top of page

PRIVACY & PAYMENT POLICY

Hi, I’m Dylan - the therapist behind Flexion & Flow. Your privacy, safety, and trust are my top priorities. In this policy, I’ll explain what information I collect, how I use it, how long I keep it, and how it’s protected, all in line with Victorian and Australian legal requirements.

I comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Victorian Health Records Act 2001 (Vic) - ensuring your personal and health data is managed legally and ethically.

1. WHAT I COLLECT & WHY

I collect the following information when you engage with my services:

  • Personal and booking details - via Wix (full name, contact details, appointment info)

  • Payment information - processed securely via Stripe (I don’t see or store your credit card details)

  • Health and consent information - collected through Carepatron during intake (medical history, consent forms)

  • Website data & cookies - used to enhance your browsing and booking experience

2. HOW I USE YOUR INFORMATION

I only use your information for care-related purposes:

  • Managing and confirming appointments

  • Processing payments securely via Stripe

  • Collecting signed consent and intake forms for safety, compliance, and insurance

  • Providing aftercare and session reminders

  • Marketing communications only if you’ve opted in

  • Analysing anonymised data to improve my services

3. CREDIT CARD & PAYMENT POLICY

  • Payments are processed through Stripe, which uses advanced encryption to securely handle your data.

  • I never see or store your full credit card details (Stripe is PCI-DSS compliant).

  • Refunds and disputes are managed directly through Stripe’s systems, but please reach out to me first so we can resolve any issues if they were to arise.

  • During online payments, you may be directed to a Stripe-hosted checkout with links to my terms, privacy policy, and support contact.

4. RETENTION OF MEDICAL & CONSENT RECORDS

To remain compliant with law and insurance requirements:

  • I keep adult client records for a minimum of 7 years from the date of the last entry.

  • For clients who were under 18, I retain their records until they turn 25 years old.

  • If there is a medico-legal claim or complaint, I will retain relevant records indefinitely, or at least until 7 years after the client’s death.

  • When it's time to dispose of records, I follow strict procedures to securely destroy or de-identify them, and I keep a detailed log of the destruction process (including client name, record period, and deletion date).
     

5. HOW I KEEP YOUR DATA SAFE

Your privacy is protected using secure systems and best practices:

  • Wix (Website & Bookings): Stores booking and contact info safely.
    Read Wix’s Privacy Policy

  • Stripe (Payments): Manages all payment data with robust encryption and compliance.
    Read Stripe’s Privacy Policy

  • Carepatron (Health Intake & Consent): Stores sensitive health and consent information securely.
    Read Carepatron’s Privacy Policy

6. YOUR RIGHTS UNDER VICTORIAN & AUSTRALIAN LAW

You have full control over your personal and health data:

  • Access your records

  • Request corrections

  • Withdraw consent for marketing at any time

  • Request deletion of your data (unless I am legally required to retain it e.g. for insurance or legal reasons)

7. CONTACT

If you’d like to discuss how your information is handled or exercise any of your privacy rights, please reach out:

Dylan Ennis - Flexion & Flow
Email: dylan@flexionandflow.com.au
Phone: 0420 435 950

bottom of page