1. Who we are

cpdeze ("we", "us", "our") is an Australian-based software service that helps pharmacists plan, record, and export their Continuing Professional Development (CPD) records. Our service is accessible at app.cpdeze.com. You can contact us at cpdeze@outlook.com.

We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information we collect

We collect the following categories of information when you use cpdeze:

• Account information: Your full name and email address, collected at registration.
• CPD records: Activity titles, providers, dates, hours, competency tags, and reflections that you enter or that are generated on your behalf.
• Uploaded files: Certificates, letters of completion, and other documents you upload to the Document Vault or for AI autofill processing.
• Billing information: Subscription status and payment history. Card details are handled directly by Stripe and are never stored on our systems.
• Usage data: Feature usage counts (e.g. number of AI reflection drafts used) for the purpose of enforcing plan limits.
• Technical data: Firebase Authentication tokens and session data used to secure your account.

We do not collect sensitive health information as defined under the Privacy Act. CPD records relate to professional development activities, not personal medical information.

3. How we use your information

• To provide and maintain the cpdeze service, including CPD planning, activity logging, and audit export features.
• To process uploaded certificates through AI in order to prefill activity fields on your behalf.
• To generate AI-drafted reflection content based on prompts you provide.
• To send transactional emails (email verification, password reset) via Brevo.
• To process subscription payments via Stripe.
• To enforce Free and Pro plan usage limits.
• To respond to support enquiries you send to us directly.

We do not use your CPD records, uploaded files, or personal data for advertising, marketing profiling, or sale to third parties.

4. Third-party services

cpdeze relies on the following third-party services to operate. Each is bound by their own privacy policies:

• Google Firebase (Firestore, Authentication, Storage, Hosting): Stores your account data, CPD records, and uploaded files. Data is stored in Google Cloud infrastructure (us-central1, United States). Firebase Privacy Policy.
• Google Gemini AI: Processes uploaded certificates to extract structured activity data, and generates reflection draft text. Uploaded files are sent to the Gemini API for processing and are not retained by Google beyond the scope of a single API call, subject to Google's data use policies. Google AI Terms.
• Stripe: Processes subscription payments. Stripe stores your payment card details. We receive only a customer ID and subscription status. Stripe Privacy Policy.
• Brevo (Sendinblue): Sends transactional emails (verification, password reset). Your email address is passed to Brevo solely for the purpose of delivering these emails. Brevo Privacy Policy.

5. Data storage and security

Your data is stored on Google Firebase servers located in the United States (us-central1 region). All data is encrypted in transit using TLS and encrypted at rest by Firebase's default storage encryption.

Access to your CPD records and uploaded files is restricted to your authenticated account. Administrative access is limited to authorised cpdeze personnel only.

While we take reasonable steps to protect your information, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data retention

We retain your account data and CPD records for as long as your account is active. If you request deletion of your account, we will delete your personal data and CPD records within 30 days, except where retention is required by law or for the resolution of disputes.

Uploaded certificate files processed by the AI autofill feature are processed in real time and are not stored beyond what is saved to your Document Vault at your direction.

7. Your rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of your account and associated personal data.
• Complain about a breach of the APPs.

To exercise any of these rights, contact us at cpdeze@outlook.com. We will respond within a reasonable timeframe, generally within 30 days.

If you are located in the European Economic Area, you may also have rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Cookies and local storage

cpdeze uses Firebase Authentication tokens stored in your browser's local storage to maintain your session. We do not use third-party advertising cookies or tracking pixels. No cookie consent is required for the service to function.

9. Children's privacy

cpdeze is intended for use by registered pharmacists and pharmacy students aged 18 and over. We do not knowingly collect information from individuals under the age of 18.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. Continued use of cpdeze after changes are posted constitutes acceptance of the updated policy.

11. Contact and complaints

For privacy-related questions, requests, or complaints, contact us at cpdeze@outlook.com.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.