Privacy Policy
Effective date: [DD Month YYYY]
1. About this Policy
[ServuWell Pty Ltd] (ABN [XX XXX XXX XXX]) ("ServuWell", "we", "our", "us") respects your privacy and is committed to handling personal information responsibly and in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
This Privacy Policy explains how we collect, use, store and disclose personal information when you use www.servuwell.com, create an account, book or provide services through the platform, contact support, or otherwise interact with ServuWell.
ServuWell is an Australian platform that connects clients and business venues with independent beauty and wellness therapists. We are the platform operator. We are not the provider of the beauty or wellness services booked through the platform.
2. The information we collect
Depending on how you use ServuWell, we may collect:
Identity and account details
a) name b) email address c) mobile number d) date of birth e) profile image f) account preferences and login details
Booking and service information
a) suburb and location details b) service preferences c) booking details, including appointment date, time and venue type d) messages exchanged through the platform e) issue, dispute, cancellation and support history
Health and other sensitive information
Some beauty and wellness services require information about your health to be carried out safely. With your consent, and where you provide it through consultation forms or messages, we may collect health-related information such as skin conditions, allergies, sensitivities, pregnancy, medical contraindications or relevant medications. Health information is "sensitive information" under the Privacy Act and receives a higher level of protection. We collect it only where it is reasonably necessary for a safe and suitable service, and we use and disclose it only for that purpose or as otherwise permitted by law. You can choose not to provide it, but this may affect whether a service can be safely provided.
Payment and transaction information
Payments are processed through Stripe or related payment providers. We may receive transaction records, status updates, payout details, and limited payment-related metadata. We do not store full card details on our own systems where Stripe processes them. Electronic payment protections in Australia may also depend on your card issuer or payment provider, including under the ePayments Code.
Verification and compliance information
For therapist and provider accounts, we may collect and review:
a) identification documents b) ABN details c) qualifications or certificates d) insurance details e) business profile information f) other documents reasonably required for onboarding, verification or safety review
Device and usage information
We may collect technical information such as:
a) IP address b) browser and device type c) operating system d) pages viewed e) referral URLs f) app or website interaction data g) cookies and analytics data
3. How we collect information
We collect information:
a) directly from you when you sign up, complete your profile, submit forms, make a booking, apply as a therapist, upload documents, contact support, or message through the platform b) from Stripe and other service providers involved in payments, verification, hosting, analytics, customer support or fraud prevention c) from your use of the platform through cookies, analytics tools and technical logs d) in some cases, from third parties where reasonably necessary for verification, safety or legal compliance
Where it is reasonable and practicable, we collect personal information directly from you.
4. Why we collect and use information
We collect, hold, use and disclose personal information so we can:
a) create and manage your account b) verify identity, qualifications, ABN and insurance details where relevant c) facilitate bookings, payments, payouts and messaging d) show appropriate location information to support bookings e) provide customer support f) investigate complaints, incidents, cancellations, no-shows, disputes and suspected misuse g) improve platform performance, trust and safety h) comply with legal, tax, regulatory and risk-management obligations i) send service notices and, where permitted, marketing communications
We use and disclose personal information only for the purpose for which it was collected, for a related purpose you would reasonably expect, or as otherwise permitted under the Australian Privacy Principles.
5. Address and location privacy
ServuWell is designed to reduce unnecessary disclosure of exact location details.
a) Before a booking is confirmed, only limited location information such as the suburb may be shown. b) The exact service address is revealed only after an offer is accepted or a booking is otherwise confirmed, and payment is successfully processed or confirmed through the platform.
Users must not try to obtain, use, share or publish someone's private address or contact details outside the intended booking process.
6. Verification and trust and safety
To help maintain trust on the platform, ServuWell may review identity, business and provider documents, including ID, ABN, qualifications and insurance. An ABN can identify a business, but having an ABN alone does not decide whether someone is legally a contractor; that depends on the real working arrangement.
Verification is a platform screening measure only. It does not guarantee performance, suitability, conduct, legality or outcomes in every case.
7. Automated processes and decision-making
We use some automated processes to operate the platform, including to match requests with therapists, rank and display results, detect fraud or suspicious activity, and support verification and safety screening.
Where an automated process is used to make, or to substantially help make, a decision that could significantly affect your rights or interests, we will tell you about the kinds of personal information used and the kinds of decisions involved, in line with the Australian Privacy Principles. You can ask us about a decision that significantly affects you, and a person can review it on request where required by law.
8. Who we may disclose information to
We may disclose personal information to:
a) payment processors such as Stripe b) verification, fraud prevention and security providers c) hosting, cloud storage, analytics, communications and customer support providers d) therapists, clients or business venues where needed to facilitate a booking e) professional advisers, auditors and insurers f) regulators, law enforcement, courts or government agencies where required or authorised by law g) prospective buyers or investors if the business is restructured, merged or sold
We disclose information only where reasonably necessary for platform operations, support, safety, legal compliance or legitimate business purposes.
9. Overseas disclosure
Some service providers we use may store or process personal information outside Australia. Based on our current providers, this is likely to include the United States and other countries where our hosting, payment and technology providers operate. The list of countries may change as our providers change.
Where we disclose personal information overseas, we take reasonable steps to ensure it is handled consistently with the Australian Privacy Principles. If it is not practicable to specify every country at the time of collection, we will identify the relevant countries where we reasonably can.
10. Storage and security
We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. This includes access controls, role-based permissions, monitoring, and encryption or secure transmission where appropriate, together with vendor controls.
No method of transmission or storage is completely secure. You are responsible for keeping your login details confidential and for using the platform securely.
11. Data retention
We keep personal information for as long as reasonably necessary for:
a) providing the platform and support b) maintaining booking, payment and compliance records c) resolving disputes and incidents d) meeting legal, tax, accounting and regulatory obligations
When information is no longer required, we take reasonable steps to destroy or de-identify it.
12. Access and correction
You may request access to the personal information we hold about you, and ask us to correct information that is inaccurate, out of date or incomplete. We may need to verify your identity before processing a request. If we decline a request, we will tell you why where we are required to. To request access or correction, contact us using the details below.
13. Marketing communications
Where permitted, we may send you updates, offers and service communications, consistent with the Australian Privacy Principles and the Spam Act 2003 (Cth). Every marketing message will identify us and include an easy way to unsubscribe. You can opt out of marketing at any time using the unsubscribe link or by contacting us. We will still send you essential service messages about your account and bookings.
14. Cookies and analytics
We may use cookies, pixels and analytics tools to understand usage, improve performance, prevent fraud and support platform functionality. You can manage some cookie settings through your browser, although some features may not work properly if cookies are disabled.
15. Children
ServuWell is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information to us, please contact us so we can address it.
16. Data breach response
If we suspect that personal information has been lost, or accessed or disclosed without authorisation, we will assess the incident promptly, contain it where possible, and take appropriate remedial action. If the incident is an eligible data breach under the Notifiable Data Breaches scheme, we will notify affected individuals and the Office of the Australian Information Commissioner as required. Notification is required where a breach is likely to result in serious harm and that risk has not been removed through remedial action.
17. Complaints
If you have a privacy concern or complaint, please contact us first at contact@servuwell.com. We will review your complaint and respond within a reasonable period, usually within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at oaic.gov.au.
18. Changes to this Policy
We may update this Policy from time to time. The current version is the one published on our website, and material changes will be notified through the platform or by email.
19. Contact us
[ServuWell Pty Ltd] (ABN [XX XXX XXX XXX]) Email: contact@servuwell.com Website: www.servuwell.com