Privacy Policy

1. About us

Intelligent Mind® Pty Ltd (ABN 91 691 526 351) operates the Intelligent Mind Institute® platform at intelligentmind.institute (“we”, “us”, “our”). This policy explains how we handle your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

2. Information we collect

We collect the following personal information:

• Account information: Name, email address, password (hashed — never stored in plain text)
• Professional details: AHPRA registration number (optional), medical specialty, employing organisation
• Payment information: Payment is processed by Stripe. We do not store full card numbers. We retain transaction IDs and amount paid for accounting purposes.
• Learning records: Reflection submissions, session attendance, CPD progress, certificate records
• Communications: Emails you send us and our responses
• Technical data: IP address, browser type, pages visited (via Google Analytics, if enabled)

3. How we use your information

• Delivering the programme you enrolled in — course access, reflection review, certificate generation
• Sending transactional emails (enrolment confirmation, Tax Invoice, session reminders, certificate)
• GST-compliant accounting via Xero (Tax Invoice generation)
• Communicating programme updates, schedule changes, and required notifications
• Verifying ACEM CPD claims if we are audited by ACEM on your behalf
• Marketing communications — only if you have explicitly opted in
• Improving the platform and programme content (aggregated, de-identified analysis only)

4. Disclosure of personal information

We do not sell your personal information. We disclose it only to:

• Service providers: Stripe (payments), Xero (accounting), AWS (email infrastructure), Cloudflare (file and video hosting), Render (hosting). Each operates under its own privacy policy.
• Faculty reviewers: Your name and reflection submissions are visible to the faculty member assigned to your cohort for assessment purposes.
• ACEM: If required for CPD audit verification, we may provide confirmation of your attendance and CPD hours.
• Law enforcement: Where required by Australian law or court order.

All service providers process data in accordance with applicable privacy laws. Some providers may store data outside Australia — we rely on standard contractual clauses to ensure adequate protection.

5. Data security

We protect your personal information using industry-standard security measures including AES-256 encryption for sensitive credentials, TLS encryption in transit, and access controls limiting who can view personal data. Passwords are hashed using bcrypt and never stored in plain text. We conduct regular security reviews.

Despite these measures, no internet transmission is completely secure. If you suspect unauthorised access to your account, contact us immediately at [email protected].

6. Retention

• Account and enrolment data: Retained for 7 years from the date of enrolment (consistent with Australian accounting obligations)
• Reflection submissions: Retained for 3 years post-programme completion (available for ACEM audit)
• Certificate records: Retained indefinitely (certificate verification page must remain accessible)
• Marketing consent: Retained until you withdraw consent

7. Your rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Withdraw marketing consent at any time
• Request deletion of your account (subject to legal retention obligations)
• Complain about a breach of the APPs

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use session cookies required for authentication (NextAuth). We do not use tracking cookies without consent. If Google Analytics is enabled, it uses cookies to collect anonymised usage data. You can disable cookies in your browser settings, though this may affect platform functionality.

9. Complaints

If you believe we have mishandled your personal information, please contact us first at [email protected]. If we cannot resolve your complaint, you may contact the Office of the Australian Information Commissioner (OAIC).

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email to enrolled students. Continued use of the platform after changes constitutes acceptance of the updated policy.