Your data, protected.

Your professional records are private — and protecting them is our highest priority.
Ponder is built and hosted in Australia, using enterprise-grade security and privacy safeguards that meet Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

How We Keep Your Data Safe

Secure Australian Hosting

• All data is stored on Microsoft Azure servers located in Australia.

• Data is encrypted in transit (TLS 1.2) and at rest (AES-256).

• Daily encrypted backups are maintained and stored separately for added protection.

Access Controls

• Access to user data is limited to authorised personnel under confidentiality agreements.

• All administrative accounts are protected by multi-factor authentication (MFA).

• We follow Microsoft’s recommended security protocols and regularly review permissions.

Privacy and Data Handling

• Ponder complies with the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Cth).

• We never sell, rent, or share your personal information with third parties.

• Payment details are processed securely by Stripe or app store billing and are never stored by us.

Data Retention & Deletion

• You own your data — always.

• When you delete your account, we email you an export of your CPD records.

• 30 days later, your account and all data are permanently deleted, except where retention is required by law.

Incident Response

• We comply with Australia’s Notifiable Data Breaches (NDB) scheme.

• In the unlikely event of a data breach, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) within 72 hours.

Our Commitment

We treat every psychologist’s data with the same care and confidentiality that our profession expects.
Security is not an afterthought — it’s built into every layer of Ponder.

Last reviewed: November 2025
For any security questions, contact us at contact@pondercpd.com