top of page
​

PRIVACY & PAYMENT POLICY

​Hi, I’m Dylan - the therapist behind Flexion & Flow. Your privacy, safety, and trust are my top priorities. In this policy, I’ll explain what information I collect, how I use it, how long I keep it, and how it’s protected, all in line with Victorian and Australian legal requirements.

​

I comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Victorian Health Records Act 2001 (Vic) - ensuring your personal and health data is managed legally and ethically.

​

1. WHAT I COLLECT & WHY

I collect the following information when you engage with my services:

  • Personal and booking details - via Wix (full name, contact details, appointment info)

  • Payment information - processed securely via Stripe (I don’t see or store your credit card details)

  • Health and consent information - collected through Carepatron during intake (medical history, consent forms)

  • Website data & cookies - used to enhance your browsing and booking experience

​

2. HOW I USE YOUR INFORMATION

I only use your information for care-related purposes:

  • Managing and confirming appointments

  • Processing payments securely via Stripe

  • Collecting signed consent and intake forms for safety, compliance, and insurance

  • Providing aftercare and session reminders

  • Marketing communications only if you’ve opted in

  • Analysing anonymised data to improve my services

​

3. CREDIT CARD & PAYMENT POLICY

  • Payments are processed through Stripe, which uses advanced encryption to securely handle your data.

  • I never see or store your full credit card details (Stripe is PCI-DSS compliant).

  • Refunds and disputes are managed directly through Stripe’s systems, but please reach out to me first so we can resolve any issues if they were to arise.

  • During online payments, you may be directed to a Stripe-hosted checkout with links to my terms, privacy policy, and support contact.

​

4. RETENTION OF MEDICAL & CONSENT RECORDS

To remain compliant with law and insurance requirements:

  • I keep adult client records for a minimum of 7 years from the date of the last entry.

  • For clients who were under 18, I retain their records until they turn 25 years old.

  • If there is a medico-legal claim or complaint, I will retain relevant records indefinitely, or at least until 7 years after the client’s death.

  • When it's time to dispose of records, I follow strict procedures to securely destroy or de-identify them, and I keep a detailed log of the destruction process (including client name, record period, and deletion date).
     

5. HOW I KEEP YOUR DATA SAFE

Your privacy is protected using secure systems and best practices:

  • Wix (Website & Bookings): Stores booking and contact info safely.
    Read Wix’s Privacy Policy

  • Stripe (Payments): Manages all payment data with robust encryption and compliance.
    Read Stripe’s Privacy Policy

  • Carepatron (Health Intake & Consent): Stores sensitive health and consent information securely.
    Read Carepatron’s Privacy Policy

​

6. YOUR RIGHTS UNDER VICTORIAN & AUSTRALIAN LAW

You have full control over your personal and health data:

  • Access your records

  • Request corrections

  • Withdraw consent for marketing at any time

  • Request deletion of your data (unless I am legally required to retain it e.g. for insurance or legal reasons)

​

7. CONTACT

If you’d like to discuss how your information is handled or exercise any of your privacy rights, please reach out:

​​

Dylan Ennis - Flexion & Flow
Email: dylan@flexionandflow.com.au
Phone: 0420 435 950

bottom of page