Your data, protected.
Your professional records are private — and protecting them is our highest priority. Ponder is built and hosted in Australia, using enterprise-grade security safeguards aligned with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
Secure Australian hosting
All data is stored on Microsoft Azure servers located in Australia.
Data is encrypted in transit (TLS) and at rest (AES-256 encryption).
Daily encrypted backups are maintained and stored separately for added protection.
Access controls
Access to user data is limited to authorised personnel under confidentiality agreements.
All administrative accounts are protected by multi-factor authentication (MFA).
We follow Microsoft's recommended security baseline and regularly review access permissions.
Privacy and data handling
Ponder complies with the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Cth).
We never sell, rent, or share your personal information with third parties.
Payment details are processed securely by Stripe or app store billing and are never stored by us.
Data retention & deletion
You own your data — always.
If a payment lapses, your account is paused, not deleted — your data is retained until you reactivate, or until 12 months of inactivity has passed.
If you delete your account, you can export your CPD records yourself at any time beforehand. We'll remind you by email, but exporting is your responsibility — your data is permanently deleted 30 days after your request, except where retention is required by law.
Incident response
We comply with Australia's Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).
If a breach is likely to result in serious harm, we assess it as a priority — the law allows up to 30 days for this, but our aim is always to move faster.
We notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable once a breach is confirmed.
"We treat every psychologist's data with the same care and confidentiality that our profession expects. Security isn't an afterthought — it's built into every layer of Ponder."