Privacy Policy
DispenseCPD (ABN 31 139 837 360), operated by an individual Australian developer ("we", "our", or "us"), is committed to protecting your privacy. We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) contained within it, which regulate how we collect, store, use, and disclose personal information. This policy explains how we handle your personal information when you use our CPD tracking service at dispensecpd.com.au.
1. Information We Collect
We collect the following information when you use DispenseCPD:
- Account information: your email address and encrypted password, or Google account details if you sign in via Google.
- CPD activity data: titles, dates, hours, activity types, providers, and notes you enter into the tracker.
- CPD plan data: your selected development standards, practice context, and goals.
- Consent record: date and time you accepted these Terms & Conditions and Privacy Policy.
- Device information: browser type and operating system, collected automatically for security purposes.
Sensitive information: We do not intentionally collect sensitive information as defined by the Privacy Act (such as health information, racial or ethnic origin, or religious beliefs), and we do not collect or store patient data or clinical records. All data stored is your own professional development records. If your CPD activity descriptions contain sensitive content — for example, references to clinical cases — you should ensure such content is appropriately de-identified before entry. Any sensitive information incidentally contained in your records will only be used for the purpose of providing the Service and will not be disclosed to third parties.
If personal information is not provided: Certain information, such as your email address, is required to create an account and use the Service. If you choose not to provide required information, we may be unable to create your account or deliver certain features of the Service. We will advise you if this is the case.
Consent: By creating an account and using DispenseCPD, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. You may withdraw consent at any time by closing your account and requesting deletion of your data at support@dispensecpd.com.au.
2. How We Use Your Information
Your information is used solely to provide and improve the DispenseCPD service:
- To store and sync your CPD records across devices.
- To generate PDF CPD reports on your request.
- To manage your subscription and account access.
- To send transactional emails (e.g. email verification, password resets).
- To meet our legal and regulatory obligations.
We do not sell, rent, or share your personal information with third parties for marketing purposes.
3. Data Storage and Security
Your data is stored securely using Google Firebase, which provides encryption in transit using TLS and encryption at rest. Firebase infrastructure is hosted in the Asia Southeast 1 region (Singapore) and meets internationally recognised security standards including ISO 27001 and SOC 2 Type II certification. Access to your data is restricted exclusively to your authenticated account — no other user or third party can access your records through our platform.
We take reasonable technical and organisational measures to protect your data; however, no system is completely secure. You are responsible for keeping your password confidential.
4. Data Retention
Your account and CPD data are retained for as long as your account exists, regardless of whether your subscription is active. A lapsed subscription does not result in data deletion — your records remain securely stored and will be accessible if you resubscribe. If you wish to delete your account and all associated data, please contact us at support@dispensecpd.com.au. We will process deletion requests within 30 days.
5. Overseas Data Storage
As required under the Australian Privacy Principles, we disclose that your data is stored on Google Cloud servers located in Singapore (Asia Southeast 1). As the operator of DispenseCPD, we remain bound by the Australian Privacy Act 1988 regardless of storage location, and we take reasonable steps to ensure your data is handled in accordance with Australian privacy standards. Google Cloud's data processing terms require Google to handle your data in accordance with applicable privacy laws.
6. Third-Party Services
DispenseCPD uses the following third-party services:
- Google Firebase — authentication, database, and hosting. Data stored in the Asia Southeast 1 region (Singapore).
- Stripe — payment processing. Stripe handles all payment data; we do not store card details.
- EmailJS — delivery of in-app support messages sent via the contact form. Message content is transmitted through EmailJS servers.
- Google reCAPTCHA — used via Firebase App Check to verify that requests originate from the legitimate app. reCAPTCHA may collect device and browser signals for this purpose.
- Google Fonts — font delivery.
Each of these services has its own privacy policy governing their use of data.
7. Cookies and Local Storage
DispenseCPD uses minimal browser local storage (not advertising cookies) to cache your CPD data for offline access and to remember your display preferences (e.g. light/dark mode). No tracking or advertising cookies are used.
8. Your Rights and Complaints
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate or out-of-date information.
- Request deletion of your data (subject to any legal retention obligations).
- Know how your personal information is being used and disclosed.
To exercise any of these rights, contact us at support@dispensecpd.com.au.
Making a complaint: If you believe we have breached the Australian Privacy Principles or otherwise mishandled your personal information, you may lodge a privacy complaint by emailing support@dispensecpd.com.au. Please describe your concern in as much detail as possible. We will acknowledge your complaint within 5 working days and endeavour to resolve it within 30 days. If we require additional time to investigate, we will notify you of the expected timeframe.
If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Website: oaic.gov.au
9. Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via email or an in-app notice. Continued use of the service after changes constitutes acceptance of the updated policy.
10. Contact
Questions about this policy? Contact us at support@dispensecpd.com.au.