Privacy Policy
Ponder ("we", "our", "us") is committed to protecting your privacy. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our application and website.
The short version
We don't sell your data. We never have, and we never will.
Your CPD content is stored in Australia on Microsoft Azure, encrypted in transit and at rest.
We don't use your CPD notes to train AI models. What you write stays yours.
A handful of trusted providers help us run Ponder (Stripe for payments, Mailchimp for emails, Google Analytics for site traffic) — see Section 7 for exactly who and why.
You're always in control of your data: you can access it, correct it, export it, or ask us to delete it at any time.
This summary is a guide only. The full policy below sets out our complete obligations and applies in all cases.
On this page
Information we collect
We collect only what we need to run Ponder and help you manage your CPD. This includes:
Account details: name, email address, and password (stored as a secure hash — we never see or store your password in plain text).
CPD content: learning plans, CPD activity records, reflective notes, attachments, and other information you enter into the app.
Support information: details you provide when contacting us for help (e.g. emails, chat messages).
Technical and usage data: device type, operating system, crash logs, and app usage patterns.
Payment details: if you purchase a subscription, payments are processed securely by our third-party provider, Stripe. We do not store your full credit card details on our servers — see Section 7 for more on how Stripe handles this.
Marketing and analytics data: when you use our website or app, we collect information through cookies and similar technologies (Google Analytics, Mailchimp email engagement tracking) to understand usage and improve our services. You can disable cookies in your browser, but some features may not function as intended.
Client data
Ponder is a professional development log — it is not a clinical record-keeping system. You must not enter any information that could identify a client into any field within the app, including names, dates of birth, contact details, case or file numbers, or any other identifying detail. If you need to reference a client interaction for reflection, use a non-identifiable summary, initials, or a pseudonym only.
Entering identifiable client information into Ponder is a breach of our Terms of Service. We accept no responsibility or liability for any client information entered in breach of this clause, and we may remove the relevant content or take account action — including suspension or termination — if it occurs.
How we collect information
We collect personal information in the following ways:
Directly from you when you register, log CPD activities, make payments, or contact support.
Automatically through your use of the app and website (technical and analytics data).
We don't collect personal information about you from any other source unless you've given it to us directly or it's generated automatically through your use of Ponder.
How we use your information
We use your information to:
Provide and improve app features (CPD logging, compliance dashboards, logbook export).
Help you manage CPD requirements and reminders.
Process payments and manage subscriptions.
Communicate with you about updates, support, and security.
Analyse app and website usage to improve performance.
Comply with our legal obligations.
We will not use your personal information for other purposes without your consent, unless required by law. We do not use the personal information you enter into Ponder, including CPD content and reflective notes, to train artificial intelligence or machine learning models.
Marketing communications
When you create a Ponder account, your email address is added to our mailing list (we use Mailchimp) so we can send you service-related communications — CPD reminders, product updates, and relevant CPD events. We rely on the fact that you have an ongoing relationship with us to send these, in line with the Spam Act 2003 (Cth).
If we ever want to send broader marketing content unrelated to your use of Ponder, we'll ask for your separate consent first.
Every email we send includes a functional, one-click unsubscribe link. Unsubscribing won't affect your ability to use Ponder or receive essential account and billing notices — it only stops marketing and reminder emails.
How we store and protect your information
Data is stored securely on Microsoft Azure servers located in Australia.
Data is encrypted in transit (HTTPS/TLS) and at rest (AES-256 encryption).
Payment details are handled entirely by Stripe and are never stored on our servers.
Access to data is restricted to authorised staff under confidentiality agreements, on a need-to-know basis.
All staff accounts with access to critical systems use multi-factor authentication (MFA) and follow Microsoft's recommended security baseline.
We regularly review and update our security measures as our systems and the threat landscape evolve.
Cross-border data flows
Your core account and CPD data is hosted in Australia. A small number of trusted service providers help us run parts of Ponder, and some of these providers operate, or store backups, overseas. We only share the minimum information each provider needs to perform their function, and we take reasonable steps to ensure they handle it in a manner consistent with the APPs.
| Provider | Purpose | What they receive | Location |
|---|---|---|---|
| Microsoft Azure | Application hosting and data storage | All account and CPD content | Australia |
| Stripe | Payment processing | Payment and billing details | United States / global |
| Mailchimp | Email communications | Name and email address | United States |
| Google Analytics | Website and app usage analytics | Device and usage data (no CPD content) | United States / global |
We don't transfer your personal information overseas for any other purpose. If this list changes, we'll update this policy and notify account holders.
Sharing your information
We do not sell your personal information, and we never will.
We may share limited information with:
The service providers listed in Section 6, strictly for the purposes described there.
Regulators or law enforcement, if required by law.
We do not share your personal information with any other third party for their own marketing or commercial purposes.
Access and correction
You can view and update most of your account and CPD information directly within the app at any time. For anything you can't update yourself, you may request access to the personal information we hold about you, or request a correction if anything is inaccurate, by contacting us at support@pondercpd.com. We'll respond within a reasonable time, and free of charge in the vast majority of cases.
Retention and deletion
We keep your personal information for as long as you maintain an account with us. What happens next depends on what's actually happened to your account:
If your payment lapses or your subscription isn't renewed
Your account is paused, not deleted. Your CPD data is retained in full and your access is restored as soon as your payment details are updated. If an account remains unpaid and inactive for 12 consecutive months, we'll treat it the same way as an account deletion request (below).
If you ask us to delete your account
You can export a full copy of your CPD records at any time from within the app, for as long as your account remains active. Exporting your records before deletion is your responsibility — we don't generate or send this export on your behalf.
We'll send reminder emails on day 1, day 15, and day 28 after your deletion request, so you have every reasonable opportunity to export your data before it's removed.
Thirty (30) days after your deletion request, your account and all personal data will be permanently deleted from our systems, except where we're required by law to retain certain records (for example, financial records we must keep for tax purposes — this never includes your CPD content).
Data breaches
We comply with the Notifiable Data Breaches (NDB) scheme. If we become aware of a data breach that's likely to result in serious harm, we'll assess it promptly and notify both affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.
Children's privacy
Ponder is a professional development tool intended for registered and provisionally registered psychologists. It is not directed at, and we do not knowingly collect personal information from, anyone under the age of 18.
Complaints
If you believe we've breached your privacy, please contact us at support@pondercpd.com. We take privacy complaints seriously and will respond within a reasonable time.
If you're not satisfied with our response, you may contact the OAIC at www.oaic.gov.au.
Changes to this policy
We may update this Privacy Policy from time to time as our practices evolve. The latest version will always be available on the Ponder website. For minor changes, the updated date at the top of this page will reflect the revision. For material changes — anything that meaningfully affects how we handle your personal information — we'll notify account holders by email or in-app notice before the change takes effect.