Privacy Policy

Effective Date: 14 May 2026

At Lumenara, we value your privacy and take the protection of your personal information seriously. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you engage with our services, including our website, digital platform, assessments, SPARK, wellbeing reflections, Aria, programs, workshops, coaching, psychological services, and related tools.

If you are completing a Lumenara assessment, including the SPARK assessment, please read this policy before continuing. By completing an assessment or using our services, you acknowledge that Lumenara may collect and use your information as described in this policy.

This policy should be read together with any assessment instructions, consent information, service terms, participant information sheets, or program-specific privacy notices provided to you.

1. Scope

This policy applies to personal information collected through Lumenara’s website, platform, assessments, forms, digital tools, coaching, psychological services, organisational programs, workshops, communications, and related services.

In some contexts, such as employer-sponsored or organisational programs, Lumenara may provide services to an organisation while still protecting participant privacy. Where organisational reporting is provided, it is usually de-identified, aggregated, or limited to agreed program-level information unless you have given consent or disclosure is otherwise required or authorised by law.

2. Information We Collect

The information we collect depends on how you interact with Lumenara. This may include:

  • Personal Identifiers: Name, email address, phone number, contact details, account details, login credentials, and other information needed to identify or communicate with you.
  • Assessment and Reflection Data: Responses to SPARK or other Lumenara assessments, wellbeing check-ins, reflection prompts, surveys, feedback forms, and learning activities.
  • Wellbeing and Sensitive Information: Information about your wellbeing, stress, emotions, functioning, goals, challenges, support needs, and related personal experiences. Some of this information may be sensitive information or health information.
  • Psychological or Health Information: Where you receive psychological services, assessment, supervised practice, or clinically related support, we may collect information relevant to intake, risk, formulation, intervention, session notes, reports, safety planning, and professional record keeping.
  • Aria and Digital Coaching Data: Text-based interactions, prompts, reflections, usage history, and related metadata generated through Aria or other Lumenara digital tools.
  • Demographic Information: Optional information such as age range, gender, role, occupation, industry, location, or other contextual details where relevant to an assessment, program, or service.
  • Program and Engagement Data: Attendance, module progress, practice completion, goals, feedback, participation information, and interaction with Lumenara resources.
  • Referral, Funding, and Administrative Information: Referral details, billing details, Medicare, private health, WorkCover, TAC, NDIS, insurer, employer-sponsored, or other funding information where applicable.
  • Device and Usage Data: Browser type, device information, IP address, referring URLs, session timestamps, pages visited, cookies, analytics data, and interaction data.
  • Communications: Emails, messages, contact forms, support requests, feedback, and other communications with Lumenara.

3. Assessment Data and SPARK

Lumenara assessments, including SPARK, are designed to support reflection, insight, learning, wellbeing planning, and personal development. Assessment responses may be used to generate personalised feedback, suggested focus areas, learning pathways, recommendations, or reports.

Unless explicitly stated otherwise, Lumenara assessments are not diagnostic tools and do not replace professional psychological, medical, crisis, or emergency support. Assessment results should be understood as a guide for reflection and discussion, not as a clinical diagnosis.

Your assessment responses may be used to:

  • generate your individual assessment results or report;
  • personalise your Lumenara experience, recommendations, program pathway, or learning content;
  • support coaching, psychological services, wellbeing planning, or facilitated debriefs where relevant and consented to;
  • monitor progress over time if you complete repeated assessments;
  • improve assessment quality, scoring, user experience, and program design;
  • support de-identified research, evaluation, benchmarking, and product development; and
  • provide aggregated or de-identified insights to organisations where applicable.

We do not provide your identifiable assessment responses to an employer, organisation, or third party unless this has been clearly explained to you, you have consented, or disclosure is required or authorised by law.

4. How We Collect Information

We usually collect personal information directly from you when you:

  • complete SPARK or another Lumenara assessment;
  • complete an intake form, registration form, survey, reflection, or feedback form;
  • create an account or use the Lumenara platform;
  • interact with Aria or other digital tools;
  • participate in a program, workshop, webinar, coaching session, psychological service, or assessment debrief;
  • communicate with us by email, phone, video, form, or other channels; or
  • use our website, platform, or digital services.

We may also collect information from third parties where it is lawful and appropriate, such as referrers, health practitioners, employers, organisational customers, insurers, payment processors, practice management systems, or technology providers.

5. How We Use Your Information

We use your personal information to:

  • provide, personalise, and improve Lumenara services;
  • deliver SPARK and other assessments;
  • generate assessment results, reports, recommendations, or learning pathways;
  • support your progress through Lumenara programs and resources;
  • provide coaching, psychological services, wellbeing support, assessment debriefs, or related services where applicable;
  • communicate with you about your account, assessment, program, bookings, support, or service updates;
  • administer bookings, payments, invoices, Medicare, insurer, or funding processes where relevant;
  • analyse and improve our services, assessments, platform, user experience, and program design;
  • conduct de-identified or aggregated research, evaluation, benchmarking, analytics, and reporting;
  • manage safety, risk, clinical governance, supervision, quality assurance, and professional obligations;
  • comply with legal, regulatory, professional, insurance, tax, audit, and record-keeping obligations; and
  • send relevant service updates, program information, or marketing communications where permitted by law.

6. Legal Bases for Processing

Where required, we process personal information based on one or more legal grounds, including:

  • Consent: Where you have given permission, including for assessments, optional demographic information, sensitive information, or communications.
  • Contract: Where processing is necessary to provide services you have requested or agreed to receive.
  • Legal Obligation: Where processing is required to comply with laws, regulations, professional standards, reporting obligations, or court orders.
  • Legitimate Interests: Where processing is reasonably necessary for service delivery, security, quality improvement, analytics, or business operations, provided those interests are not overridden by your rights.
  • Health, Safety, or Vital Interests: Where processing is necessary to protect life, health, safety, or wellbeing.

7. Sensitive and Health Information

Some information collected by Lumenara may be sensitive information or health information, particularly where you provide information about your wellbeing, psychological health, stress, functioning, support needs, or participation in psychological services.

We collect sensitive or health information only where reasonably necessary for our services, where you have consented, or where collection is otherwise permitted or required by law. We take additional care with sensitive and health information.

8. Psychological Services, Supervision, and Confidentiality

Where Lumenara provides psychological services, your information is handled confidentially and in accordance with applicable professional, ethical, legal, supervision, and record-keeping obligations.

Confidentiality is important, but it is not absolute. We may use or disclose information where:

  • you have provided consent;
  • disclosure is required or authorised by law;
  • it is necessary to prevent or lessen a serious threat to life, health, safety, or wellbeing;
  • it is necessary for supervision, consultation, clinical governance, risk management, or professional obligations;
  • it is required for billing, Medicare, insurer, WorkCover, TAC, NDIS, or related administrative purposes; or
  • it is otherwise permitted under applicable privacy, health, or professional standards.

If psychological services are provided under supervision, relevant information may be discussed with a Board-approved supervisor or appropriate professional consultant for supervision, safety, ethical, quality, and professional development purposes. Wherever practical, information used in supervision or consultation is limited to what is necessary.

9. Aria, AI, and Automated Processing

Lumenara may use AI-assisted tools, digital coaching systems, algorithms, or automated processes to support reflection, wellbeing insights, assessment feedback, content recommendations, learning pathways, administrative workflows, and service improvement.

We do not use automated systems as the sole basis for clinical diagnosis, crisis decisions, treatment decisions, or decisions that significantly affect access to psychological services without appropriate human review.

Aria and other digital tools are designed to support reflection, learning, and wellbeing practice. They are not a substitute for professional psychological, medical, crisis, or emergency support.

10. Data Sharing and Disclosure

We do not sell your personal information. We may share personal information where reasonably necessary for our services, operations, legal obligations, or with consent. This may include:

  • Service Providers: Trusted providers who help us operate our website, platform, assessments, hosting, email, analytics, payments, security, practice management, telehealth, support, and digital tools.
  • Professional and Clinical Supports: Supervisors, consultants, health practitioners, referrers, or professional advisers where relevant to service delivery, supervision, safety, or continuity of care.
  • Funding or Administrative Bodies: Medicare, private health insurers, WorkCover, TAC, NDIS, employers, or other funding bodies where applicable and lawful.
  • Organisational Customers: Where services are provided through an organisation, we may provide de-identified, aggregated, attendance, or program-level information in line with agreed arrangements. Identifiable assessment responses are not shared unless clearly explained, consented to, or required by law.
  • Legal, Regulatory, or Safety Authorities: Where required or authorised by law, regulation, court order, professional obligation, or safety concern.
  • Business Transfers: If Lumenara is involved in a merger, acquisition, restructuring, or asset sale, information may be transferred as part of that transaction subject to appropriate safeguards.

11. De-identified, Aggregated, and Research Use

Lumenara may use de-identified or aggregated information for research, evaluation, benchmarking, reporting, product development, assessment development, service improvement, and organisational insights.

De-identified or aggregated information is designed so that individuals are not reasonably identifiable. Where reporting is provided to an organisation, it will usually be aggregated or de-identified unless otherwise explained and consented to.

12. International Data Transfers

Some of our technology, cloud hosting, email, analytics, payment, security, AI, or support providers may store or process information outside Australia.

Where personal information is transferred or processed outside Australia, we take reasonable steps to ensure appropriate privacy, security, contractual, technical, and organisational safeguards are in place.

13. Data Retention

We retain personal information for as long as reasonably necessary for the purpose for which it was collected, and for any legal, professional, clinical, insurance, audit, tax, regulatory, or record-keeping obligations that apply.

Assessment data may be retained to provide your results, support your progress, allow comparison over time, improve Lumenara assessments, and meet our operational and legal obligations.

Health and psychological service records may need to be retained for legally or professionally required periods, even if you request deletion.

When information is no longer required, we take reasonable steps to securely destroy or de-identify it.

14. Data Security

We implement reasonable technical, organisational, and administrative measures to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

These measures may include secure systems, access controls, password protection, encryption where appropriate, restricted access, confidentiality obligations, secure communication practices, backups, audit trails, data minimisation, and regular review of security practices.

No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we take reasonable steps to protect information in line with its sensitivity.

15. Data Breaches

If we become aware of a suspected or actual data breach, we will take reasonable steps to contain, assess, and respond to the breach.

Where a breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner where required under the Notifiable Data Breaches scheme or other applicable laws.

16. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyse usage, maintain security, measure engagement, and improve our website, platform, assessments, and services.

You can manage cookie preferences through your browser settings. Disabling cookies may affect website or platform functionality.

17. Marketing Communications

We may send service updates, program information, newsletters, or marketing communications where permitted by law. You can unsubscribe from marketing communications at any time using the unsubscribe link provided or by contacting us.

18. Your Rights

You may request access to personal information we hold about you, or ask us to correct information that is inaccurate, incomplete, or out of date.

Depending on the laws that apply to you, you may also have rights to:

  • withdraw consent where processing is based on consent;
  • request deletion or erasure, subject to legal, clinical, professional, and record-keeping obligations;
  • object to or restrict certain processing;
  • request data portability;
  • opt out of certain marketing communications;
  • opt out of the sale or sharing of personal information where applicable; and
  • lodge a complaint with a privacy, health, or data protection authority.

In some circumstances, access or deletion may be refused or limited where permitted by law, including where it would affect another person’s privacy, create a safety risk, interfere with legal proceedings, or conflict with professional record-keeping obligations.

19. Children and Young People

Lumenara’s services are primarily intended for adults. We do not knowingly collect personal information from children or young people without appropriate parent, guardian, authorised consent, or another lawful basis.

If we become aware that we have collected personal information from a child without appropriate consent or lawful authority, we will take reasonable steps to address the matter.

20. Third-Party Links and Services

Our website, platform, emails, assessments, or resources may contain links to third-party websites, tools, platforms, or services. We are not responsible for the privacy practices or content of third-party services. We encourage you to review their privacy policies before providing personal information.

21. Complaints

If you have concerns about how we have handled your personal information, please contact us using the details below. We take privacy complaints seriously and will respond within a reasonable timeframe.

If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner or another relevant privacy, health, or data protection authority.

22. Changes to This Policy

We may update this Privacy Policy from time to time. We will publish the updated version on our website and update the effective date. If changes are significant, we may take additional steps to notify you.

23. Contact Us

For questions, requests, or concerns about this Privacy Policy or our data practices, please contact us at:
Email: privacy@lumenara.io
Address: 11 Wilson Street, South Yarra, Victoria, Australia