Bulletproof Backs

Privacy Policy

Last updated: 1 July 2026

Bulletproof Backs ("we", "us", "our") respects your privacy. This policy explains how we collect, use, store and disclose your personal information, in line with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Because we provide physiotherapy services, some information we collect is health information — a type of sensitive information that we handle with additional care.

1. Who we are

Bulletproof Backs, founded by Marion McRae. You can contact us any time at [email protected].

2. Information we collect

  • Contact & identity details — name, email, phone, location.
  • Health information — details you share through intake forms, applications and consultations (your symptoms, history, goals). This is sensitive information.
  • Payment information — processed securely by our payment provider; we do not store your full card details.
  • Usage information — how you interact with our website and emails (via cookies and similar technologies).

3. How we collect it

Directly from you (forms, applications, bookings, consultations, emails), and automatically through our website and email platform.

4. Why we use your information

  • To provide our courses, programs and telehealth physiotherapy consultations.
  • To deliver clinical care safely and tailor it to you.
  • To process payments and manage your account and bookings.
  • To send you service messages and, where you’ve consented, marketing emails (you can opt out anytime).
  • To improve our services and meet our legal and professional obligations.
Your health information is only used to provide and support your care, meet our professional obligations as physiotherapists, or where the law requires or permits. We never sell it.

5. Who we share it with

We only share your information where necessary:

  • Trusted service providers who help us operate (for example, our practice-management/CRM platform, payment processor, email and telehealth providers), under confidentiality obligations.
  • Where required or authorised by law, or to protect health and safety.

We do not sell your personal information.

6. Storage, security & overseas disclosure

We take reasonable steps to protect your information from misuse, loss and unauthorised access. Some of our providers store data on secure servers that may be located outside Australia (for example, in the United States). By using our services you consent to this handling.

7. Health records

As physiotherapists, we are required to retain clinical records for the period set by applicable law and professional standards, even after your program ends.

8. Direct marketing

We may send you marketing communications where you have consented or where permitted by law. Every marketing email includes an unsubscribe link, and you can opt out at any time by contacting us. This is consistent with the Spam Act 2003 (Cth).

9. Cookies

Our website uses cookies and similar technologies to help it function, understand usage and improve your experience. You can manage cookies through your browser settings.

10. Accessing & correcting your information

You can ask to access or correct the personal information we hold about you by emailing [email protected]. We’ll respond within a reasonable time.

11. Complaints

If you have a privacy concern, please contact us first so we can help. If you’re not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Changes to this policy

We may update this policy from time to time. The latest version will always be available on this page, with the date it was last updated shown above.