Privacy Policy

1. About this policy

This Privacy Policy explains how AussiePharmacies (“AussiePharmacies”, “we”, “us”, “our”) collects, uses, discloses and stores personal information when you visit aussiepharmacies.com or use our services, including our pharmacy directory, dashboard, AI tools and communication features.

We aim to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), to the extent they apply to our business. By using our services, you agree to the handling of your personal information in accordance with this Privacy Policy.

2. What information we collect

We collect information that you provide directly, information collected automatically when you use the service, and information from third parties where appropriate.

2.1 Information you provide

Account details such as name, email address, password and basic profile details (for example, pharmacist / intern status, country).

Content and data you enter into the platform, including notes on pharmacies, internship applications, interviews, offers, and any messages or templates you draft or send using our tools.

Communications you send to us, such as support requests, feedback or survey responses.

2.2 Automatically collected data – all user actions

When you use AussiePharmacies, we log all user actions on the website that are linked to your account or device, including:

• Logins, logouts, and authentication‑related events.
• Pages visited, clicks, searches, filters, map interactions, and other feature usage.
• Emails and follow‑ups sent through the platform, templates used, and AI‑assisted interactions.
• Dashboard activity such as pharmacies added to your shortlist, status changes (e.g. contacted, interview, offer), and task completion.

Technical data such as IP address, browser type, operating system, device identifiers, timestamps and error logs.

This information is personal information when it can reasonably identify you or be linked to your account.

2.3 Information from third parties

We may receive limited personal information from:

• Payment providers (for example, confirmation that a payment was successful and basic billing information).
• Analytics, communications and infrastructure providers that help us operate and improve the service.
• Google OAuth tokens and your Gmail address, when you choose to connect your Gmail account for our email sending feature (see Section 2A).

2A. Google User Data (Gmail Integration)

AussiePharmacies integrates with Google's Gmail API to allow you to send emails directly from your Gmail account to pharmacies listed in our directory. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access

When you connect your Gmail account, we request the following OAuth permission:

• Send email on your behalf (https://www.googleapis.com/auth/gmail.send) — used solely to send emails you compose within our platform to pharmacy email addresses you select.
• Your Gmail address — used to display which account is connected and to populate the "From" field when sending emails.

We do not request access to read, modify, delete, or otherwise access your Gmail inbox or any other Gmail data beyond what is described above.

How we use Google data

Google user data accessed through our Gmail integration is used only for the following purpose:

• Sending emails that you explicitly compose and initiate within AussiePharmacies to pharmacy contacts in our directory.

We do not use Google user data for advertising, profiling, training AI models, or any purpose other than enabling the email sending feature you have explicitly opted into.

How we store Google data

To avoid requiring you to reconnect Gmail on every visit, we securely store your Gmail OAuth tokens (access token and refresh token). These tokens are:

• Encrypted at rest using AES-256 encryption.
• Never shared with or sold to any third party.
• Used exclusively to authenticate Gmail API requests when you initiate an email send through our platform.
• Deleted from our systems when you disconnect your Gmail account or delete your AussiePharmacies account.

Sharing of Google data

We do not share, sell, rent, transfer, or disclose Google user data to any third party, except where required by law. No Google user data is disclosed to advertisers, data brokers, or analytics platforms.

AussiePharmacies's use of information received from Google APIs is limited to providing the email sending feature described in this section. We do not use Google user data to develop or improve AI or machine learning models. We do not allow humans to read your Google data unless required for security purposes or by law.

Revoking Gmail access

Connecting your Gmail account is entirely optional. You can disconnect at any time by:

• Going to Account Settings → Email Settings → Disconnect Gmail within our platform, or
• Visiting myaccount.google.com/permissions and revoking access for AussiePharmacies directly.

Upon disconnection, your Gmail OAuth tokens are deleted from our systems and you will no longer be able to send emails via Gmail through our platform until you choose to reconnect.

3. Why we collect and use your information

We only collect personal information where it is reasonably necessary for our functions or activities.

We use the information described above for the following purposes:

Providing and operating the service

• Creating and managing your account and subscription.
• Allowing you to search and filter pharmacies, use map and directory tools, track leads, interviews and offers, and send messages via the platform.
• Running AI‑assisted features such as suggested templates and follow‑ups.

Logging, security and misuse prevention

• Recording all user actions to secure accounts, detect and investigate suspicious or unauthorised activity, and enforce our terms of use.
• Monitoring system performance, preventing fraud and abuse, and protecting the rights, property and safety of users and AussiePharmacies.

Support and troubleshooting

• Using detailed activity logs so support staff can understand and resolve issues you report (for example, seeing which page, feature or step failed).

Analytics and service improvement

• Analysing how users interact with features so we can improve the directory, outreach tools and dashboard, and make informed product decisions.
• Creating aggregated or de‑identified statistics about platform usage.

Communications

• Sending service‑related messages (for example, account notices, trial expiry reminders, subscription changes, or material updates to our terms).
• Sending optional product tips or marketing communications, where permitted, which you can opt out of at any time.

Legal and compliance

• Complying with legal obligations, responding to lawful requests, and managing disputes or regulatory matters.

We do not use detailed activity logs for unrelated purposes that are inconsistent with this policy, such as selling behavioural profiles to third parties.

4. Administrator access to user data and activity logs

Because AussiePharmacies is a hosted service, certain staff and administrators have access to your information:

Authorised personnel may access your account details, content and activity logs of user actions where reasonably necessary to:

• Provide support and troubleshoot issues.
• Investigate security incidents, misuse or technical problems.
• Maintain and improve the service and infrastructure.
• Comply with legal or regulatory obligations.

Access is role‑based and limited to staff who need it to perform their duties, and those staff are subject to confidentiality obligations.

5. Cookies and tracking technologies

We use cookies and similar technologies to:

• Keep you signed in and remember your preferences.
• Measure traffic and usage patterns, including how features are used and which pages are visited.
• Support security and fraud detection.

You can adjust your browser settings to reject cookies, but some features of the service may not function properly if cookies are disabled.

6. Legal basis and expectations

Where privacy laws require a lawful basis for processing, we generally rely on:

• The necessity to provide the service and perform our contract with you.
• Our legitimate interests in operating, securing and improving the platform, where these are not overridden by your privacy interests.
• Your consent for certain optional activities (for example, marketing emails you opt in to receive).

We aim to ensure that our logging of user actions and use of analytics is something a reasonable user of an internship‑oriented SaaS platform would expect in this context.

7. Disclosure of personal information

We may disclose personal information to:

• Service providers such as hosting, analytics, email delivery, customer support and payment processing providers, who assist us in operating the service.
• Professional advisers (for example, lawyers, accountants and auditors) where reasonably necessary.
• Actual or potential acquirers of our business or assets, subject to confidentiality obligations.
• Law enforcement, regulators or other parties where required or authorised by law, or where reasonably necessary to protect our rights, users or the public.

We do not sell personal information for monetary consideration.

8. Overseas disclosure

Some of our service providers may be located overseas or may process data in other countries (for example, cloud hosting or support teams). Where practicable, we take reasonable steps to ensure that such providers handle personal information in a manner consistent with this Privacy Policy and the Australian Privacy Principles.

9. Data security

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure, including:

• Technical safeguards such as secure hosting, access controls, encryption in transit where appropriate, and logging of administrative access.
• Organisational measures such as limiting access to staff who need it and applying internal policies on handling user data.

No online service can be completely secure. You are responsible for keeping your password safe and for any activity under your account if you fail to do so.

10. Retention and de‑identification of logs

We keep personal information, including activity logs, only for as long as reasonably necessary for the purposes described in this policy, or as required by law.

In practice:

• User‑linked logs and account data are retained for the life of your account and for a period afterwards where needed for security, audit, backup, or legal purposes.
• We may retain certain records longer where required by law or where there is an ongoing dispute or investigation.
• Where detailed activity data is no longer needed in an identifiable form, we may de‑identify or aggregate it and keep it for analytics and service improvement.

11. Your rights and choices

Subject to applicable law, you may:

• Request access to the personal information we hold about you.
• Request correction of personal information that is inaccurate, out‑of‑date or incomplete.
• Request deletion or de‑identification of certain information, subject to legal and operational limits (for example, where we must retain logs for security or legal reasons).
• Opt out of marketing communications at any time by following the unsubscribe link or contacting us directly.

We may need to verify your identity before responding to certain requests and may decline where an exception under the Privacy Act applies.

You can also manage some information directly via your account settings, such as changing contact details or updating your profile.

12. Third‑party sites and services

Our service may link to third‑party websites or integrate with third‑party tools. Those third parties are responsible for their own privacy practices, and this policy does not apply to them. You should review their privacy policies before providing them with personal information.