Skip to main content
T Top Care Plus
Draft — awaiting legal review. This policy is a pre-launch placeholder structured against the Australian Privacy Principles (APP 1–13). The clinic's solicitor will finalise the exact wording before public release.

Privacy policy

Effective 2026-04-24

1. Who we are

Top Care Plus ("we", "us", "our") is the trading name for Top Care Plus Pty Ltd, operating a Clinical Pilates studio in Wantirna South, Victoria. Contact for privacy enquiries: privacy@topcareplus.com.au.

2. What personal information we collect (APP 3)

When you create a membership we collect:

  • Name, email address, mobile number
  • Date of birth
  • Emergency contact name + phone number
  • Health information you choose to share: injuries, medical conditions, current Pilates experience, whether you're an existing Top Care patient
  • Your Stripe customer identifier (payments are processed by Stripe; we never see your card numbers)
  • Attendance + booking records once you book classes

3. How we collect it (APP 3)

Directly from you via the signup form, your member dashboard, and bookings you make in the app. We don't buy, rent, or otherwise acquire personal information from third parties.

4. Why we collect it + how we use it (APP 6)

We use your personal information only for the primary purposes you provided it:

  • Managing your membership and bookings
  • Billing via Stripe, and sending receipts + payment-related notifications
  • Tailoring classes to your health needs (health information is visible only to the physiotherapist leading your class)
  • Contacting your emergency contact in a medical emergency during a class
  • Complying with financial-record + tax-record retention requirements (7 years)

We will never use your personal information for direct marketing without your explicit opt-in consent.

5. How we store + secure it (APP 11)

  • All data in transit is encrypted via TLS (HTTPS).
  • Health information is encrypted at rest with AES-256-GCM before being written to the database; the encryption key is held separately from the database and rotated quarterly.
  • The database is hosted in a Sydney region data centre by Railway, with point-in-time recovery and daily backups retained for 14 days.
  • Access to the production database is restricted to named staff via multi-factor authentication; every read + write to member records is audit-logged.
  • Payment card data is handled exclusively by Stripe — a PCI-DSS Level 1 provider. We never see, store, or process card numbers.

6. Who we share it with (APP 8)

We disclose personal information only to:

  • Stripe (USA + Australia) — payment processing. Stripe sees your name, email, and payment details; it does not see your health information.
  • AWS Simple Email Service (ap-southeast-2) — transactional email delivery (verification, receipts, password reset).
  • Your physiotherapist — health information is visible to the instructor leading your class for safety purposes.

We do not share personal information with any other third party except where required by Australian law or in response to a valid subpoena.

7. Your rights (APP 12, APP 13)

You have the right to:

  • Access any personal information we hold about you — request a copy via email.
  • Correct inaccurate information — either via your member dashboard or by emailing us.
  • Delete your account and redact personal information from our systems. Financial records (Stripe invoices, payment receipts) are retained for 7 years under Australian tax law; all other personal information is redacted. See the Delete my account action in your dashboard, or email privacy@topcareplus.com.au.
  • Complain to us directly, or to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

8. Retention (APP 11)

Member profile + health information is retained for as long as your membership is active, plus 12 months after cancellation to support win-back and refund queries. You can trigger immediate redaction at any time via the dashboard delete flow. Financial + tax records (invoices, refunds, GST data) are retained for 7 years per the Australian Taxation Office requirements.

9. Cookies

We set a single HttpOnly session cookie after you sign in — it's needed for the site to remember you're logged in. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

10. Changes to this policy

We'll update the effective date above and notify members via email at least 14 days before any material change takes effect.

11. Contact

Questions or concerns: privacy@topcareplus.com.au · phone (03) 8612-1622.