Privacy Policy

Last updated: 8 March 2026

1. Who we are

Good Practice Hub is operated by The Policy Place (New Zealand). In this policy, “we”, “us” and “our” refer to The Policy Place. Good Practice Hub provides online practice quizzes and evidence tools for health and community service organisations across Aotearoa New Zealand and Australia.

2. Information we collect

We collect the following personal information when you use Good Practice Hub:

  • Account information — name, email address, organisation, staff role, and region when you create an account or are invited by an organisation.
  • Quiz and practice data — your quiz attempts, scores, concept mastery, and completion timestamps.
  • Organisation membership — if you are added to an organisation’s team, we store your membership details (role, invite date, deadline).
  • Payment information — if you or your organisation subscribes, payment is processed by Stripe. We store your Stripe customer ID and subscription status but never your card details.
  • Technical data — browser type, IP address, and usage analytics collected automatically to maintain and improve the service.

3. How we use your information

We use your personal information to:

  • Provide and personalise the Good Practice Hub service, including role-relevant quizzes and your PracticeLab dashboard.
  • Generate your ProofKit (evidence of practice) for you and, where applicable, for your organisation’s compliance records.
  • Send transactional emails (sign-in codes, staff invitations, deadline reminders, completion celebrations).
  • Send marketing communications about new content and services — only if you have opted in.
  • Process payments and manage subscriptions.
  • Improve the service through aggregated, anonymised analytics.

4. Organisation access

If an organisation adds you to their team, that organisation’s administrators can see your name, email, staff role, quiz completion status, and scores on their Team Dashboard. This enables them to track induction progress and meet compliance obligations.

Your account and practice history belong to you. If you leave an organisation or are removed from their team, your personal PracticeLab and ProofKit remain yours. The organisation retains historical analytics data from your time with them.

5. Data sharing

We do not sell your personal information. We share data only with:

  • Your organisation — as described in section 4, if you are part of a team.
  • Service providers — Supabase (database hosting, Sydney region), Vercel (application hosting), Stripe (payments), and MailerSend (email delivery). Each processes data under their own privacy policies and our instructions.
  • Legal requirements — if required by law or to protect the rights and safety of our users.

6. Data storage and security

Your data is stored in Supabase (Sydney, Australia) and served via Vercel’s global CDN. We use encryption in transit (TLS) and at rest. Access to production systems is restricted to authorised personnel only.

7. Your rights

Under the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your account and personal data.
  • Withdraw marketing consent at any time via your profile settings.
  • Download your ProofKit as a portable record of your practice evidence.

To exercise these rights, contact us at hello@thepolicyplace.co.nz.

8. Cookies and local storage

We use essential cookies for authentication (session management via NextAuth.js). We use browser local storage to remember your preferences (e.g., quizzes on hold). We do not use third-party advertising or tracking cookies.

9. Marketing communications

We only send marketing emails if you have explicitly opted in during profile setup. You can change your preference at any time from your profile page. Transactional emails (sign-in codes, deadline reminders, team invitations) are not marketing and will be sent regardless of your marketing preference.

10. Data retention

We retain your account and practice data for as long as your account is active. Dormant free accounts with no activity for 24 months may be anonymised after prior notification. Anonymised data (with all personal information removed) may be retained for aggregate analytics.

11. Children

Good Practice Hub is designed for adult professionals in health and community services. We do not knowingly collect information from anyone under 16 years of age.

12. Changes to this policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. The “last updated” date at the top of this page indicates when the policy was last revised.

13. Contact us

If you have questions about this privacy policy or how we handle your data, contact us at:

The Policy Place
Email: hello@thepolicyplace.co.nz
Phone: 0224066554