Loading…
Last updated: 6 June 2026
This Privacy Policy explains how Tom Hopkin trading as Calma Practiq ("Calma Practiq", "we", "us", "our") collects, holds, uses, and discloses personal information in connection with our practice management software available at calmapractiq.com (the "Service").
We are committed to protecting your privacy and handling personal information in accordance with the New Zealand Privacy Act 2020, the Australian Privacy Act 1988 (Cth), the UK General Data Protection Regulation (UK GDPR), and the EU General Data Protection Regulation (GDPR), as applicable to your location. Health information is treated as sensitive information and afforded additional protections in all jurisdictions we operate in.
By using the Service, you agree to the collection and use of information as described in this policy.
This policy applies to two categories of people:
If you are a Client whose information has been entered by your practitioner, please be aware that your practitioner is the primary data controller for that information. You should contact your practitioner directly regarding how they manage your records.
If you connect optional integrations, we receive and store access credentials (OAuth tokens) from:
Session notes, intake form responses, and other clinical records stored in Calma Practiq may constitute health information under the Health Information Privacy Code 2020, and sensitive information under the Australian Privacy Act 1988 (Cth). Both frameworks require this category of information to be handled with an elevated level of care.
Practitioners are responsible for ensuring they have obtained appropriate consent from their clients to collect and store health information using a third-party platform, and for meeting their own professional and legal obligations under the Health Information Privacy Code 2020 and, where applicable, the Australian Privacy Principles.
We do not access, read, or use client health information for any purpose other than providing and maintaining the Service.
We use personal information to:
We do not sell, rent, or trade your personal information or your clients' information to third parties. We do not use client data for marketing or profiling purposes.
We share information with trusted third-party providers solely to the extent necessary to operate the Service:
Each of these providers has their own privacy policies governing the information they process. We only share the minimum information required for each service to function.
All data is stored on servers located in Australia (AWS Sydney region). We implement industry-standard security measures including:
While we take reasonable steps to protect your information, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account password.
We retain your personal information for as long as your account is active, or as long as necessary to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal, tax, or fraud prevention purposes.
Stripe may retain payment records independently in accordance with their own policies and applicable financial regulations.
Under the Privacy Act 2020, you have the right to:
We will respond to access and correction requests within 20 working days as required by the Privacy Act.
If you are located in Australia or your information is otherwise subject to the Australian Privacy Act 1988, you have the right to:
To exercise any of these rights, contact us at tomhopkin.systems@gmail.com.
We use two types of data collection:
We do not use advertising, remarketing, or cross-site tracking cookies.
If you are located in the United Kingdom or the European Economic Area, the following additional rights apply to you under the UK General Data Protection Regulation (UK GDPR) or the EU GDPR:
Our lawful basis for processing therapist account data is performance of a contract. Our lawful basis for processing client data entered by therapists is legitimate interests (providing the contracted service). Anonymous analytics are processed under consent, which you may withdraw at any time using the link above.
To exercise any of these rights, contact us at the address in section 12. We will respond within one calendar month.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the Service. Your continued use of the Service after any change constitutes your acceptance of the updated policy.
For any privacy-related questions, requests, or complaints, please contact: