Privacy Policy

1. About us

Intelligent Mind® Pty Ltd (ABN 91 691 526 351) operates the Intelligent Mind® Institute platform at intelligentmind.institute (“we”, “us”, “our”). This policy explains how we handle your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

2. Information we collect

We collect the following personal information:

• Account information: Name and email address. Authentication is by Google, Microsoft, or email magic link; we do not store passwords for end-user accounts.
• Professional details: Registration body (e.g. ACEM, RACGP, RCEM), registration / membership number, specialty, employing organisation, country, and state. Collected during sign-up to verify CPD claims with the relevant college and to issue accurate certificates.
• Consent records (audit trail): The version of the Terms of Service you accepted, the date and time of acceptance, the IP address you accepted from, and the browser user-agent. Retained as proof of consent.
• Payment information: Payment is processed by Stripe. We do not store full card numbers. We retain transaction IDs and amount paid for accounting purposes.
• Learning records: Reflection submissions, session attendance, CPD progress, certificate records.
• Communications: Emails you send us and our responses.
• Technical data: IP address, browser type, pages visited (via Google Analytics, if enabled).

3. How we use your information

• Delivering the programme you enrolled in — course access, reflection review, certificate generation.
• Sending transactional emails (enrolment confirmation, payment receipt, session reminders, certificate).
• Recording your consent to the Terms of Service and to marketing communications, for compliance and audit purposes.
• Accounting records via Xero.
• Communicating programme updates, schedule changes, and required notifications.
• Where applicable, verifying CPD claims with the relevant professional college.
• Marketing communications — only if you have explicitly opted in.
• Improving the platform and programme content (aggregated, de-identified analysis only).

4. Disclosure of personal information

We do not sell your personal information. We disclose it only to:

• Service providers: Stripe (payments), Xero (accounting), AWS (email infrastructure), Cloudflare (file and video hosting), Render (hosting). Each operates under its own privacy policy.
• Faculty reviewers: Your name and reflection submissions are visible to the faculty member assigned to your cohort for assessment purposes.
• Professional colleges: Where applicable and required for CPD audit verification, we may provide confirmation of your attendance and CPD hours to the relevant professional college.
• Law enforcement: Where required by Australian law or court order.

All service providers process data in accordance with applicable privacy laws. Where personal information is disclosed to overseas service providers, we take reasonable steps to ensure those providers handle your information in a manner consistent with the Australian Privacy Principles.

5. Data security

We protect your personal information using industry-standard security measures including AES-256 encryption for sensitive credentials, TLS encryption in transit, and access controls limiting who can view personal data. We conduct regular security reviews.

Despite these measures, no internet transmission is completely secure. If you suspect unauthorised access to your account, contact us immediately at [email protected].

6. Retention

• Account and enrolment data: Retained for 7 years from the date of enrolment (consistent with Australian accounting obligations).
• Reflection submissions: Retained for 3 years post-programme completion (available for CPD audit by the relevant professional college).
• Certificate records: Retained indefinitely (certificate verification page must remain accessible).
• Consent audit trail (Terms acceptance records): Retained for 7 years from the date of acceptance, consistent with the Limitation Act 1969 (NSW).
• Marketing consent: Retained until you withdraw consent.

7. Your rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Withdraw marketing consent at any time.
• Request deletion of your account (subject to legal retention obligations).
• Complain about a breach of the APPs.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use session cookies required for authentication (NextAuth). We do not use tracking cookies without consent. If Google Analytics is enabled, it uses cookies to collect anonymised usage data. You can disable cookies in your browser settings, though this may affect platform functionality.

9. Complaints

If you have a concern about how we have handled your personal information, please contact us directly at [email protected]. We take privacy concerns seriously and will respond within 30 days.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email to enrolled students. Continued use of the platform after changes constitutes acceptance of the updated policy.