Legal

Privacy Policy

Compliant with the Privacy Act 1988 (Cth) and Australian Privacy Principles

Who we are

evermoves is a movement and wellness studio based in East Corrimal, NSW 2518, Australia. This policy explains how we handle your personal information under the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) and the NSW Health Records and Information Privacy Act 2002 (HPPs). Our privacy officer can be reached at info@evermoves.com.au.

What we collect

Personal information: name, email, phone, date of birth, gender and pronouns (if provided), photo (if uploaded), your signed liability waiver, payment records (card details are handled by Stripe — we never see or store card numbers), and your interaction history (bookings, attendance, video views).

Health information (sensitive information, collected only with your consent and only where needed to run your practice safely): injuries or conditions you choose to tell us about, your private movement journal (effort, mood, notes), and — only if you later connect them — wellness metrics such as heart rate, sleep and mindful minutes from Apple Health or Google Health Connect.

How we collect it

Directly from you (forms, your account, classes), from your device only after you grant permission (Apple Health / Health Connect, when that feature launches), and from Stripe for payment confirmations. We collect only what is reasonably necessary, and we tell you at the point of collection why we are asking.

How we use it

Your information is used to:

  • Provide the services you've requested (bookings, content access, programs)
  • Keep classes safe and adapted to you (injuries, accessibility)
  • Process payments (via Stripe)
  • Send transactional communications (receipts, reminders, waitlist notifications)
  • Send marketing communications, only if you've separately opted in (unsubscribe any time)
  • Improve our services using de-identified analytics
  • Meet legal obligations

We do not use your health information for any new purpose without asking you first.

AI features & automated decisions

Some optional features (onboarding personalisation, the movement concierge, journal insights) use Azure OpenAI to generate suggestions. They are off until you turn them on, you can switch each one off at any time in your account, and your data is never used to train AI models. AI suggestions support — they never replace — human judgement, are not medical advice, and no decision with a significant effect on you is made solely by a computer program. This section will be kept current with the automated decision-making transparency requirements of the Privacy Act (APPs 1.7–1.9).

Who we share it with (including overseas)

We never sell your data. We share it only with the processors that run the service, under agreements requiring them to protect it to Australian standards:

  • Vercel — website and app hosting (United States)
  • Neon — database (United States)
  • Stripe — payments (United States)
  • Azure OpenAI — optional AI features you opt into (United States)
  • Mux — video streaming (United States)
  • Twilio — SMS reminders, if opted in (United States)
  • Shopify — retail orders (Canada / United States)

Because these providers may store information in the United States or Canada, this is a cross-border disclosure under APP 8 and HPP 14. We take reasonable steps — including contractual data-processing protections — so your information is handled consistently with Australian privacy law, and we remain accountable to you for it.

Apple Health & Google Health Connect

If you connect Apple Health or Google Health Connect (mobile app), we import only the data types you approve, use them solely to provide your health and fitness features, and never use them for advertising, marketing or sale to data brokers. You can disconnect at any time, and we'll offer to delete imported data when you do.

How we protect it

Encryption in transit (TLS) and at rest, multi-factor authentication for staff, role-based access (health information visible only to staff who need it), audit logging of access to member records, and regular security review. Payment data is handled exclusively by Stripe (PCI-DSS Level 1 certified).

How long we keep it

We keep personal information only as long as needed for the purposes above. Because we are a NSW health service provider, records containing your health information are kept for at least 7 years from the last entry (or until age 25 if collected while you were under 18), as required by section 25 of the HRIP Act. When information is no longer needed, we delete or de-identify it.

Your rights

Under APPs 12 & 13 and HPPs 6–8 you can:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and data (we de-identify anything we must legally retain)
  • Withdraw any consent — including each AI feature and marketing — at any time

To exercise any of these rights, email info@evermoves.com.au. We respond within 30 days.

Complaints

If you're unhappy with how we've handled your information, contact us first and we'll respond within 30 days. You can also complain to the Office of the Australian Information Commissioner (oaic.gov.au) or, for health information, the NSW Information and Privacy Commission (ipc.nsw.gov.au).

Cookies & tracking

We use only essential cookies (for authentication and cart). Analytics cookies are opt-in via the consent banner. See our cookie notice for details.

Age

evermoves is for people aged 16 and over. Participants aged 16–17 require parent/guardian consent (see Waiver §15).

Breach notification

In the unlikely event of a data breach likely to cause serious harm, we will notify affected individuals and the OAIC as soon as practicable in accordance with the Notifiable Data Breaches scheme.

Updates

This policy may be updated. Material changes will be emailed to active members. Last updated: 12 June 2026.

Contact

For any privacy-related queries: info@evermoves.com.au