Privacy Policy

1. Introduction

Oz Systems Pty Ltd (ABN 31 605 616 671) ("we," "us," or "our") operates CalmHealthyMind (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us:

• Account Information: Name, email address, password
• Profile Information: Optional demographic information, preferences
• Progress Data: Weekly reflections, journal entries, habit tracking data
• Payment Information: Processed securely through Stripe (we do not store credit card details)
• Communications: Support inquiries, feedback, correspondence

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, interactions
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Similar Technologies: See our Cookie Policy for details

3. How We Use Your Information

We use the collected information for:

• Service Provision: Providing, maintaining, and improving the Service
• Personalization: Customizing content and AI coaching responses
• Progress Tracking: Monitoring your journey through the 28-week program
• Communications: Sending updates, reminders, support responses, and newsletters
• Payment Processing: Managing subscriptions and billing
• Analytics: Understanding usage patterns to improve the Service
• Security: Detecting and preventing fraud, abuse, and security incidents
• Legal Compliance: Complying with applicable laws and regulations

4. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

4.1 Service Providers

• Hosting: Vercel (USA) for application hosting
• Database: Neon (cloud PostgreSQL) for data storage
• Payment Processing: Stripe (USA) for payment transactions
• AI Services: OpenAI (USA) for AI coaching features
• Email Services: Google Gmail API for transactional emails
• Analytics: Google Analytics for usage statistics

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption in transit (HTTPS/TLS)
• Secure password hashing (bcrypt)
• Access controls and authentication
• Regular security assessments
• Secure third-party service providers

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Rights (Australian Privacy Principles)

Under Australian privacy law, you have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your account and personal information
• Data Portability: Request export of your data in a portable format
• Withdraw Consent: Opt-out of marketing communications at any time
• Complaints: Lodge a complaint about our privacy practices

To exercise these rights, contact us at admin@ozsystems.com.au. We will respond to your request within 30 days.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

8. International Data Transfers

Your information may be transferred to and processed in countries outside Australia, including the United States, where our service providers are located. We ensure appropriate safeguards are in place through:

• Standard contractual clauses
• Service provider certifications and compliance programs
• Appropriate security measures

9. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will delete it promptly.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience. See our Cookie Policy for details.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: