AussiePharmacies AussiePharmacies

Privacy Policy

Last updated: 7 June 2026

1. About this policy

This Privacy Policy explains how AussiePharmacies (“AussiePharmacies”, “we”, “us”, “our”) collects, uses, discloses and stores personal information when you visit aussiepharmacies.com or use our services, including our pharmacy directory, dashboard, AI tools and communication features.

We aim to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), to the extent they apply to our business. By using our services, you agree to the handling of your personal information in accordance with this Privacy Policy.

2. What information we collect

We collect information that you provide directly, information collected automatically when you use the service, and information from third parties where appropriate.

2.1 Information you provide

  • Account details such as name and email address. If you sign up with email and password, your password is handled by Firebase Authentication — we do not store passwords on our servers. You may also sign in with Google.
  • Profile details such as pharmacist / intern status, country, phone number (including for verification), and information you add to your profile.
  • Content and data you enter into the platform, including notes on pharmacies, internship applications, interviews, offers, email and call templates, and any messages you draft or send using our tools.
  • Communications you send to us, such as support requests, feedback or survey responses.

2.2 Data collected when you use the service

We collect and store different types of information depending on how you use AussiePharmacies. We do not log every click or page view on our servers. In practice:

Stored as part of your account

  • Pharmacy shortlist entries, status changes (e.g. contacted, interview, offer), notes and related dashboard data.
  • Full history of emails you send through the platform (subject, body, recipient, delivery and open/click status where tracking applies).
  • Call history, summaries and related metadata for browser-based, direct bridge, and AI-assisted calls made through the platform.
  • Templates you create and subscription / usage information.

Recorded in our server activity log

We log specific server-side events linked to your account, such as:

  • Emails sent through the platform (including transport used — Gmail or AussiePharmacies).
  • Gmail account connect and disconnect events.
  • Browser-based, direct bridge, or AI-assisted calls initiated, completed or failed.
  • Certain administrative or billing actions affecting your account.

Client-side analytics

We use Google Tag Manager on our website, which may load tags such as Google Analytics and Meta Pixel. These tools may collect page visits and marketing events (for example, registration or subscription completion). See Section 5 for more detail.

Technical data

Our hosting infrastructure and security controls may process limited technical data (such as IP address or browser type) to deliver the service, apply rate limits and protect against abuse. We do not maintain a comprehensive log of every user's IP address or device identifier in our application database.

2.3 Browser-based calling (Pro Plus)

If you use Browser Call, your web browser will ask for permission to access your microphone (and may use your speakers or headphones for audio output). Audio is transmitted in real time through our telephony provider (Twilio) to connect you with the pharmacy. We do not store raw microphone audio in your account; however, calls may be recorded and transcribed to generate the call summary shown in your dashboard, consistent with our other calling features.

Browser Call does not require phone verification. Direct Bridge Calling uses your verified mobile number separately and does not share the same audio path.

This information is personal information when it can reasonably identify you or be linked to your account.

2.3 Information from third parties

We may receive limited personal information from:

  • Payment providers (for example, confirmation that a payment was successful and basic billing information).
  • Analytics, communications and infrastructure providers that help us operate and improve the service.
  • Google OAuth tokens and your Gmail address, when you choose to connect your Gmail account for our email sending feature (see Section 2A).

2A. Google User Data (Gmail Integration)

AussiePharmacies integrates with Google's Gmail API to allow you to send emails directly from your Gmail account to pharmacies listed in our directory. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access and collect

When you connect your Gmail account, we request the following OAuth permissions:

  • Send email on your behalf (https://www.googleapis.com/auth/gmail.send) — to send emails you compose and initiate within our platform to pharmacy email addresses you select.
  • Identity scopes (openid, email, profile) — to confirm which Google account you connected. We use these only to obtain your Gmail address and Google's stable user identifier; we do not store your Google profile name or photo.

We store your Gmail address, Google's user identifier (googleSub), the list of scopes granted, and encrypted OAuth tokens (access and refresh tokens).

We do not request access to read, modify, delete, or otherwise access your Gmail inbox, drafts, sent items, contacts, settings, or any other Gmail data beyond what is described above.

Important: Google's data practices

AussiePharmacies' responsibility: We use Google user data only as described in this section and in accordance with the Google API Services User Data Policy.

Google's responsibility: Google processes data flowing through Gmail APIs according to Google's own privacy policies. We encourage you to review Google's Privacy Policy and Terms of Service.

How AussiePharmacies uses Google user data

Google user data accessed through our Gmail integration is used solely for:

  • Sending emails that you explicitly compose and initiate within AussiePharmacies.
  • Authentication of Gmail API requests when you send an email.
  • Account management — displaying which Gmail account is connected in your settings.

We do not use Google user data for advertising, profiling, training AI or machine learning models, selling to data brokers, or any purpose other than enabling the email sending feature you have opted into.

Email delivery options and related processing

Gmail is one of two email transport options on our platform. You may also send emails through AussiePharmacies' own email delivery provider (Resend), which sends from our infrastructure rather than your Gmail account.

  • If you choose Gmail but it is unavailable (for example, not connected or authorization expired), we may automatically send your email via Resend instead, unless that option is disabled on your deployment.
  • Before any pharmacy email is sent (via Gmail or Resend), the subject and body you compose are sent to DeepSeek, a third-party AI service, to check that the email is job-related. This uses the content you wrote — not your Gmail inbox — and is described further in Section 7.

Email open and click tracking (Gmail sends)

When you send email via Gmail, open and click tracking is enabled by default. We may inject a small invisible tracking image and rewrite links in your email so we can show you when a recipient opens the email or clicks a link. You can turn this off in Settings → Gmail → Track email opens and clicks. Tracking applies to Gmail sends only; emails sent via AussiePharmacies (Resend) use delivery webhooks instead.

How we store Google user data

To avoid requiring you to reconnect Gmail on every visit, we securely store your Gmail OAuth tokens on our servers. These tokens are:

  • Encrypted at rest using AES-256-GCM.
  • Never sold or used for advertising.
  • Used exclusively to authenticate Gmail API requests when you initiate an email send.
  • Deleted when you disconnect Gmail or delete your AussiePharmacies account.

Sharing of Google user data

We do not sell Google user data. We do not disclose Google OAuth tokens to advertisers, data brokers, or analytics platforms.

Encrypted tokens and connection metadata are stored in our database hosting environment (see Section 7). Google receives OAuth tokens and sent message content when you send email through the Gmail API, as required for that service to function.

We may disclose Google user data where required by law or a valid court order.

Revoking Gmail access

Connecting your Gmail account is entirely optional. You can disconnect at any time by:

  • Going to Settings → Gmail → Disconnect within our platform, or
  • Visiting myaccount.google.com/permissions and revoking access for AussiePharmacies directly.

Upon disconnection, your Gmail OAuth tokens are deleted from our systems and we attempt to revoke access at Google. You will not be able to send emails via Gmail through our platform until you reconnect.

3. Why we collect and use your information

We only collect personal information where it is reasonably necessary for our functions or activities.

We use the information described above for the following purposes:

Providing and operating the service

  • Creating and managing your account and subscription.
  • Allowing you to search and filter pharmacies, use map and directory tools, track leads, interviews and offers, and send messages via the platform.
  • Running AI-assisted features such as suggested templates, email moderation, AI phone calls, call transcription and summaries.
  • Verifying your phone number (required for Direct Bridge Calling) and facilitating browser-based, direct bridge, or AI-assisted calls to pharmacies.
  • Enabling browser-based calling through your device's microphone and speakers when you choose that option (see Section 2.3 below).
  • Tracking email delivery, opens and clicks where you have enabled or not disabled those features.

Logging, security and misuse prevention

  • Recording specific server-side events (such as emails sent, integrations connected, and calls made) to secure accounts, detect suspicious activity, and enforce our terms of use.
  • Monitoring system performance, preventing fraud and abuse, and protecting the rights, property and safety of users and AussiePharmacies.

Support and troubleshooting

  • Using detailed activity logs so support staff can understand and resolve issues you report (for example, seeing which page, feature or step failed).

Analytics and service improvement

  • Analysing how users interact with features so we can improve the directory, outreach tools and dashboard, and make informed product decisions.
  • Creating aggregated or de‑identified statistics about platform usage.

Communications

  • Sending service‑related messages (for example, account notices, trial expiry reminders, subscription changes, or material updates to our terms).
  • Sending optional product tips or marketing communications, where permitted, which you can opt out of at any time.

Legal and compliance

  • Complying with legal obligations, responding to lawful requests, and managing disputes or regulatory matters.

We do not use detailed activity logs for unrelated purposes that are inconsistent with this policy, such as selling behavioural profiles to third parties.

4. Administrator access to user data and activity logs

Because AussiePharmacies is a hosted service, certain staff and administrators have access to your information:

Authorised personnel may access your account details, content and activity logs of user actions where reasonably necessary to:

  • Provide support and troubleshoot issues.
  • Investigate security incidents, misuse or technical problems.
  • Maintain and improve the service and infrastructure.
  • Comply with legal or regulatory obligations.

Access is role‑based and limited to staff who need it to perform their duties, and those staff are subject to confidentiality obligations.

5. Cookies and tracking technologies

We and our service providers use cookies, browser storage and similar technologies:

  • Authentication: When you are signed in, your browser sends a Firebase ID token with requests. We do not primarily rely on our own session cookies for login.
  • Preferences: We may store preferences (such as theme) in your browser's local storage.
  • Google Tag Manager: We use Google Tag Manager on our site. It may load third-party tags such as Google Analytics and Meta Pixel, which may set cookies and collect usage and marketing events.
  • Gmail OAuth: During Gmail connection, PKCE state is stored temporarily in session storage.
  • Email tracking: For Gmail sends with tracking enabled, we use a first-party invisible pixel and link redirects to record opens and clicks (see Section 2A).

You can adjust your browser settings to reject cookies, but some features of the service may not function properly if cookies or storage are disabled. You can also use browser add-ons or platform controls to limit analytics and advertising cookies where available.

7. Disclosure of personal information

We may disclose personal information to:

  • Service providers who assist us in operating the service (see categories below).
  • Professional advisers (for example, lawyers, accountants and auditors) where reasonably necessary.
  • Actual or potential acquirers of our business or assets, subject to confidentiality obligations.
  • Law enforcement, regulators or other parties where required or authorised by law, or where reasonably necessary to protect our rights, users or the public.

We do not sell personal information for monetary consideration.

Types of service providers

We use third-party providers in the following categories. Each category may involve one or more companies, and each provider handles data according to its own privacy policy:

  • Authentication and account security — sign-in, identity verification and account management (for example, Firebase / Google).
  • Cloud hosting and data storage — running the platform and storing your account data, including encrypted Gmail OAuth tokens.
  • Email delivery — sending email from your connected Gmail account (Google Gmail API) or via AussiePharmacies platform email when you choose or fall back to that option.
  • AI and content processing — checking that outgoing emails are job-related and generating call summaries or analysis from content you initiate through the platform.
  • Telephony — phone verification, browser-based calls (WebRTC), direct bridge calls, AI-assisted calls, and related recordings or transcripts where those features are used (for example, Twilio).
  • Payments — subscription billing and payment processing (for example, Stripe).
  • Website analytics and advertising measurement — understanding site usage and measuring sign-ups or subscriptions (for example, through Google Tag Manager, Google Analytics, or Meta).
  • Maps — displaying pharmacy locations on the directory map.

Google user data: We do not sell Google OAuth data or use it for advertising. Google OAuth tokens are not shared with analytics or marketing providers. Data sent through the Gmail API is processed by Google as described in Section 2A.

8. Overseas disclosure

Many of our service providers are located outside Australia (commonly in the United States) or process data in other countries — including providers used for authentication, cloud hosting, email, payments, analytics, telephony, AI processing, and maps.

Where practicable, we take reasonable steps to ensure that such providers handle personal information in a manner consistent with this Privacy Policy and the Australian Privacy Principles.

9. Data security

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure, including:

  • Technical safeguards such as secure hosting, access controls, encryption in transit where appropriate, and logging of administrative access.
  • Organisational measures such as limiting access to staff who need it and applying internal policies on handling user data.

No online service can be completely secure. You are responsible for keeping your password safe and for any activity under your account if you fail to do so.

10. Retention and de‑identification

We keep personal information only for as long as reasonably necessary for the purposes described in this policy, or as required by law.

In practice:

  • Active account: Personal information — including your profile, pharmacy notes, email and call history, templates, and activity logs — is retained for as long as your account remains active and as needed to provide the service.
  • Gmail OAuth tokens: Retained only while your Gmail account is connected. Deleted when you disconnect Gmail or delete your AussiePharmacies account.
  • Account deletion: When you delete your account, we promptly delete personal information from our primary systems, including email history, activity logs, templates, profile data, and Gmail connection data. Deletion is generally immediate rather than subject to a long grace period.
  • Legal and security exceptions: We may retain minimal records where required by law, to prevent fraud, or to resolve disputes.
  • Hosting backups: Our database hosting provider may retain backup copies for a short period before they are overwritten. We do not control the exact duration of those backup cycles.
  • Third-party processors: Information previously transmitted to service providers (for example, for email delivery, AI moderation, or call processing) may remain on their systems according to their own retention policies. Deleting your AussiePharmacies account does not automatically delete data held by third parties.

11. Your rights and choices

Requests to AussiePharmacies

Subject to applicable law, you may contact us at support@aussiepharmacies.com to:

  • Request access to the personal information we hold about you.
  • Request correction of personal information that is inaccurate, out-of-date or incomplete — including your display name if you entered it incorrectly when first setting up your account. We will update it for you; in-app editing of your saved name is not currently available after initial submission.
  • Opt out of marketing communications at any time by following the unsubscribe link or contacting us directly.

We may need to verify your identity before responding to certain requests and may decline where an exception under the Privacy Act applies.

What you can manage in the app

Without contacting support, you can:

  • Delete your account and associated data via Settings, subject to legal and operational limits.
  • Disconnect Gmail in Settings, which deletes your OAuth tokens from our systems.
  • Turn off email open/click tracking for Gmail sends in Settings (tracking is on by default).
  • Choose your default email sender (Gmail or AussiePharmacies) in Settings.
  • Update parts of your profile on the Templates page — such as your “about” text, document links, and phone verification — where those features are available on your plan.
  • Manage billing through the Stripe customer portal linked from Settings.

Your email address is tied to your login and is shown in Settings for reference. To change the email address used to sign in, contact us at support@aussiepharmacies.com.

12. Third‑party sites and services

Our service may link to third‑party websites or integrate with third‑party tools. Those third parties are responsible for their own privacy practices, and this policy does not apply to them. You should review their privacy policies before providing them with personal information.

Regarding Google services: While AussiePharmacies complies with this Privacy Policy, Google's use of data is governed by Google's own policies. We encourage you to review Google's Privacy Policy and Google's Terms of Service.

13. Contacting us

If you have questions please contact:

Email: support@aussiepharmacies.com

We will respond within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) for further guidance.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or legal requirements.

The updated version will be posted on this page with a new “Last updated” date. Where changes are material (particularly regarding Google user data), we will take reasonable steps to notify you (for example, by email or an in‑app notice). Your continued use of the service after the updated policy takes effect will indicate your acceptance of those changes.

15. Acceptance of this Policy

By accessing or using our website, software, or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. Your use of the site or software constitutes an explicit acceptance of this policy.