Celestopod Therapy (“we”, “our”, “us”) is a telehealth counselling and psychotherapy practice based in Victoria, Australia. This policy explains how we collect, use, disclose, store, and protect personal and health information, and how you can access and correct your information. It reflects our obligations under the Privacy Act 1988 (Australian Privacy Principles) and the Health Records Act 2001 (Vic).

Confidentiality and its limits:

  • Your sessions are private. We will not share your information without your consent, except where the law allows or requires it. Typical legal exceptions include:

    • Serious threat: if we reasonably believe disclosure is necessary to prevent or lessen a serious threat to life, health, or safety.

    • Child safety: where Victorian law requires reporting concerns about abuse of a child or young person, or other mandatory reporting duties.

    • Court orders/subpoenas or other situations required or authorised by law.

  • Where appropriate and safe, we will discuss any required disclosure with you.

What we collect and how we collect it: We collect information necessary to provide care and run the practice, such as:

  • Identity and contact details.

  • Referral details and payer information (if applicable).

  • Health and clinical history, assessments, and treatment notes.

  • Communications and forms you submit to us.

  • Booking and website information related to online appointments.

  • We collect it directly from you during contact, forms, and sessions.

  • From referrers or other providers with your consent (or as permitted by law).

  • Through online bookings and practice tools you use.

Why we use and disclose it:

  • To provide and coordinate your care.

  • To arrange appointments and manage the practice.

  • For quality improvement, professional supervision (de‑identified), and legal compliance.

  • We only use or disclose health information for its primary purpose or a directly related purpose that you would reasonably expect, unless another lawful exception applies.

Third‑party providers we use: We use reputable service providers to deliver our services. These currently include:

  • Practice management and online bookings: Cliniko (data encrypted in transit and at rest; Australian accounts are hosted in Australia; daily backups).

  • Website hosting and forms: Squarespace (data may be processed or stored outside Australia by Squarespace and its sub‑processors).

  • Email: Fastmail (secure email service; messages may transit or be stored outside Australia depending on routing and service architecture).

  • We take reasonable steps to ensure third‑party providers protect your information.

  • Where information may be stored or processed overseas, we seek to ensure comparable safeguards.

Security, data retention and destruction: We take reasonable steps to protect information from misuse, interference, loss, and unauthorised access or disclosure. Measures include platform‑level encryption, access controls, multi‑factor authentication for staff, principle of least privilege, and secure telehealth workflows. We do not record sessions without your explicit consent.

  • Adults: we keep health records for at least seven (7) years from the date of last entry.

  • Minors: if the last entry occurred when you were under 18, we keep the record until you turn 25. After these periods, records are securely destroyed or de‑identified unless a longer period is required by law or needed for ongoing legal obligations.

  • Therapist may use secure, AI-assisted digital transcription tools to create session notes for accuracy and record-keeping purposes. These tools are used in compliance with Australian privacy laws and professional confidentiality standards. No identifying information is shared with third parties, and all data is stored securely.

Access and correction and notifiable data breaches:

  • You can request access to your health information and ask us to correct it if inaccurate, incomplete, out‑of‑date, or misleading. We will respond as soon as practicable and within applicable timeframes (up to 45 days). We may refuse access in limited circumstances (for example, if providing access would pose a serious risk to life or health, or unreasonably impact another person’s privacy). If we refuse, we will tell you why and how to escalate.

  • If a data breach occurs that is likely to cause serious harm, we will assess, contain, notify affected individuals and the federal privacy regulator, and take steps to prevent recurrence, in line with the Notifiable Data Breaches scheme.

Telehealth, reminders, and marketing:

  • We may send appointment confirmations and reminders by email/SMS through our practice systems.

  • You may opt out of non‑essential messages at any time.

  • We do not use your clinical information for direct marketing without your consent.

Complaints:

  • Please contact us first so we can resolve your concern quickly.

  • If you are not satisfied, you may contact the Health Complaints Commissioner (Victoria) for health service and health records complaints, or the Office of the Australian Information Commissioner for Privacy Act matters.

Contact us: www.celestopod.au | celestopod@fastmail.com | 0494 380 563

Policy updates: We may update this policy to reflect changes in law or practice. The latest version is published on our website.