Privacy Policy

1. Who We Are

This Privacy Policy describes how Aura Chiropractic (“we”, “us”, “our”) collects, uses, stores, and protects personal information when you interact with our website, our clinic services,
or our social media properties operated under the handle @Drarthurchiro.

– Business name: Aura Chiropractic
– Operator: Dr Arthur Kaganovitch
– Location: Toorak, Melbourne, Victoria, Australia
– Phone: (03) 9548 5050
– Email: info@aurachiropractictoorak.com.au
– Website: aurachiropractictoorak.com.au

We are committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the EU General Data Protection Regulation
(GDPR) where applicable, and the California Consumer Privacy Act (CCPA) where applicable.

2. Information We Collect

2.1 Information you provide directly

– Name, email address, phone number, postal address
– Date of birth and basic demographic information
– Health information provided during clinical consultations
– Appointment and booking information
– Payment information (processed via secure third-party payment providers)

2.2 Information collected automatically via our website

– IP address, browser type, device type, operating system
– Pages viewed, time spent, referral source
– Cookies and similar tracking technologies (see Section 9)

2.3 Information collected via the TikTok API

We operate a TikTok developer application that connects to the TikTok account @Drarthurchiro for the purpose of publishing content created by Aura Chiropractic. Through the TikTok API,
we may access:

– Basic account information — username, display name, avatar, profile URL
– Content publishing data — video files, captions, hashtags, privacy settings, and publication status for content we post
– Post performance metrics — views, likes, comments, shares, and other engagement metrics for content we have published
– Authentication tokens — OAuth access and refresh tokens required to maintain the API connection

We only access data associated with the @Drarthurchiro account that we own and operate. We do not access, collect, or store personal data of other TikTok users, their followers, or their
content except where that data is publicly visible as engagement on our own posts (for example, public comments on our videos).

3. How We Use Your Information

We use the information we collect to:

– Provide chiropractic services and manage appointments
– Communicate with patients regarding their care
– Publish and schedule marketing content to social media platforms, including TikTok, via our self-hosted content management infrastructure
– Analyse engagement and performance of our social media content
– Comply with legal, regulatory, and professional obligations, including those imposed by the Australian Health Practitioner Regulation Agency (AHPRA)
– Improve our website, services, and content strategy
– Prevent fraud, abuse, and unauthorised access

We do not sell personal information. We do not use TikTok API data for advertising, retargeting, or any purpose other than managing and analysing our own published content.

4. How We Share Your Information

We share personal information only with the following categories of recipients:

4.1 Service providers (data processors)

– Postiz — a self-hosted content management system we use to schedule and publish social media posts. TikTok API tokens and content published through our account are processed via this
system, which runs on infrastructure we control.
– Payment processors — to process payments for clinical services.
– Cloud hosting providers — to host our website and internal systems.
– Email and messaging providers — to communicate with patients and subscribers.

All service providers are bound by contractual obligations to handle your data securely and only for the purposes we specify.

4.2 Legal and regulatory requirements

We may disclose information where required by law, court order, or to comply with our obligations to AHPRA, other regulators, or law enforcement agencies.

4.3 Business transfers

In the event of a merger, acquisition, or sale of business assets, personal information may be transferred to the acquiring party, subject to the same privacy obligations.

We do not sell, rent, or trade personal information to third parties for marketing purposes.

5. TikTok API Data — Specific Disclosures

In accordance with TikTok’s Developer Terms of Service, we confirm the following regarding data obtained from the TikTok API:

– We access only the scopes necessary to publish content and retrieve performance metrics for the @Drarthurchiro account.
– We store TikTok API access tokens in encrypted form on infrastructure we control.
– We do not transfer TikTok API data to any third party except where required to provide the publishing service (for example, internal content management databases).
– We do not use TikTok API data to train machine learning or artificial intelligence models.
– Users may revoke our access to their TikTok account at any time via TikTok’s settings, which will immediately terminate our ability to access their data.
– TikTok API data is retained only for as long as needed to operate the publishing and analytics functions described in this policy.

6. Data Retention

We retain personal information for as long as necessary to fulfil the purposes described in this policy, or as required by law.

– Patient health records — retained for at least seven years after the last consultation, in accordance with AHPRA and Victorian health records legislation.
– Marketing and subscriber data — retained until you unsubscribe or request deletion.
– TikTok API data — access tokens are retained while our connection to TikTok is active; performance metrics are retained for up to 24 months for trend analysis and then aggregated or
deleted.
– Website analytics data — retained for up to 26 months.

7. Data Security

We implement reasonable technical and organisational measures to protect personal information, including:

– Encryption of data in transit (HTTPS/TLS)
– Encryption of sensitive stored data, including API tokens
– Access controls limiting who can view personal information
– Regular review of security practices
– Physical security at our clinic premises

No method of transmission or storage is 100% secure, but we take our obligations seriously and notify affected individuals and the Office of the Australian Information Commissioner
(OAIC) in the event of an eligible data breach.

8. Your Rights

8.1 Under the Australian Privacy Act

You have the right to:
– Access the personal information we hold about you
– Request correction of inaccurate information
– Make a complaint about how we have handled your information

8.2 Under the GDPR (for EU/EEA residents)

Where the GDPR applies, you additionally have the right to:
– Request deletion (“right to be forgotten”)
– Restrict processing
– Object to processing
– Data portability
– Withdraw consent at any time
– Lodge a complaint with a supervisory authority

8.3 Under the CCPA (for California residents)

Where the CCPA applies, you additionally have the right to:
– Know what personal information we collect
– Request deletion
– Opt out of the sale of personal information (we do not sell personal information)
– Non-discrimination for exercising your rights

8.4 How to exercise your rights

Email info@aurachiropractictoorak.com.au or call (03) 9548 5050. We will respond within 30 days.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:
– Remember your preferences
– Understand how visitors use our site
– Measure the effectiveness of our content

You can disable cookies in your browser settings. Some parts of the website may not function correctly if cookies are disabled.

10. Children’s Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16 without parental consent. If you believe we have
collected information from a child under 16, please contact us and we will delete it promptly.

Chiropractic care for minors at our clinic is provided only with parental or guardian consent, and information relating to minor patients is handled with the same protections as all
other patient data.

11. International Data Transfers

Aura Chiropractic is based in Australia. Some of our service providers (for example, cloud hosting and social media platforms such as TikTok) may process data outside Australia,
including in the United States and European Union. Where data is transferred internationally, we take reasonable steps to ensure it is protected to a standard equivalent to Australian
law.

12. Third-Party Links

Our website and social media content may contain links to third-party websites. We are not responsible for the privacy practices of those sites. Please review their privacy policies
before providing personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when changes were made. Material changes will be communicated via our
website or by email where appropriate.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal information:

Aura Chiropractic
Attention: Dr Arthur Kaganovitch
Toorak, Melbourne, Victoria, Australia
Email: info@aurachiropractictoorak.com.au
Phone: (03) 9548 5050

You also have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC):
– Website: oaic.gov.au
– Phone: 1300 363 992