Privacy Policy.

To book a session, deliver treatment safely, and process payments and health fund rebates, I collect a small set of personal information directly from you. Nothing is collected without your knowledge.

• Contact details — your name, phone number, email address, and (for mobile sessions) your treatment address.
• Booking details — the service booked, session date and time, and any preferences or notes you provide.
• Health information — relevant medical history, current injuries or conditions, medications, and contraindications, collected during your intake and updated as needed.
• Payment information — collected and processed through the Squarespace Scheduling (Acuity) platform; I do not see or store your full card details.
• Website data — basic, anonymised analytics like pages visited, browser type, and approximate location (no personally identifying data is collected from website visits unless you submit a contact form).

Your personal information is used only for the purposes you'd reasonably expect — running the practice and giving you safe, effective bodywork. Specifically:

• To deliver and customise your massage session safely based on your health profile.
• To process bookings, payments, refunds, and gift voucher orders.
• To issue receipts containing the ANTA provider details required by your private health fund for rebate claims.
• To contact you about appointments — confirmations, reminders, schedule changes, and follow-ups when relevant.
• To improve the practice (anonymised, aggregate insights about which services clients book and when).

I do not sell your information, share it with marketers, or use it for any purpose unrelated to delivering the service you booked.

I take reasonable steps to protect your information from misuse, loss, and unauthorised access. Being honest about what that means in practice:

• Most digital records (bookings, receipts, intake notes) are held within the Squarespace Scheduling (Acuity) platform — a major, established booking provider with its own security infrastructure and compliance certifications.
• Communications between you and these systems use standard encryption in transit (HTTPS / TLS).
• Paper records and any local copies are kept securely at the Valdora studio and not shared with anyone outside the practice.
• Access to your records is restricted to me as the sole practitioner. There are no other staff with routine access.

No system is completely secure, and I don't claim otherwise. If a notifiable data breach affecting your information ever occurred at the practice level, you would be informed promptly in line with Australia's Notifiable Data Breaches scheme.

Health information is classified as sensitive information under the Privacy Act 1988, with stricter rules than ordinary personal data. Here's how that applies to your records with me:

• Consent first. Health information is only collected directly from you, with your informed consent, during intake and ongoing sessions.
• Purpose-limited. Your health information is used only to make your treatment safe and effective — not for any other purpose.
• Not shared with anyone outside the treatment relationship unless you specifically authorise it (e.g. providing a referral to your GP or physiotherapist), or unless required by law.
• Retained for at least 7 years after your last session in line with industry standards for health practitioners, then deleted.

Running a modern practice means relying on a small set of third-party services. Each has its own privacy policy, and your data is subject to those policies when it sits with them. The services in use:

If any of these arrangements change, this page will be updated and the "last updated" date at the top revised accordingly.

Under Australian privacy law you have specific rights regarding your personal information. With this practice, that includes:

• Access — you can request a copy of any personal or health information held about you at any time.
• Correction — if any of your information is inaccurate, incomplete, or out of date, I'll correct it on request.
• Deletion — you can request deletion of your records (subject to the 7-year retention requirement for active clinical records).
• Opt-out of communications — you can unsubscribe from appointment reminders or any other contact at any time.
• Withdraw consent — you can withdraw consent to data collection at any time; doing so may affect my ability to safely deliver future sessions.

Requests can be made through the contact page and will be actioned within 30 days, usually much faster.

If you have a question, concern, or formal complaint about how your information is handled, please get in touch directly.