Privacy Policy

Introduction

The Australian Child & Adolescent Mental Health Library respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website.

We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), which govern how personal information is handled by Australian entities.

Information We Collect

We may collect personal information that you voluntarily provide to us when you:

  • Contact us through our website
  • Subscribe to our newsletter
  • Submit feedback or suggestions
  • Participate in surveys or questionnaires
  • Use our mental health screening assessments (ADHD Vanderbilt, GAD-7, PHQ-9, K10)

The personal information we may collect includes:

  • Name (child's name for assessments)
  • Email address (optional for assessment results)
  • Contact information
  • Child's age (for age-appropriate recommendations)
  • Assessment responses and scores (health information)
  • Any other information you choose to provide

We may also automatically collect certain information when you visit our website, including your IP address, browser type, operating system, referring URLs, access times, and pages viewed. This information helps us understand how visitors use our website and improve user experience.

Assessment Data Storage

When you use our mental health screening assessments, we store your responses in a secure database to:

  • Provide you with ongoing access to your results
  • Allow you to share results with healthcare providers or teachers
  • Enable multiple related assessments under one profile

Important: All assessment data is automatically deleted after 90 days. We send reminder notifications 7 days and 3 days before deletion.

How We Use Your Information

We collect and use your personal information for the following purposes:

  • To provide and maintain our website
  • To respond to your inquiries and requests
  • To send newsletters, updates, and information you have requested
  • To improve our website and user experience
  • To analyze usage patterns and trends
  • To protect our website against unauthorized access

We will only collect personal information that is necessary for one or more of our functions or activities, and will do so by lawful and fair means.

Disclosure of Your Information

We will not share, sell, rent, or disclose your personal information to third parties except:

  • With your consent
  • To comply with legal obligations
  • To protect and defend our rights and property
  • To prevent or investigate possible wrongdoing in connection with the website
  • To protect the personal safety of users of the website or the public
  • To service providers who assist us in operating our website, conducting our business, or serving our users, provided those parties agree to keep this information confidential

Security of Your Information

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

Assessment Data Security Measures

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security)
  • Encryption at Rest: Assessment data is encrypted at rest using AES-256 encryption in our database (Supabase Pro)
  • Regional Storage: All data is physically stored in Australian data centers (AWS Sydney region)
  • Row Level Security (RLS): Database-level access controls ensure users can only access their own data
  • Anonymous Reference IDs: Assessments are linked using anonymous UUIDs, not personal identifiers
  • Special Privacy Protection: PHQ-9 Question 9 (suicide ideation) responses are NEVER stored in the database - only a boolean flag for crisis resource provision
  • Automatic Deletion: All assessment data is automatically and permanently deleted after 90 days

However, please note that no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security. We continuously review and update our security practices to maintain the highest standards of data protection.

Overseas Data Disclosure (APP 8)

We are committed to transparency about how your data is handled, including any potential overseas access.

Infrastructure Provider

Our assessment data is stored using Supabase Inc., a United States-based company (registered in Delaware). While Supabase is a US company, they provide important safeguards:

  • Physical Data Location: All your data is physically stored in Australian data centers (AWS Sydney region) and never leaves Australia under normal operations
  • Potential US Access: Supabase support engineers (based in the United States) may access data for technical troubleshooting, system maintenance, or security incident response. This access is:
    • Limited to authorized personnel only
    • Strictly controlled and logged
    • Only used for legitimate business purposes
    • Subject to confidentiality obligations

Safeguards for Overseas Access

Supabase maintains the following safeguards to protect your information when accessed overseas:

  • GDPR Compliance: Supabase complies with EU General Data Protection Regulation standards
  • SOC 2 Type II Certification: Independent audit of security, availability, and confidentiality controls
  • End-to-End Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Row Level Security (RLS): Database-level access controls limit what can be accessed
  • Audit Logging: All administrative access is logged and monitored
  • Data Processing Agreement: Contractual obligations for data protection and privacy

Your Rights

Under APP 8, you have been notified that your personal information may be accessed by overseas recipients (Supabase engineers in the United States). You have the right to:

  • Request information about overseas disclosures
  • Lodge a complaint about how your information is handled overseas
  • Request deletion of your data at any time (which removes it from all locations)
  • Choose not to use the assessment service if you do not consent to this arrangement

Important: By using our assessment services, you acknowledge and consent to this arrangement. If you do not consent to potential overseas access to your data, please do not use the assessment features. You may still access all other parts of our website (articles, resources, etc.) which do not involve data storage.

Marketing Communications (APP 7)

We provide you with the option to receive marketing communications about child mental health resources and educational content. This is entirely optional and separate from your assessment consent.

What Marketing Communications Include

If you have opted in to receive marketing communications, we may use your email address to send you:

  • Educational articles and resources about child mental health
  • Information about new assessment tools or features on our platform
  • Mental health awareness campaigns and events
  • Updates about our services and educational content
  • Relevant research findings and evidence-based parenting tips

Important Protections

  • No Sensitive Information: We will NEVER include your assessment results, scores, or any health information in marketing emails
  • Email Only: We will only use your email address for marketing - no other personal information
  • Opt-in Required: Marketing consent is entirely optional and not required to use assessments
  • Easy Unsubscribe: Every marketing email includes a clear unsubscribe link
  • No Third-Party Sharing: We will never sell or share your email address with third parties for their marketing purposes
  • Separate from Assessment: Unsubscribing from marketing does NOT affect your assessment access or results

Your Marketing Rights (APP 7)

You have the following rights regarding marketing communications:

  • Withdraw consent at any time by clicking "unsubscribe" in any marketing email
  • Request what marketing data we hold about you
  • Request correction of your email address
  • Request complete deletion of your marketing preferences
  • Contact us directly at mimixu@child-psychiatrist.com.au to manage your preferences

How to Unsubscribe

You can unsubscribe from marketing communications at any time:

Important: Unsubscribing from marketing will NOT delete your assessment data or affect your ability to access your results. These are managed separately.

Frequency: We typically send marketing emails no more than once per week, and you can adjust your preferences at any time.

How We Store Your Marketing Consent

When you opt in to marketing communications, we store the following information:

  • Your email address (lowercase, for reliable matching)
  • Consent status (whether you've consented or unsubscribed)
  • Date and time of consent
  • Consent source (e.g., "assessment", "newsletter signup")
  • Unsubscribe token (secure, random identifier for one-click unsubscribe)
  • Unsubscribe date (if applicable)

Retention: Marketing consent records are retained for compliance purposes. However, once you unsubscribe, we immediately stop sending marketing emails. You can request complete deletion of your marketing consent record by contacting us.

Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access personal information we hold about you (APP 12)
  • Request correction of inaccurate, incomplete, or outdated personal information (APP 13)
  • Request deletion of your personal information (APP 13)
  • Opt out of receiving marketing communications from us
  • Make a complaint about our handling of your personal information

Self-Service Data Rights for Assessments

For assessment data, you can exercise your rights immediately through our self-service APIs:

📥 Access Your Data (APP 12):

Visit your assessment results page and use the "Download My Data" option, or access: /api/assessment/data-access?referenceId=YOUR_ID

🗑️ Delete Your Data (APP 13):

Use the "Delete All My Data" option on your results page. This permanently deletes all assessments, profiles, and associated data immediately.

✏️ Correct Your Data:

Contact us at mimixu@child-psychiatrist.com.au to update incorrect information.

For general inquiries or to exercise your rights for non-assessment data, please contact us using the details below.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected:

  • Assessment Data: Automatically deleted after 90 days from creation
  • Email Subscriptions: Retained until you unsubscribe
  • Contact Form Submissions: Retained for up to 12 months
  • Website Analytics: Aggregated data retained indefinitely (no personal identifiers)

You will receive email reminders 7 days and 3 days before your assessment data is automatically deleted. You can request early deletion at any time using the self-service options above.

Children's Privacy

While our website provides information about child and adolescent mental health, it is not directly targeted at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so that we can take appropriate action.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Data Breach Notification

In accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988, we are committed to protecting your personal information from unauthorized access or disclosure.

If we become aware of a data breach that is likely to result in serious harm to individuals whose personal information is involved, we will:

  • Notify affected individuals as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC)
  • Provide information about the breach, the kind of information involved, and recommended steps to mitigate harm
  • Take immediate action to contain and remedy the breach

Our security measures include encryption, access controls, regular security audits, and incident response procedures designed to prevent and respond to potential breaches.

Complaints

If you have a complaint about how we have handled your personal information, please contact us first at mimixu@child-psychiatrist.com.au. We will investigate your complaint and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au
  • Mail: GPO Box 5218, Sydney NSW 2001

Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at mimixu@child-psychiatrist.com.au.

Last Updated: 3 March 2026

← Back to home