Back to Home

Privacy Policy

How Bridgyr collects, uses, stores, and protects your personal information under Australian privacy law.

Last Updated: 6 April 2026

Christopher English trading as Bridgyr.com (ABN 89 127 431 973)

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Bridgyr platform at bridgyr.com. It applies to all users of the platform.

We are bound by the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) and the June 2025 reforms. Because Bridgyr handles health-related professional information, the small business exemption does not apply to us.

1. Who This Policy Covers

Bridgyr serves two types of users:

Supervisors — Board-Approved Supervisors registered with AHPRA who hold a Bridgyr subscription. Supervisors are our paying customers and the primary account holders.

Provisionals — Provisional psychologists invited into the platform by their supervisor. Provisionals are sub-users who do not hold their own subscription and are not party to the Subscriber Agreement.

2. What Information We Collect

Information provided by Supervisors

Full name, email address, AHPRA registration number, Board-Approved Supervisor (BAS) status, and billing information processed via Stripe. Bridgyr does not store credit card numbers — these are handled entirely by Stripe.

Information provided by Provisionals

Full name, email address, and AHPRA provisional registration number.

Information created by both user types

Session logs, supervisor annotations, sign-off timestamps, and support communications.

Voice recordings

Bridgyr offers a voice logging feature for provisional psychologists. Voice recordings capture only the provisional's own spoken reflections on their clinical work. They do not contain patient voices, patient names, or any patient-identifying information. Voice audio is sent to ElevenLabs (elevenlabs.io) for transcription using their Scribe V2 service. Audio is deleted after transcription is complete.

Technical information collected automatically

IP addresses, browser and device metadata, feature usage and page interaction data, and error and crash logs.

AHPRA registration numbers

AHPRA registration numbers are professional identifiers. They are not health information about patients, but they are sensitive in a professional context. We use them solely to verify supervisor status and provisional enrolment. We do not share AHPRA registration numbers with third parties except where required by law or in response to an AHPRA investigation.

3. Sensitive Information

Australian privacy law applies a higher protection standard to health information and biometric information. Bridgyr handles:

  • AHPRA registration details — professional health practitioner information subject to additional protections.

  • Voice recordings — which may constitute biometric information in some contexts due to voice characteristics.

We do not collect, store, or process patient (client) health information. Supervision records on Bridgyr concern the supervisory relationship and the provisional psychologist's professional development — not individual patients.

We collect sensitive information only where it is necessary to provide the platform and will seek explicit consent where required.

4. How We Use Your Information

We use your information for the following purposes:

  1. Providing and operating the platform — delivering the core supervision management service you signed up for.

  2. Authenticating identity and managing accounts and role-based access — ensuring supervisors and provisionals can only access what they are authorised to see.

  3. Enabling supervisors to review, annotate, and sign off supervision records — the core workflow of the platform.

  4. Sending transactional emails — account setup confirmations, sign-off notifications, and billing receipts via Resend.

  5. Monitoring platform performance, fixing errors, and improving features — using PostHog, Sentry, and BetterStack.

  6. Processing subscription payments — via Stripe.

  7. Responding to support requests — when you contact us at support@bridgyr.com.

  8. Meeting legal and regulatory obligations — including record-keeping requirements under Australian tax law.

  9. AHPRA secondary use — where we reasonably suspect falsification of supervision records, we may disclose relevant records to AHPRA or the Psychology Board of Australia.

  10. Research and feedback — we may contact you to invite participation in research, surveys, or product feedback activities. Participation is always voluntary. You may opt out at any time by contacting privacy@bridgyr.com or using the unsubscribe link in any research communication. We may also contact provisional sub-users associated with a supervisor's account for research purposes, where the supervisor has consented on their behalf under the Subscriber Agreement.

  11. Aggregated data — Bridgyr may use de-identified, aggregated data derived from platform usage to improve the platform, conduct internal research, and publish industry insights. This data cannot be used to identify any individual user, supervisee, or supervision relationship.

  12. Benchmarks — Bridgyr may generate and display aggregated benchmarks and insights derived from platform usage. These are statistical aggregates and do not identify individual users or supervision relationships.

  13. Fingerprinting and marketing attribution — on the Bridgyr marketing website (bridgyr.com), we may use device fingerprinting and analytics technologies for attribution and platform improvement. This is disclosed in our Cookie Policy. Users in the EU and UK will be asked for explicit consent before this processing occurs. Australian users receive a transparent notice.

We do not use your information for advertising. We do not sell your personal information to anyone.

5. Third Parties We Share Information With

We share personal information only with the following service providers, and only to the extent necessary for them to perform their function:

Provider

Purpose

Location

Data Received

Clerk (clerk.com)

Authentication and user identity

United States

Name, email, user ID, session tokens

ElevenLabs (elevenlabs.io)

Voice transcription (Scribe V2)

United States

Voice audio submitted for transcription. Audio contains the provisional's own reflections only — no patient data.

Neon (neon.tech)

Database hosting

Australia (Sydney)

All platform data — does not leave Australia

Vercel (vercel.com)

Application hosting and delivery

Australia (Sydney)

Application traffic — does not leave Australia

Stripe (stripe.com)

Payment processing

United States

Billing name, email, payment details

Resend (resend.com)

Transactional email

United States

Name, email address

PostHog (posthog.com)

Product analytics

United States

User ID, feature usage, page interactions

Sentry (sentry.io)

Error monitoring

United States

User ID, error logs, technical session data

BetterStack (betterstack.com)

Infrastructure monitoring

United States

Server logs, IP addresses

Attio (attio.com)

Customer relationship management

United States

Subscriber name, email, account history

Apollo.io (apollo.io)

Business development outreach

United States

Business contact information of potential customers

A full sub-processor list is maintained at bridgyr.com/legal/sub-processors.

6. Cross-Border Data Transfers

Our primary data storage and application infrastructure are hosted in Australia (Sydney region) via Neon and Vercel. Cross-border transfers occur only to the US-based providers listed in Section 5 above.

To comply with APP 8 (cross-border disclosure of personal information), we have taken the following steps:

ElevenLabs — We accepted ElevenLabs' Data Processing Agreement in November 2025. ElevenLabs holds SOC 2 Type II certification. The DPA prohibits ElevenLabs from selling data or using it for any purpose other than transcription. Voice audio is temporarily stored in the United States and deleted after transcription is complete. We obtain explicit consent from provisionals at onboarding via a consent checkbox before any voice data is transferred.

All other US-based providers — We have Data Processing Agreements or equivalent contractual protections in place with each provider, requiring them to handle personal information to a standard equivalent to the APPs.

No transfers are made to countries without adequate protections unless contractual safeguards are in place.

All primary data storage and application infrastructure is hosted in Australia (Sydney region) via Neon and Vercel.

7. How Long We Keep Your Information

Information Type

Retention Period

Active account data

Duration of subscription

Supervision records and annotations

Subscription period + 90 days post-cancellation, then de-identified and deactivated per APP 11.2

Billing and transaction records

7 years (required by Australian tax law)

Error logs

90 days

Voice audio files

Deleted after transcription is complete

When your subscription ends, you have 90 days to export your supervision records before they are de-identified and deactivated. We provide a data export function for this purpose.

Supervisors are responsible under AHPRA's Code of Conduct for retaining their own supervision records in accordance with applicable professional and legal obligations. Bridgyr is a record-keeping tool, not a long-term archive.

8. Your Rights

Under the Privacy Act 1988 (Cth), you have the right to:

  • Access the personal information we hold about you.

  • Correct inaccurate or incomplete information.

  • Request deletion of your information, subject to legal retention obligations. Please note that due to our append-only architecture, records are de-identified and deactivated per APP 11.2 rather than hard-deleted.

  • Withdraw consent for voice transcription at any time, without affecting the lawfulness of processing that occurred before withdrawal.

  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We will respond to access and correction requests within 30 days.

Provisionals should contact their supervisor in the first instance for access to supervision records, or contact Bridgyr directly at privacy@bridgyr.com.

9. Data Breach Notification

If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable after the breach is confirmed, in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

10. Security

We take the security of your information seriously. Our measures include:

  • TLS encryption for all data in transit

  • Encryption at rest for stored data

  • Role-based access controls ensuring users can only access information appropriate to their role

  • Regular monitoring via Sentry (error tracking) and BetterStack (infrastructure monitoring)

  • Sub-processors contractually required to maintain appropriate security standards

11. Children

The Bridgyr platform is not intended for anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a person under 18, we will take steps to de-identify and deactivate that information per APP 11.2.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and by updating the Last Updated date at the top of this page. Your continued use of the platform after notification constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: privacy@bridgyr.com Legal entity: Christopher English trading as Bridgyr.com (ABN 89 127 431 973) Governing law: New South Wales, Australia

To lodge a complaint with the Australian privacy regulator: Office of the Australian Information Commissioner (OAIC) Website: oaic.gov.au Phone: 1300 363 992