Irisby Let's Grow Together

Draft v1.0. Pending legal review. Not yet effective.

Privacy Statement

Effective from 13 May 2026. Version 1.0.

1. About this Statement

This Privacy Statement describes how Let's Grow Together (LGT, we, us, our) collects, uses, holds, and discloses personal information when you use Iris by Let's Grow Together (Iris). It applies in addition to our Terms of Use.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Our privacy approach in plain language

Iris is designed so that we never collect any clinical information about children, families, or sessions.

Anything you type into Iris about a child or family lives only in your browser. It is not transmitted to our servers. It is not stored. When you close the tab, end the session, or click "Clear," it is gone.

The personal information we do collect is the minimum required to operate your subscription: your name, email, organisation, payment details, and practice settings used to brand exports.

3. What personal information we collect

  • Account information: your name, email address, optional organisation name, professional discipline (optional), country (Australia).
  • Authentication information: your login credentials, held by Clerk on our behalf.
  • Payment information: handled by Stripe. We receive a transaction record and confirmation; we do not receive or store your full card number.
  • Subscription information: your tier, status, renewal date, and acceptance of these terms (with version and timestamp).
  • Practice settings: practice name, optional logo image, practitioner name and credentials, footer text. Used to brand exports. Configured once and reused across sessions.
  • Communications: support requests and product feedback you send us.
  • Operational metadata: IP address, browser, request paths and response codes recorded by our hosting infrastructure for security and reliability. Request bodies are not logged.

4. What we do not collect

  • Clinical content. Iris does not collect, transmit, or store any information about children, families, or sessions.
  • Health information about you, your colleagues, or any third party.
  • Sensitive information (within the meaning of the Privacy Act) other than information about your professional discipline if you choose to provide it.

5. How we collect personal information

We collect personal information directly from you when you create an account, configure practice settings, communicate with us, or use Iris. We may also receive personal information from our payment provider (Stripe) and authentication provider (Clerk) in the course of operating the service.

6. Why we collect, use and hold personal information

  • To create and operate your account.
  • To process payments and manage your subscription.
  • To apply your practice settings to the documents you generate.
  • To provide customer support.
  • To send service-related communications.
  • To send you optional product update emails (you can opt out at any time).
  • To maintain the security and reliability of Iris.
  • To comply with our legal and regulatory obligations.

7. Disclosure of personal information

  • Our payment processor, Stripe, to process your subscription.
  • Our authentication provider, Clerk, to manage logins.
  • Our hosting provider, Cloudflare (via Lovable), to operate Iris.
  • Our email provider, Google Workspace, to send service and product communications.
  • Professional advisers (for example, our lawyers and accountants) where reasonably required.
  • Government, regulatory or law enforcement authorities where required by law.

We do not sell or rent personal information to third parties. We do not use personal information for advertising or for any purpose unrelated to operating Iris.

8. International transfers

Some of our service providers (for example, Stripe, Clerk and our hosting provider) may store and process information outside Australia, including in the United States and other jurisdictions. Where this occurs, we take reasonable steps to ensure the recipient handles personal information consistently with the APPs.

9. Data retention

Account, subscription, and practice settings information is retained for as long as your account is active, and for a reasonable period afterwards (typically up to seven years) to meet our legal, accounting and audit obligations.

Clinical content is not retained at all. It exists only in your browser session and is destroyed when the session ends.

Communications and support requests are retained for the duration of the issue and for a reasonable period afterwards for quality assurance.

10. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Measures include encryption in transit and at rest, access controls, regular reviews of our service providers' security practices, and prompt patching of known vulnerabilities.

If a notifiable data breach occurs, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

11. Cookies and tracking

Iris uses essential cookies to keep you logged in and to remember your preferences. We do not use third-party advertising cookies. We do not use behavioural tracking that profiles you across sites.

We may use minimal first-party analytics to count aggregate page views and detect performance issues. These do not identify individual users.

12. Your rights

Under the Privacy Act, you have the right to:

  • access the personal information we hold about you;
  • request correction of inaccurate, out-of-date, incomplete, irrelevant or misleading personal information;
  • request that we stop using your information for direct marketing;
  • complain about our handling of your personal information.

To exercise any of these rights, contact us using the details in section 15. We will respond within a reasonable time, typically thirty (30) days.

13. Children and minors

Iris is not intended for use by children. Account holders must be at least eighteen (18) years of age. While Iris is used in a paediatric clinical context, no information about children is collected, transmitted, or stored by us.

14. Changes to this Statement

We may update this Privacy Statement from time to time. The current version is published on our website with the version number and effective date. Where changes are material, we will notify you (typically by email and through Iris) before the changes take effect.

15. Complaints and contact

If you have a question or complaint about how we handle personal information, contact our privacy contact:

Lauren Haskins, Director
Email: hello@letsgrowtogether.com.au
Post: PO Box 238, Kotara NSW 2289

If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992

Last updated: 13 May 2026. Version 1.0. Privacy contact: hello@letsgrowtogether.com.au.