed through Stripe); and
  • any other information the Clinic voluntarily provides in vacancy listings, profiles, or communications on the Platform.

Information Collected Automatically

3.3 When you use the Platform, we may automatically collect:

  • device information, including device type, operating system, and unique device identifiers;
  • usage data, including pages visited, features used, actions taken, and time spent on the Platform;
  • IP address and approximate geographic location;
  • browser type and version (for website access);
  • app version and crash reports; and
  • cookie and tracking data as described in clause 10.

Information from Third Parties

3.4 We may receive information about you from third parties, including:

  • AHPRA, for the purposes of verifying Doctor registration status;
  • Stripe, in connection with payment processing; and
  • other users of the Platform, including ratings, reviews, and feedback.

4. How We Use Your Information

4.1 We use the personal information we collect for the following purposes:

Platform Operations

  • to create and manage your account on the Platform;
  • to verify Doctor eligibility, qualifications, AHPRA registration, and insurance;
  • to facilitate the matching of Doctors with Clinics for Shift bookings;
  • to process payments, Escrow transactions, and refunds through Stripe;
  • to administer the ratings and review system;
  • to facilitate communication between users and with our administration team;
  • to provide customer support and respond to enquiries; and
  • to enforce our Terms of Business, including investigating potential breaches.

Platform Improvement and Analytics

  • to analyse usage patterns and improve the Platform's functionality, features, and user experience;
  • to generate de-identified and aggregated data for trend analysis and reporting (see clause 7); and
  • to monitor the performance, security, and stability of the Platform.

Communications and Marketing

  • to send you service-related communications, including booking confirmations, reminders, payment notifications, and Platform updates;
  • to send you marketing communications, including newsletters, promotional offers, and information about new features (see clause 8); and
  • to send you push notifications related to bookings, messages, and other Platform activity (see clause 8).

Legal and Regulatory

  • to comply with applicable laws, regulations, and legal processes;
  • to protect our rights, property, and safety, and the rights, property, and safety of our users and the public; and
  • to respond to lawful requests from government authorities and law enforcement agencies.

5. Disclosure of Your Information

5.1 We may disclose your personal information to the following categories of recipients:

Other Platform Users

5.2 Your information is disclosed to other users of the Platform in accordance with our privacy-first framework:

  • Clinic information (suburb, ratings, payment terms, travel and accommodation options, and description) is visible to Doctors browsing the Platform. The Clinic's name and identifying details are disclosed to a Doctor only after a Shift booking has been confirmed.
  • Doctor information (ratings and general profile details) is visible to Clinics. The Doctor's name and identifying details are disclosed to a Clinic only after the Clinic has accepted the Doctor's application for a Shift.
  • Ratings and reviews provided by either party are published on the Platform and are visible to other users.

Third-Party Service Providers

5.3 We share personal information with the following third-party service providers who assist us in operating the Platform:

  • Stripe, Inc. and its affiliates, for payment processing, Escrow management, and related financial services. Stripe's handling of your information is governed by Stripe's own privacy policy;
  • push notification service providers, for delivering notifications to your mobile device; and
  • analytics providers, for understanding how the Platform is used and improving our services.

5.4 We require all third-party service providers to handle personal information in accordance with applicable privacy laws and only for the purposes for which it was disclosed.

Government and Regulatory Bodies

5.5 We may disclose personal information to government authorities, regulatory bodies, or law enforcement agencies:

  • where required by law, regulation, or legal process;
  • in response to a lawful request from a government authority; or
  • where we reasonably believe disclosure is necessary to prevent harm to a person or to public safety.

De-Identified Data

5.6 We may share de-identified and aggregated data with third parties, including government bodies, for the purposes set out in clause 7. This data does not identify any individual user.

No Sale of Personal Information

5.7 We do not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes. We do not share your personal information with advertisers or data brokers.

6. Data Storage and Security

6.1 All personal information collected through the Platform is stored on servers located in Australia.

6.2 We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

  • encryption of data in transit and at rest;
  • access controls limiting who within our organisation can access personal information;
  • regular security reviews and updates; and
  • use of reputable and secure third-party service providers.

6.3 While we take reasonable precautions, no method of electronic storage or transmission is completely secure. We cannot guarantee the absolute security of your personal information.

6.4 If we become aware of a data breach that is likely to result in serious harm to any individual, we will notify the affected individuals and the Office of the Australian Information Commissioner (“OAIC”) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

7. De-Identified Data and Trend Analysis

7.1 We use de-identified and aggregated data derived from Platform activity to:

  • identify trends and patterns in the locum and general practice workforce market;
  • provide Clinics with insights and recommendations on how to improve their offerings and better attract Doctors;
  • generate reports on workforce supply and demand, remuneration trends, and regional distribution; and
  • contribute to policy discussions and workforce planning.

7.2 De-identified data means data that has been processed so that it does not identify, and cannot reasonably be used to identify, any individual user. All personally identifiable information is removed or anonymised before data is used for the purposes described in this clause.

7.3 We may share de-identified and aggregated data with:

  • Clinics registered on the Platform, for the purpose of improving their practices and attracting Doctors;
  • Australian federal, state, and territory government bodies, including but not limited to the Department of Health and Aged Care, for workforce planning and policy purposes; and
  • industry bodies and research organisations, for the purpose of improving the healthcare workforce.

7.4 No individual Doctor, Clinic, or user will be identifiable in any de-identified data shared under this clause.

8. Marketing and Communications

Service Communications

8.1 We will send you service-related communications that are necessary for the operation of the Platform, including booking confirmations, payment notifications, security alerts, and important Platform updates. These communications are not marketing and you cannot opt out of them while you maintain an account on the Platform.

Marketing Communications

8.2 We may send you marketing communications, including newsletters, promotional offers, feature announcements, and other information we believe may be of interest to you.

8.3 You can opt out of marketing communications at any time by:

  • using the unsubscribe link in any marketing email;
  • adjusting your communication preferences in your account settings on the Platform; or
  • contacting us at team@heartbridgehealth.com.au.

8.4 If you opt out of marketing communications, we will action your request promptly and in any event within 5 Business Days. Opting out of marketing communications does not affect service-related communications.

Push Notifications

8.5 If you have enabled push notifications on your device, we may send you notifications related to:

  • new Shift opportunities matching your preferences;
  • booking confirmations, updates, and reminders;
  • messages from Clinics or the administration team;
  • ratings and review activity; and
  • promotional or marketing information.

8.6 You can disable push notifications at any time through your device settings or your account settings on the Platform.

9. Data Retention

9.1 We retain your personal information for as long as your account is active on the Platform, and for a period of 7 years following account deactivation or termination.

9.2 The 7-year retention period is maintained to:

  • comply with applicable legal, taxation, and financial reporting obligations;
  • resolve any disputes that may arise after account closure;
  • enforce our Terms of Business; and
  • maintain the integrity of ratings, reviews, and transaction records on the Platform.

9.3 After the retention period has expired, we will securely delete or de-identify your personal information, unless we are required by law to retain it for a longer period.

9.4 De-identified and aggregated data derived from your use of the Platform may be retained indefinitely for the purposes described in clause 7.

10. Cookies and Tracking Technologies

10.1 We use cookies and similar tracking technologies on the Platform to enhance your experience and to collect information about how the Platform is used.

Types of Cookies We Use

10.2 We use the following categories of cookies:

  • Essential cookies: These are necessary for the Platform to function correctly, including session management, authentication, and security. You cannot disable these cookies.
  • Analytics cookies: These help us understand how users interact with the Platform, including which pages are visited, how long users spend on the Platform, and which features are most popular. We use this information to improve the Platform.
  • Marketing cookies: These are used to deliver relevant advertising and promotional content to you, and to measure the effectiveness of our marketing campaigns. These cookies may track your activity across other websites and services.

Managing Cookies

10.3 You can manage your cookie preferences as follows:

  • through the cookie consent banner displayed when you first access the Platform;
  • through your browser settings, where you can block or delete cookies; and
  • by contacting us at team@heartbridgehealth.com.au.

10.4 Please note that disabling certain cookies may affect the functionality of the Platform.

11. Your Rights

11.1 Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights in relation to your personal information:

Right of Access

11.2 You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days.

Right of Correction

11.3 You have the right to request that we correct any personal information we hold about you that is inaccurate, incomplete, out of date, or misleading. We will respond to your request within 30 days.

Account Deletion

11.4 You may request deletion of your account and personal information by contacting us at team@heartbridgehealth.com.au. Please note that:

  • we may retain certain information for the period specified in clause 9 to comply with our legal obligations;
  • de-identified and aggregated data derived from your information may be retained as described in clause 7; and
  • ratings and reviews you have provided may remain on the Platform in an anonymised form.

How to Exercise Your Rights

11.5 To exercise any of your rights under this clause, please contact us at team@heartbridgehealth.com.au. We may require you to verify your identity before processing your request.

12. Age Restriction

12.1 The Platform is intended for use by persons aged 18 years and over only. We do not knowingly collect personal information from individuals under the age of 18.

12.2 If we become aware that we have collected personal information from a person under the age of 18, we will take steps to delete that information promptly.

13. Overseas Disclosure of Personal Information

13.1 All primary data storage is on servers located in Australia.

13.2 Some of our third-party service providers may store or process data in countries outside Australia. In particular:

  • Stripe, Inc. is headquartered in the United States and may process payment-related data in the United States or other jurisdictions in which it operates; and
  • push notification services may process data in jurisdictions outside Australia.

13.3 Where personal information is disclosed to an overseas recipient, we take reasonable steps to ensure that the recipient handles the information in accordance with the APPs, or that the recipient is subject to a law or binding scheme that is substantially similar to the APPs.

14. Complaints

14.1 If you believe that we have breached the Australian Privacy Principles or otherwise mishandled your personal information, you may lodge a complaint with us by contacting team@heartbridgehealth.com.au.

14.2 We will acknowledge receipt of your complaint within 5 Business Days and will investigate and respond to your complaint within 30 days.

14.3 If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au
  • Post: GPO Box 5218, Sydney NSW 2001

15. Contact Us

15.1 For any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal information, please contact us: