CPD Ally
LoginGet Started

Privacy Policy

Last updated: 10 April 2026

1. About this policy

CPD Ally (“we”, “us”, “our”) is committed to protecting the privacy of your personal information. This policy explains how we collect, use, store, and disclose your information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

CPD Ally is a professional development management platform designed for Australian health professionals registered with the Australian Health Practitioner Regulation Agency (AHPRA).

2. Information we collect

We collect the following categories of personal information:

Account information

  • Full name and email address
  • Password (stored in hashed form only — we cannot read your password)
  • Account role (e.g. early career, individual practitioner)

Professional information

  • AHPRA registration number
  • Profession and registration type (e.g. Psychology — General)
  • Board endorsements
  • Work settings, clinical interests, and client populations
  • Career goals (short, medium, and long-term)
  • Years of experience and supervisor status

CPD activity data

  • CPD entries you log (title, provider, hours, dates, reflections)
  • Files you upload for CPD import (certificates, spreadsheets, documents)
  • Saved and scheduled CPD opportunities
  • Career goals and action plans

Usage data

  • Pages visited and features used within the platform
  • Browser type, device, and general location (state/region level only)

3. How we use your information

We use your information to:

  • Provide and personalise the CPD Ally platform
  • Track your CPD compliance against your profession’s AHPRA requirements
  • Generate relevance scores for CPD opportunities based on your profile and goals
  • Produce AHPRA-compliant CPD portfolio exports (PDF and CSV)
  • Suggest peer connections based on profession, location, and interests
  • Send you notifications about CPD deadlines, compliance, and opportunities (if enabled)
  • Improve the platform and develop new features

4. Third-party service providers

CPD Ally relies on a small number of carefully chosen service providers to operate the platform. We do not sell, rent, or trade your personal information to any third party.

Supabase (database hosting)

Your account information, profile, CPD entries, ratings, peer connections, and all other application data is stored in a PostgreSQL database hosted by Supabase. The database is located in their Sydney, Australia region (ap-southeast-2), meaning your data does not leave Australia. Supabase encrypts data at rest and in transit, and is bound by their privacy policy and data processing agreement.

Vercel (application hosting)

The CPD Ally web application is hosted by Vercel. Vercel processes web requests but does not have direct access to your stored data. Vercel’s privacy policy applies to data processed in transit.

Anthropic (AI processing)

CPD Ally uses artificial intelligence to enhance specific features. Certain data is sent to Anthropic (the provider of Claude AI) for processing:

  • CPD file import: When you upload files (PDFs, images, Word documents) for CPD extraction, the file contents are sent to Anthropic’s API for parsing. Spreadsheet files (CSV, Excel, ODS) are processed locally without leaving our servers.
  • CPD discovery: Your profession, career goals, and CPD category gaps may be sent to Anthropic’s API to search for relevant CPD opportunities.
  • Peer discovery: When you use the “Deep Search” feature on the Peers tab, your profession and clinical interests may be sent to Anthropic’s API to search public professional directories for potential connections.

Anthropic processes data in accordance with their privacy policy. Anthropic does not use data sent via their API to train their models.

Resend (transactional email)

We use Resend to send transactional emails (account verification, password resets, notifications). When we send you an email, your name and email address are processed by Resend. Resend’s privacy policy applies.

5. Data storage, security, and location

  • Australian servers: Your CPD Ally application data is stored in Supabase’s Sydney (ap-southeast-2) region. Data is not transferred outside of Australia for storage.
  • Encryption: Data is encrypted at rest and in transit (TLS/HTTPS for all connections).
  • Authentication: Passwords are hashed using bcrypt with 12 rounds and cannot be recovered or read by us. We never store passwords in plain text.
  • Access controls: Access to production systems is restricted to authorised personnel only and is limited via API keys and secure authentication.
  • Backups: Database backups are performed automatically by Supabase and are also stored within the Sydney region.

While we take reasonable steps to protect your information in line with the Australian Privacy Principles, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data retention

We retain your personal information for as long as your account is active or as needed to provide services to you. CPD records are retained to support AHPRA audit requirements (typically the most recent registration period plus any prior periods that may be subject to audit).

If you delete your account, we will delete your personal information within 30 days, except where retention is required by law.

7. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Correct any information that is inaccurate, incomplete, or out of date
  • Delete your account and associated data
  • Export your CPD data at any time (PDF or CSV)
  • Withdraw consent for optional data processing (e.g. AI features)

To exercise any of these rights, contact us at privacy@cpdally.com.au.

8. Cookies and local storage

CPD Ally uses essential cookies for authentication (session management) and local browser storage for user preferences (e.g. map avatar, notification dismissals). We do not use third-party tracking cookies or advertising cookies.

9. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or through a notice on the platform. Your continued use of CPD Ally after changes are posted constitutes acceptance of the updated policy.

10. Contact us

If you have questions about this privacy policy or wish to make a complaint about how we handle your information, please contact us:

Email: privacy@cpdally.com.au

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).