Privacy Policy
Last updated: 22 June 2026
This Privacy Policy explains how George Iacono trading as DRGEORGEAI (ABN 35 958 983 407) ("we", "us", "our") collects, uses, discloses and protects your personal information when you visit drgeorgeai.com (the "Site"), purchase our book, contact us, or enquire about or attend our training and speaking services.
Whether the Privacy Act 1988 (Cth) applies to us can depend on the nature of our activities and the exceptions in that Act, not only on our annual turnover. We intend to handle your personal information in line with the Australian Privacy Principles (APPs) whether or not the Act applies to us.
1. What personal information we collect
We collect only the personal information we reasonably need to run our business. Depending on how you interact with us, this may include:
- Contact enquiries: when you use our contact form, your name, email address and the content of your message. Our form is provided by Formspree, which also records the sender's IP address.
- Book purchases: when you buy our book, your name, email address, billing details and transaction information. These are processed through our storefront (Payhip) and our payment provider (PayPal). We do not collect, see or store your full card or financial account details. Those are handled directly by PayPal.
- Training and speaking engagements: when you book, enquire about or attend training, a workshop or a speaking engagement, the details you provide, which may include your name, email, phone, professional role or employer, invoicing details, and (only if relevant and offered) accessibility or dietary requirements. Where a session is recorded or photographed, or where we use feedback or testimonials, we will tell you and seek your consent.
- Technical information: when you visit the Site, our hosting and content-delivery provider (Cloudflare) automatically logs limited technical data such as your IP address and request information, for security and to deliver the Site. Our domain name is registered through VentraIP, which does not receive visitor data.
We do not use analytics or tracking. We do not run Google Analytics or any similar analytics or advertising tools, and we do not build marketing profiles about you.
Sensitive and health information. This Site is not a clinical service. We do not intentionally request, and we ask you not to send us, any patient or clinical health information or other sensitive information through the contact form, by email or otherwise. If we receive unsolicited sensitive information, we will assess whether we may lawfully retain it and, where appropriate, securely delete or de-identify it.
2. How we collect your personal information
We collect personal information directly from you when you submit the contact form, purchase the book, or enquire about or book our services. We also collect limited technical information automatically through our hosting and security providers when you visit the Site. Where practicable, we provide a short collection notice next to the relevant form (for example the contact and booking forms) so you know why we are collecting the information and who handles it.
3. How we hold your personal information
Your personal information is held in the systems we use to run the business, which include our business email (Google), our storefront and payment records (Payhip and PayPal), our contact-form provider (Formspree), our accounting and tax records, and secure backups. Some of these are operated by third-party providers and some are held on our own business devices. We take reasonable steps to keep these systems secure (see section 8).
4. Why we collect, hold, use and disclose your personal information
We use your personal information to:
- respond to your enquiries and provide customer support
- process and fulfil your book purchase and deliver the product
- arrange, deliver and follow up on training, workshops and speaking engagements
- issue invoices and keep records we are required to keep (for example transaction and tax records)
- maintain the security and proper operation of the Site
- comply with our legal obligations.
We will not use your personal information for an unrelated purpose without your consent, unless we are permitted or required to do so by law.
5. How we disclose your personal information and the providers we use
We do not sell your personal information. We disclose it only to the third-party service providers that help us run the Site and our business, and only to the extent needed for them to provide their service. These providers, and the personal information involved, are:
| Provider | What it does for us | Personal information involved |
|---|---|---|
| Formspree | Contact form handling | Name, email, message, IP address |
| Payhip | Book storefront and checkout | Name, email, billing details, IP address |
| PayPal | Payment processing | Payment and contact details (we do not see card data) |
| Cloudflare | Website hosting, DNS and security | IP address, technical request data |
| VentraIP | Domain name registration | Our business registrant details only; no visitor data |
| Our business email | Any information contained in correspondence with us | |
| Brevo | Email delivery (sending email from our domain) | Any information contained in correspondence we send you |
These providers may use their own sub-processors. We may also disclose personal information where required or authorised by law.
6. Overseas handling of personal information
Some of our providers store, access or process personal information outside Australia. Based on the information available to us, the likely locations are:
- Formspree: United States (hosted on Amazon Web Services in the United States)
- PayPal: United States and other countries (the Australian contracting entity processes data overseas)
- Cloudflare: United States and the European Economic Area
- Google: United States and other countries
- Brevo: European Union (France)
- Payhip: United Kingdom and the European Union
- VentraIP: Australia (domain name registration)
Where the Privacy Act applies and we disclose personal information to an overseas recipient, we will take the steps required of us by law before doing so. In some circumstances we may remain accountable for how an overseas recipient handles your information.
7. Cookies
Our security and content-delivery provider (Cloudflare) may set essential cookies that are necessary for the Site to function securely. We do not use analytics, advertising or tracking cookies. Most browsers let you control or block cookies, though blocking essential cookies may affect how the Site works.
8. How we protect your personal information
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include restricting access to the accounts and records that hold personal information, using multi-factor authentication where it is available, protecting our business devices, securely deleting information we no longer need, and choosing reputable providers that apply their own security measures. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
If we suspect a data breach involving your personal information, we will assess it and, where required by law (including under the Notifiable Data Breaches scheme if it applies to us), notify affected individuals and the relevant regulator.
9. How long we keep your personal information
We keep personal information only for as long as we need it, or for as long as we are required to keep it by law. As a guide:
- transaction, invoicing and tax records are kept for the period required by law (generally at least five years)
- enquiries and contact-form messages are kept for a reasonable period after the matter is resolved and then deleted
- booking and event records are kept for a reasonable period after the engagement.
When we no longer need personal information, we take reasonable steps to delete or de-identify it, including arranging deletion from our providers where they allow it.
10. Access and correction
You may ask us for access to the personal information we hold about you, and ask us to correct it if it is inaccurate, out of date or incomplete. Contact us using the details below. We will respond within a reasonable time. There is normally no charge for making a request, though we may charge a reasonable fee for giving access in some cases. If we decline a request, we will tell you why.
11. Complaints
If you have a concern or complaint about how we have handled your personal information:
- Contact us first using the details below, with enough detail for us to look into it.
- We will respond within a reasonable time, normally within 30 days.
- Escalate if needed: if the Privacy Act applies to our handling of your information and you are not satisfied with our response, you may be able to complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. Complaints to the OAIC must be made in writing. Other consumer or legal remedies may also be available to you.
12. Children
The Site and our products are intended for healthcare professionals and other adults. We do not knowingly collect personal information from children.
13. Changes to this policy
We may update this Privacy Policy from time to time. The current version will always be available on the Site, with the "Last updated" date shown above. Where a change materially affects how we handle personal information we already hold, we will take reasonable steps to notify you directly where practicable, and seek your consent where the law requires it.
14. Status of this policy
This policy describes our information-handling practices. It is not intended to create contractual rights or obligations beyond those that apply under applicable law.
15. Contact us
For any privacy question, request or complaint:
- Email: george@drgeorgeai.com
- Post: PO Box 105, Pascoe Vale South VIC 3044
- Web: drgeorgeai.com