1. About this Privacy Policy
This Privacy Policy explains how BirthGuide ("we," "us," or "our") collects, holds, uses, and discloses your personal information when you use our website at birthguide.com.au and our birth plan creation service (together, the "Service").
BirthGuide is operated from Melbourne, Victoria, Australia. We are committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"). Because we also serve visitors from the United Kingdom and the European Economic Area, we comply with the UK General Data Protection Regulation ("UK GDPR") and the EU General Data Protection Regulation ("EU GDPR") where applicable.
We have written this policy in plain language so you can easily understand what information we collect, why we collect it, how we use it, and what choices you have. If anything is unclear, please contact us at hello@birthguide.com.au.
By using BirthGuide, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent to process personal information, we will seek that consent separately and clearly.
2. Who we are
BirthGuide is a digital product that helps expecting parents create personalised birth plans. We are based in Melbourne, Victoria, Australia.
For the purposes of the UK GDPR and EU GDPR, BirthGuide is the data controller responsible for your personal information.
Contact details for privacy enquiries:
Email: hello@birthguide.com.au
Website: birthguide.com.au
3. What personal information we collect
Under Australian Privacy Principle 1 (APP 1), we are required to tell you about the kinds of personal information we collect and hold.
Information you provide directly:
- Your name and your partner's name
- Your email address (which may be provided during conversation with our AI chat widget)
- Your estimated due date
- Your birth preferences and wishes (such as preferred birth setting, pain relief preferences, labour preferences, and post-birth wishes)
- Your care provider details (such as your obstetrician, midwife, or hospital name)
- Any other information you choose to enter when creating your birth plan
Information collected automatically:
- Device and browser information (such as browser type, operating system, screen resolution)
- IP address
- Pages visited, time spent on pages, and navigation patterns
- Referring website addresses
- Approximate geographic location (derived from IP address, at city level only)
- Cookies and similar tracking identifiers (see Section 8 below)
Payment information:
When you purchase BirthGuide, payment is processed securely by Stripe. We do not collect, store, or have access to your credit card number, debit card number, or full payment card details. Stripe collects your payment information directly and provides us with a transaction confirmation, your name, email address, and the last four digits of your card for reference purposes only.
Important note about sensitive information:
Under the Privacy Act 1988, information about your birth preferences and wishes about the future provision of health services, your due date, and your care provider details may constitute "health information," which is a category of "sensitive information" under section 6FA of the Act. We treat this information with additional care and collect it only with your consent. By entering your birth preferences and related details into BirthGuide, you consent to our collection and use of this information for the purpose of creating your personalised birth plan.
4. How we collect your information
In accordance with Australian Privacy Principle 3 (APP 3), we collect personal information by lawful and fair means.
Directly from you, when you:
- Enter your details and preferences into the BirthGuide birth plan builder
- Provide your email address during a conversation with our AI chat widget
- Make a payment for the BirthGuide service
- Contact us by email
Through our AI chat widget: Our website features an AI-powered chat widget that allows you to ask questions. During the conversation, the chat widget may ask for your email address. Providing your email is voluntary. If you choose to share it, we store the email address you provide along with the conversation for the purpose of following up or providing you with relevant information.
Automatically, through cookies and similar technologies when you visit our website (see Section 8).
From third parties: We may receive limited technical information from our service providers, such as Cloudflare (security and performance data) and Stripe (payment confirmation data).
We do not collect personal information from public sources or data brokers.
5. Why we collect and use your information
Under Australian Privacy Principle 6 (APP 6), we only use or disclose your personal information for the primary purpose for which it was collected, or for a directly related secondary purpose that you would reasonably expect.
We collect, hold, and use your personal information for the following purposes:
- To provide the Service: Creating your personalised birth plan, generating your Birth Page, birth plan PDF, partner labour cheat sheet PDF, and personalised hospital bag checklist PDF
- To process your payment: Facilitating the one-time payment of $14.99 AUD through Stripe
- To send transactional communications: Delivering purchase confirmations, birth plan delivery emails, and other service-related messages via our email provider, Resend
- To respond to your enquiries: Answering questions you submit through our AI chat widget or by email
- To improve and maintain our Service: Analysing how visitors use our website so we can improve functionality, content, and user experience
- To ensure security and prevent fraud: Protecting our website and users from malicious activity
- To comply with legal obligations: Meeting our obligations under Australian law, including tax and record-keeping requirements
We will not use your personal information for direct marketing unless you have provided your explicit consent. You may opt out of any marketing communications at any time by contacting us at hello@birthguide.com.au.
6. Lawful bases for processing (UK and EU visitors)
If you are located in the United Kingdom or the European Economic Area, the UK GDPR and EU GDPR require us to identify a lawful basis for processing your personal information. We rely on the following lawful bases:
| Purpose | Lawful basis |
|---|---|
| Providing the birth plan creation service | Performance of a contract (Article 6(1)(b)) |
| Processing your payment through Stripe | Performance of a contract (Article 6(1)(b)) |
| Sending transactional emails (purchase confirmation, plan delivery) | Performance of a contract (Article 6(1)(b)) |
| Processing birth preferences and health-related information | Explicit consent (Article 9(2)(a)) |
| Analytics and website improvement (Google Analytics 4, Microsoft Clarity) | Consent (Article 6(1)(a)); these tools are only activated with your consent for UK/EU visitors |
| Website security and performance (Cloudflare) | Legitimate interests (Article 6(1)(f)); our legitimate interest is maintaining a secure and functional website |
| Complying with legal obligations | Legal obligation (Article 6(1)(c)) |
| Responding to enquiries via the AI chat widget | Legitimate interests (Article 6(1)(f)); our legitimate interest is responding to your questions about the Service |
Where we rely on consent, you may withdraw your consent at any time by contacting us at hello@birthguide.com.au. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.
7. How we use artificial intelligence
BirthGuide features an AI-powered chat widget on our website. This chat widget uses the Anthropic Claude API to generate responses to your questions.
How it works: When you send a message through the chat widget, your message is transmitted to Anthropic's servers in the United States for processing. Anthropic's AI model generates a response, which is then displayed to you. Your conversation, including any email address you provide during the chat, is stored in our database (hosted by Supabase).
Important points about AI processing:
- Anthropic processes your messages under their commercial API terms. Your messages and the AI responses are not used to train Anthropic's AI models.
- Anthropic may retain your messages for up to 30 days for trust and safety monitoring purposes, after which they are deleted.
- We minimise the personal information included in prompts sent to Anthropic. However, any information you voluntarily share in the chat (including your email address or health-related questions) will be transmitted to Anthropic's servers for processing.
- The AI chat widget is for informational purposes only and does not provide medical advice (see Section 16).
Email collection through the chat widget: During your conversation, the AI chat widget may ask for your email address using a conversational approach. Providing your email is entirely voluntary. If you choose to share it, we use a marker system to identify and store your email address from the conversation. We use this email solely to follow up with relevant information about the Service.
8. Cookies and tracking technologies
Our website uses cookies and similar tracking technologies. A cookie is a small text file placed on your device when you visit a website.
Strictly necessary cookies (no consent required):
- Supabase session cookies, which maintain your active session while using the birth plan builder
- Cloudflare security cookies (such as bot detection cookies), which protect the website from malicious traffic
Analytics cookies (consent required for UK/EU visitors):
- Google Analytics 4 sets first-party cookies (including
_gaand_ga_[container-id]) with a lifespan of up to two years. GA4 collects information about page views, user interactions, session duration, device and browser type, and approximate location. GA4 does not log or store full IP addresses for visitors in the EU or UK. Data retention in GA4 is set to 14 months. - Microsoft Clarity sets first-party cookies (including
_clck,_clsk, andCLID) to record session data such as mouse movements, clicks, and scroll behaviour. Microsoft may use data collected through Clarity in accordance with Microsoft's own privacy statement, including for advertising purposes.
You can manage or delete cookies through your browser settings. For UK and EU visitors, we obtain your opt-in consent before placing any analytics cookies. To opt out of Google Analytics, you can install the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout.
9. How we share your information
We do not sell your personal information to third parties. We have never sold personal information and will never do so.
We share information with the following service providers to operate the Service:
- Supabase (database hosting): Stores your birth plan data, chat conversations, and saved sessions. SOC 2 Type 2 certified. Privacy policy: supabase.com/privacy
- Stripe (payment processing): Processes your payment. We do not have access to your full payment card details. Privacy policy: stripe.com/privacy
- Resend (email delivery): Delivers transactional emails such as purchase confirmations and birth plan delivery emails. Privacy policy: resend.com/legal/privacy-policy
- Google Analytics 4 (analytics): Collects anonymised usage data. Privacy policy: policies.google.com/privacy
- Microsoft Clarity (session recording and heatmaps): Collects interaction data. Microsoft may use this data for its own purposes including advertising. Privacy policy: privacy.microsoft.com
- Cloudflare (DNS, CDN, and security): Processes IP addresses and web traffic data. Privacy policy: cloudflare.com/privacypolicy
- Anthropic (AI chat processing): Processes your chat messages. Retains messages for up to 30 days. Does not use API data to train models. Privacy policy: anthropic.com/privacy
- Vercel (web hosting): Hosts the BirthGuide website. Processes server logs and IP addresses. Privacy policy: vercel.com/legal/privacy-policy
10. International data transfers
Several of our third-party service providers are based in or process data in the United States, including Supabase, Stripe, Resend, Google, Microsoft, Cloudflare, Vercel, and Anthropic. Some also operate infrastructure in the European Union, the United Kingdom, and the Asia-Pacific region.
In accordance with APP 8, we take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs, including through data processing agreements and by selecting providers with recognised security certifications.
For UK and EU visitors, we rely on the EU-US Data Privacy Framework, Standard Contractual Clauses, and the UK International Data Transfer Addendum (IDTA) where applicable.
11. Data retention
| Data type | Retention period |
|---|---|
| Birth plan data (preferences, names, due dates, care provider details) | 24 months from date of creation, then deleted or de-identified. You may request earlier deletion at any time. |
| Chat conversations (AI widget) | 12 months from the date of the conversation, then deleted. |
| Email addresses collected through the chat widget | 12 months, then deleted unless you have made a purchase. |
| Payment transaction records | 7 years to comply with Australian tax law requirements. |
| Analytics data (GA4, Clarity) | GA4 data is retained for 14 months. Clarity data is retained in accordance with Microsoft's retention schedule. |
| Email delivery records (Resend) | 12 months. |
| Server logs (Vercel, Cloudflare) | Retained by the respective providers in accordance with their own retention schedules, typically no longer than 12 months. |
12. Your privacy rights
Rights under the Australian Privacy Act 1988:
Under APP 12, you have the right to request access to the personal information we hold about you. Under APP 13, you have the right to request correction of inaccurate, out of date, incomplete, irrelevant, or misleading information. We will respond to requests within 30 days.
Additional rights for UK and EU residents under the GDPR:
- Right of access (Article 15): Request a copy of your personal data.
- Right to rectification (Article 16): Request correction of inaccurate personal data.
- Right to erasure (Article 17): Request deletion of your personal data, subject to certain exceptions.
- Right to restrict processing (Article 18): Request restriction of processing in certain circumstances.
- Right to data portability (Article 20): Request your data in a structured, machine-readable format.
- Right to object (Article 21): Object to processing based on legitimate interests, or for direct marketing purposes.
To exercise any of your rights, contact us at hello@birthguide.com.au. We will verify your identity before processing your request. There is no fee unless your request is manifestly unfounded or excessive.
13. Children's privacy
BirthGuide is designed for adults. Our Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hello@birthguide.com.au.
14. Data security
We take reasonable technical and organisational measures to protect your personal information, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Access controls restricted to authorised personnel
- Secure payment processing via Stripe (PCI DSS Level 1 certified)
- Hosting on SOC 2 Type 2 certified infrastructure (Vercel, Supabase)
- DDoS protection and web application firewall via Cloudflare
In the event of an eligible data breach, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by the Notifiable Data Breaches scheme. For UK/EU residents, we will also comply with GDPR notification obligations.
15. No account system
BirthGuide does not operate a traditional user account system. There is no username or password. Your birth plan data is associated with your session and the information you provide. You should keep your birth plan URL safe, as there is no account recovery process.
16. Medical disclaimer
BirthGuide is an informational tool only. It does not constitute medical advice, diagnosis, or treatment.
The birth plans and other materials generated by BirthGuide are designed to help you communicate your preferences to your healthcare provider. You should always discuss your birth preferences and any health concerns with your doctor, midwife, or other qualified healthcare professional. Use of BirthGuide does not create a patient-practitioner relationship.
If you think you may have a medical emergency, call 000 (Australia) or 999/112 (United Kingdom), or go to your nearest hospital emergency department immediately.
17. How to make a complaint
If you believe we have mishandled your personal information, please contact us at hello@birthguide.com.au. We will acknowledge your complaint within 7 days and aim to resolve it within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.
UK residents may also contact the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
18. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this policy and, where practicable, post a notice on our website. Your continued use of BirthGuide after any changes indicates your acceptance of the updated policy.
19. Contact us
If you have any questions about this Privacy Policy, please contact us at hello@birthguide.com.au.