Privacy Policy

Last updated: 19/03/2026

Bridget's Healthy Kitchen ("BHK", "we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and secure your data in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What We Collect

Order & Account Data: When you place an order or create an account, we collect your name, email, shipping/billing address, payment details (processed securely via PCI-compliant partners), phone number, and order history.

Technical Data: We automatically collect your IP address, device/browser details, time zone, pages viewed, referring URLs, and cookies or tracking pixels.

Sensitive Health Information: If you use our health calculators or subscription programmes (e.g., 28 Day Boost Camp), you may provide wellness goals and metabolic interests. We treat this as Sensitive Information. We collect this only with your explicit consent to personalise your programme experience. It is not used for medical diagnosis and does not constitute health advice.

2. How We Use Your Data

We use your information to:

  • Process orders, payments, and shipments
  • Provide customer care and order updates
  • Detect and prevent fraud
  • Send marketing communications (only where you have provided express opt-in consent).
  • Improve our website experience and marketing effectiveness
  • Personalise your programme experience using the provided health interest information.

We also detect your location based on IP to show relevant currency and language, stored in a session cookie.

AI & Automation: Customer support communications may be processed using secure, AI-assisted tools (via Anthropic/OpenRouter API). This processing occurs within our secure infrastructure. Your data is not used to train third-party AI models.

3. Who We Share It With

We share data with trusted service providers who process personal data on our behalf under strict contractual confidentiality:

  • Core Operations: Shopify (e-commerce), Stripe/PayPal (payments), and Australia Post/Shipping providers.
  • Marketing & Analytics: Klaviyo and Google Analytics.
  • Subscription Infrastructure (28 Day Boost Camp): * GoHighLevel & Supabase (USA): CRM and subscriber data management.
    • PostHog (USA): Product analytics.
    • Cloudflare (USA): Security and traffic processing.
    • Resend (USA): Transactional email.
    • Anthropic/Gemini/ OpenRouter (USA): AI-assisted support processing (Enterprise API only).

We never sell or rent your personal information. We do not share Sensitive Health Information with third-party advertisers.

4. Cookies & Tracking Tools

We use cookies and pixels to maintain your session, cart, and currency preferences. You can manage cookies via your browser. While we do not respond to "Do Not Track" signals, we provide granular opt-out options for behavioural advertising.

5. Behavioural Advertising

We use server-side conversion tracking (CAPI) with Meta (Facebook). When you purchase, hashed identifiers (such as email) are sent directly from our server to Meta to measure ad effectiveness.

  • This data is pseudonymised (hashed) before transmission.
  • Sensitive Health Information is strictly excluded from server-side tracking events.
  • You can manage preferences via Facebook Ad Preferences.

6. Your Rights & Data Retention

Under the Australian Privacy Principles, you have the right to:

  • Access and Correction: Request a copy of your data or updates to inaccuracies.
  • Anonymity: Where lawful and practicable, you may interact with us anonymously (e.g., general browsing).
  • Deletion: Request removal of your data (subject to legal record-keeping requirements for financial transactions).

Contact for Data Requests:

  • General: admin@bridgetshealthykitchen.com
  • 28 Day Boost Camp: boost@bridgetshealthykitchen.com. We will respond to all verified requests within 30 days.

7. International Data Transfer

As a global business, BHK utilises best-in-class infrastructure located in the United States. In accordance with APP 8, we take reasonable steps to ensure that these overseas recipients handle your personal information in a manner consistent with the Australian Privacy Principles, including the use of robust data processing agreements. By using our Sites, you consent to this international transfer.

8. Children’s Privacy

We do not knowingly collect personal data from children under 18. Our site is intended for adult use.

9. Policy Updates

We may update this Policy to reflect changes in our practices or regulations. The latest version will always be here, with the updated “Last Updated” date at the top.