VitalYOU|← Back to VitalYOU

Privacy Policy

VitalYOU Platform - Privacy Policy v3.2

Last Updated: 12 June 2026

1. Our Commitment to Your Privacy

Welcome to VitalYOU. We are committed to protecting the privacy and confidentiality of your personal information and health information. This Privacy Policy explains how VitalYOU Pty Ltd (ACN 690 628 329) (“VitalYOU”, “we”, “us”, “our”) collects, uses, stores, and shares your information when you use our online health platform located at www.vitalyou.com.au and its associated subdomains (the “Platform”). VitalYOU’s services are available only to people physically located in Australia at the time of consultation.

This policy is designed to comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and any applicable state and territory privacy legislation.

2. The Information We Collect

We collect information necessary to provide our services. We classify this information into two types:

  • Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable.
  • Sensitive Information: This is a special category of personal information that requires a higher level of protection. It includes health information and also includes information or opinion about things such as an individual's sexual orientation or practices, racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, genetic information, and biometric information (amongst other things). We will only collect sensitive information with your explicit consent.

The information we collect about you includes your:

  • contact details (such as name, email address, phone number and address).
  • billing and account information.
  • shipping information.
  • medical information and health information, such as your medical history, information you provide in your intake forms, consultation notes from your chosen health practitioner (“Practitioner”), prescriptions, pathology results, Medicare details, Individual healthcare identifiers, and health insurance details.
  • statistical information about your use of the Platform, such as information about your usage and web browsing, device ID, and IP address.
  • details of products and services that you have accessed via the Platform and/or that you have enquired about.
  • any other personal information that you provide to us while using the Platform.

We collect your personal information when you:

  • provide us with your personal information, such as when you input your personal information on the Platform and when you contact us to make enquiries.
  • attend a consultation with your Practitioner that is booked through the Platform.
  • use the Platform, via cookies, web beacons, pixels and other similar tracking technologies.

We may also collect your personal information from other sources — for example, from other medical practitioners or health providers involved in your care, from government sources such as My Health Record, or from monitored medicines databases, such as SafeScript, for the purpose of providing you with healthcare services.

Please note that if we are unable to collect information about you, we may not be able to provide you with our services and assistance.

3. How and Why We Use Your Information

Our primary purpose for collecting your personal information is to facilitate your healthcare. We may use your information:

  • to create and manage your account.
  • to share your health information with your chosen Practitioner, pharmacy, and pathology labs to enable your care.
  • to process payments for services and billing, including Medicare and private health insurance claims.
  • for referrals to other medical practitioners, hospitals or health providers.
  • to communicate with you about your appointments and care.
  • for complaints and incident handling, and notifications to our insurers.
  • for advertising and marketing purposes, including to send you promotional information that we consider may be of interest to you.
  • to improve our Platform (using anonymised and aggregated data only).
  • to manage our business — including quality assurance, accreditation, market analysis and keeping our records up to date.
  • to comply with our legal obligations and resolve any disputes that we may have.

4. Who We Share Your Information With

We generally only share your information with the parties directly involved in your care, and only as necessary. This “triangle of care” includes:

  • Your Practitioner: We share your intake forms, health history, and pathology results with the Practitioner you book a consultation with.
  • Pharmacies: If you are prescribed medicine, we share your name, contact details, and prescription with the licensed Australian pharmacy you select for dispensing.
  • Pathology Labs: We share your details and the test request form with our partner laboratories to facilitate your blood tests.
  • Our Service Providers: We may share information with trusted third-party companies that help us operate our business and our Platform, including (without limitation) secure cloud hosting providers, payment processing providers, IT service providers, marketing or advertising providers, and professional advisors. We have strict agreements in place to ensure they protect your data.
  • Other Parties: We may share your information to other parties related to your care, such as Medicare, private health insurers, medical defence organisations, and complaints handling bodies where required.

We will only disclose your information for other purposes in the following circumstances:

  • You have consented to the disclosure.
  • The disclosure is required or authorised by law (e.g., in response to a subpoena or a legal or regulatory notice).
  • We transfer our business or assets (or any part of them) to another person.

We will never sell your personal information.

5. Direct Marketing

We may use your Personal Information (such as your email address) to send you information about our services, health education, or promotions. We will never do this without your express, opt-in consent. You can unsubscribe from any marketing communications at any time by using the “unsubscribe” link in the email or by contacting us. We will not use your Sensitive Information for marketing.

6. Data Storage, Security, and Retention

  • Security: We use a range of technical and organisational measures, including encryption and strict access controls, to protect your data from misuse, loss, or unauthorised access.
  • Retention and Destruction: We retain your personal and health information for as long as is necessary to provide services to you and to comply with our legal obligations. In Australia, medical records must be retained for a minimum of 7 years for adults. After this period, we will take reasonable steps to securely destroy or permanently de-identify your information.

We take reasonable steps to protect your personal information from misuse, loss, unauthorised access and use and unauthorised disclosure to third parties. Although we take measures to safeguard against unauthorised disclosures of information, we cannot guarantee the security of any information you transmit to us, or receive from us.

7. Cross-Border Disclosure

Some of our technology service providers may be located overseas, such as in the United States. We only partner with providers who meet high standards of data security and privacy compliance. Where we share Personal Information to a party based overseas, we will first obtain your consent or take reasonable steps to ensure that the overseas recipient complies with the Privacy Act and the Australian Privacy Principles.

8. Cookies, Tracking Technologies, and Analytics

We use cookies and similar technologies to help our website function and to understand how our users interact with it.

  • Essential Cookies: These are necessary for the website to work (e.g., keeping you logged in).
  • Analytics Cookies: These help us understand traffic patterns and improve the Platform. This data is aggregated and does not personally identify you.

We use the following third-party tools and first-party technologies on the Platform:

  • Google Analytics 4 (via Google Tag Manager): We use Google Analytics 4, loaded through Google Tag Manager, to understand website traffic and improve performance. Data is processed by Google. See Google's privacy policy: https://policies.google.com/privacy
  • Meta (Facebook) Pixel and Meta Conversions API: We use the Meta Pixel (browser-based) and the Meta Conversions API (server-side) to measure the performance of our advertising. The Conversions API sends hashed (SHA-256) identifiers, including hashed email address and, where provided, hashed phone number, to Meta for ad measurement purposes. You can opt out of personalised advertising via your Meta account settings. See Meta's privacy policy: https://www.facebook.com/privacy/policy/
  • Microsoft Clarity: We use Microsoft Clarity for session replay and heatmap analysis to understand how visitors use the Platform. Clarity is configured to mask text inputs, so form contents are not captured. See Microsoft's privacy policy: https://privacy.microsoft.com/privacystatement
  • Vercel Analytics: We use Vercel Analytics to collect page-view performance telemetry. This data is processed by Vercel and is used solely for performance monitoring. See Vercel's privacy policy: https://vercel.com/legal/privacy-policy
  • First-party identifier cookie (vy_anon_id): We set a first-party cookie called vy_anon_id (2-year lifetime) that assigns an anonymous identifier to your browser. This is used by VitalYOU's own analytics platform to understand visit patterns. We also store campaign parameters (UTM tags) and advertising click identifiers (such as Google's gclid, Meta's fbclid, and Reddit's rdt_cid) in session storage to attribute bookings to the correct advertising channel.
  • Brevo email engagement tracking: Emails we send you via our email platform (Brevo) may include tracking pixels that tell us whether the email was delivered, opened, or clicked. You can disable email tracking by configuring your email client to block remote images.

You can control and manage cookies through your browser settings. Note that disabling certain cookies may affect how the Platform functions.

You can opt out of personalised advertising based on your activity on this Platform via your Meta or Google account settings.

9. Your Rights: Access and Correction

You have the right to:

  • Request Access: You can request access to the personal information we hold about you. Much of this is available in your account, but you can contact our Privacy Officer for a full record.
  • Request Correction: If you believe any information we hold is inaccurate, you can request that we correct it.

To make a request, please contact our Privacy Officer. We will respond within a reasonable timeframe.

10. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

11. Complaints and Contact

If you have a concern about how we have handled your privacy, please contact our Privacy Officer first. We will investigate and respond to your complaint within 30 days. If you are not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC).

Contact our Privacy Officer:
Email: support@vitalyou.com.au

12. Changes to this Privacy Policy

We may make changes to this Privacy Policy from time to time without notice to you. Updated policies will be posted on our website.