If you have questions about this Policy, contact: carenessplatform@gmail.com. Careness (the “Platform”, “we”, “us”) is the data controller for the purposes of this Policy. This Policy explains how we collect, use, disclose, retain and protect personal and sensitive information in connection with the Platform.
We collect and process personal information and Sensitive Information (as defined in the Privacy Act 1988 (Cth)) to provide the Platform’s matching, scheduling, communication and payment services, to protect user safety, and to meet legal obligations. This Policy applies to Seekers and Advisors who use the Platform and to visitors of our website.
We follow the Australian Privacy Principles (APPs) and, where applicable, GDPR/UK GDPR and other regional privacy laws. We apply data minimisation, purpose limitation, access controls, encryption, and accountability across our operations.
We process personal information and Sensitive Information under the following legal bases:
These legal bases explain why we collect each category of data and how we are permitted to process it under the Privacy Act 1988 (Cth).
We collect IP address, device and browser information, pages visited, registering your timezone for purposes of booking, and diagnostic logs to secure the Platform, detect abuse, and improve performance. Legal basis: legitimate interest.
We collect questionnaire answers (language, coping styles, trauma history, vulnerability levels) only with explicit informed consent. This data is used solely to generate match suggestions and to support safety protocols. If you withdraw consent we will stop processing new matching uses of that data, but we may retain limited records as required by law.
Name, email, date of birth (to verify age), emergency contact, and billing address are collected to create accounts, communicate, and comply with safety and legal obligations. Legal basis: performance of contract; safety obligations.
For Advisors we collect proof of enrollment, identity documents, bank account details, and tax identifiers to verify credentials and process payouts. Legal basis: performance of contract; legal obligation.
We store transaction history, subscription status, and payment confirmations. Full card numbers are not stored; Stripe processes payments. Legal basis: performance of contract.
Match scores, session ratings, cancellation frequency, and feedback are used to improve matching and platform quality. Legal basis: legitimate interest.
We will obtain explicit, informed consent before collecting Sensitive Information. Consent is recorded and can be withdrawn at any time by contacting carenessplatform@gmail.com or via account settings. Withdrawal will not affect processing already lawfully completed but may limit your ability to use matching features.
Access to Sensitive Information is restricted to authorised personnel on a strict need‑to‑know basis (Trust & Safety, legal, or support staff). Sensitive Information is encrypted at rest and in transit and subject to additional logging and monitoring.
We share data with third‑party service providers who perform services on our behalf under written contracts requiring confidentiality and security. Key categories: hosting (DigitalOcean), payments (Stripe), email/SMS providers, TURN/STUN/TURN providers for WebRTC, analytics, and monitoring. We maintain a current list of subprocessors and will provide details on request.
We will disclose personal information where required by law, to prevent imminent harm, or to comply with mandatory reporting obligations (for example, child abuse reporting). We will notify users of compelled disclosures unless legally prohibited.
We may share aggregated, de‑identified statistics for research or marketing; such data cannot reasonably be re‑identified.
Your data may be transferred to countries outside Australia (for example, the United States) where our processors operate. Where we transfer data overseas we will implement appropriate safeguards such as standard contractual clauses, processor agreements, or obtain your explicit consent where required. By providing your personal information to us, you consent to the disclosure of your information outside Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with Australian Privacy Law.
We require encryption in transit and contractual commitments from our processors to protect your data. We rely on adequacy decisions or standard contractual clauses where applicable for transfers to third countries.
When you request deletion we will remove identifiable profile data within 30 days where possible, but we will retain archived safety logs and limited metadata where required by law. Archived records are encrypted and access‑restricted.
You have the right to access, correct, restrict, port, or delete your personal information, and to withdraw consent for Sensitive Information. For EU/UK users, you also have the right to object and to lodge a complaint with a supervisory authority.
Submit requests to carenessplatform@gmail.com with “Data Subject Request” in the subject line. We will verify your identity and respond within 30 days (or sooner where required by law). If we refuse a request we will explain the reasons and provide appeal options.
We use industry standard protections including TLS for data in transit, AES‑256 encryption at rest, role‑based access controls, logging, and regular security testing. We limit access to production systems and use multi‑factor authentication for administrative accounts.
In the event of a data breach likely to result in serious harm, we will take immediate steps to contain and remediate the incident and will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law, ordinarily within 72 hours of becoming aware where practicable. We will also notify other regulators or supervisory authorities as required.
We present a cookie consent banner on the first visit that allows users to accept or decline non‑essential cookies. Functional cookies required for the Platform will be set regardless of consent; analytics and advertising cookies require opt‑in.
Video and audio sessions are established using WebRTC P2P connections. Media streams are not recorded or stored by Careness by default.
To establish connections we may use STUN and TURN providers. TURN providers may relay media if P2P fails; in such cases media may traverse third‑party infrastructure. We log connection metadata (IP addresses, timestamps, duration, whether TURN was used) for security and troubleshooting. We minimise retention of such metadata and protect it with encryption and access controls.
The Platform is not intended for persons under 16 years of age. If we become aware that an account belongs to someone under 16 we will terminate the account and delete personal information except where retention is required by law.
We use third‑party service providers to operate the Platform. The primary processors we rely on include:
We maintain a current list of all subprocessors, their processing locations, and the categories of data they process. You may request the current list by emailing carenessplatform@gmail.com. We will notify users of material changes to our subprocessors where required by law or where a change materially affects how Sensitive Information is processed.
Careness utilises an automated algorithm to generate a “Match Score” that suggests compatible Advisors for Seekers. The algorithm weights self‑reported questionnaire data (for example, coping styles, preferred support styles, language) and other non‑sensitive signals to produce match suggestions.
The Match Score is a suggestion only. Seekers retain full control to select their Advisor and may ignore or override algorithmic suggestions. Careness maintains human oversight of the algorithm and periodically reviews its outputs for fairness, accuracy, and safety.
Careness does not use the content of private text messages, session media, or Sensitive Information (including trauma history and safety logs) to train external AI models or for any purpose beyond the specific service delivery and safety functions described in this Policy unless we obtain your explicit, informed consent. Aggregate, de‑identified data may be used to improve matching logic provided it cannot reasonably be re‑identified.
In Australia, Advisors and the Platform may be subject to legal and ethical obligations to disclose information without a user’s consent. We may disclose personal information where required by law, including but not limited to: (a) where there is a serious risk of imminent harm to you or others; (b) mandatory reporting obligations such as suspected child abuse under State or Territory law; or (c) in response to a valid subpoena, warrant, or court order.
Where practicable, Careness will notify you of compelled disclosures unless prohibited by law. Careness will only disclose the minimum information necessary to comply with the legal requirement and will document the disclosure in accordance with our internal policies.
To the extent Advisors maintain personal session notes, Careness generally defers to the Advisor regarding those notes; however, Careness will comply with lawful requests from authorities and will cooperate with investigations where required.
To create and maintain an account you must provide a valid email address and other required identifiers for verification and billing. These identifiers are necessary to provide the Platform, to verify age and identity, and to support safety and emergency protocols.
For safety reasons and to comply with applicable ethical obligations, Seekers must provide an emergency contact and real‑world contact information. This information is accessible only to Careness’ Trust & Safety team and, where necessary, to the Advisor in the event of a suspected immediate danger.
While Seekers may use a display name and control certain profile visibility settings, full anonymity is not possible on the Platform because of safety, legal, and billing requirements. If you require greater anonymity, please contact carenessplatform@gmail.com to discuss available options and limitations.
We may update this Policy. Material changes will be notified by email or prominent notice on the Platform. Continued use after notice constitutes acceptance.
For privacy enquiries or to exercise your rights contact: carenessplatform@gmail.com.
If you have a complaint about our handling of your personal information, please contact us at carenessplatform@gmail.com. We will investigate your complaint and notify you of our decision within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.