Privacy Policy

providor handles information for people and organisations seeking NDIS registration, aged care registration, compliance documentation, audit preparation, company setup, and related business services. This policy explains how we collect, use, disclose, protect, retain, and manage personal information.

We aim to handle personal information consistently with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and good privacy practice where those obligations apply to us.

We may collect your name, role, email address, phone number, address, company name, ABN/ACN, state or territory, business structure, selected registration groups, chosen add-ons, payment status, order history, dashboard activity, messages, support requests, and consultation notes.

We may collect business and compliance documents you upload or provide, including company extracts, identity documents, qualifications, licences, professional registrations, insurance certificates, worker screening evidence, policies, procedures, audit documents, logos, marketing materials, invoices, and operational information.

We may collect technical information such as IP address, browser type, device type, pages visited, form interactions, approximate location, referral source, cookies, analytics events, and security logs.

Some documents may include sensitive information, including identity information, professional membership information, health-related qualifications, worker screening information, criminal history check outcomes, disability service information, or health information. Health information is treated as sensitive information under Australian privacy law.

We only ask for sensitive information where it is reasonably necessary for the service, where you provide it through the intake or dashboard, where you consent to us handling it, or where handling is otherwise permitted by law.

We collect information when you browse the website, submit a contact form, use the onboarding flow, select services, create or access a dashboard, upload documents, make a payment, email or call us, respond to consultant questions, or otherwise provide information to us.

Where practical, we collect information directly from you. We may also receive information from authorised staff, business partners, consultants, payment providers, auditors, professional advisers, or third-party platforms you ask us to use.

We use information to respond to enquiries, prepare quotes, process orders, determine your registration pathway, identify audit type, tailor policies and procedures, prepare application guidance, manage dashboard tasks, review uploaded evidence, issue invoices, process payments, provide support, and deliver purchased add-ons.

We may also use information for security, fraud prevention, record keeping, service improvement, internal training, quality assurance, legal compliance, dispute management, and to enforce our Terms & Conditions.

Information about selected NDIS registration groups, aged care services, professional qualifications, licences, memberships, insurance, and audit readiness may be used to prepare guidance and identify likely document or evidence requirements.

We do not use this information to make final regulatory decisions. Regulators, auditors, professional bodies, insurers, and government agencies make their own assessments.

Payments may be processed by Stripe or another secure payment provider. We may receive payment status, transaction identifiers, invoice details, billing contact details, and limited payment metadata. We do not intentionally store full credit card numbers on our servers.

Payment providers handle payment information under their own terms and privacy policies.

We may disclose information to employees, contractors, consultants, document reviewers, IT providers, hosting providers, storage providers, email and messaging platforms, payment processors, analytics providers, professional advisers, debt recovery providers, insurers, auditors, or regulators where necessary for our services or legal obligations.

We may disclose information to a regulator, auditor, professional body, government agency, or third party where you instruct us to do so, where it is reasonably necessary to deliver a service, where required by law, or where necessary to protect rights, safety, security, or legal interests.

Some software, hosting, payment, storage, analytics, support, or email providers may store or process information outside Australia. Where we use those providers, we take reasonable steps to choose reputable services and manage access appropriately.

If cross-border disclosure rules apply, we will take reasonable steps required by the Australian Privacy Principles before disclosing personal information overseas, unless an exception applies.

We may use cookies, pixels, analytics tools, and similar technologies to operate the website, remember form progress, measure performance, improve usability, understand conversion paths, and protect the service from misuse.

You can usually disable cookies in your browser, but some website or onboarding features may not work properly.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Practical controls may include access controls, secure hosting, encrypted connections, private storage, role-based permissions, audit logs, password protection, staff confidentiality obligations, and secure payment processing.

No internet service, email system, dashboard, upload tool, or storage platform is completely secure. You should avoid sending unnecessary sensitive information and should keep your login details confidential.

If you upload documents, you are responsible for ensuring you have authority to provide them, that they are accurate, and that they do not include unnecessary third-party information.

Uploaded documents may be viewed by authorised personnel and consultants for the purpose of delivering services. In production, private file storage, authenticated access, and role-based permissions should be used for dashboard files.

We retain information for as long as reasonably needed to provide services, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, support audit trails, and manage tax or accounting requirements.

When information is no longer required, we will take reasonable steps to delete, de-identify, or archive it securely, subject to backup cycles and legal retention requirements.

We may send service updates, onboarding reminders, consultation follow-ups, compliance updates, or marketing communications where permitted by law. You can unsubscribe from marketing emails by using the unsubscribe link or contacting us.

We will not sell your personal information to data brokers.

You may request access to personal information we hold about you or ask us to correct inaccurate, out-of-date, incomplete, irrelevant, or misleading information. We may need to verify your identity before responding.

We may refuse access or correction where permitted by law, for example where a request is unreasonable, would affect another person’s privacy, would reveal commercially sensitive information, or would breach legal obligations.

If you have a privacy concern, contact us first with details of the issue and the outcome you are seeking. We will review the complaint and respond within a reasonable time.

If you are not satisfied with our response and the Privacy Act applies, you may be able to contact the Office of the Australian Information Commissioner.

If we become aware of a data breach that is likely to result in serious harm and the Notifiable Data Breaches scheme applies, we will take steps required by law, which may include notifying affected individuals and the OAIC.

We may update this Privacy Policy as our services, systems, legal obligations, or third-party providers change. The updated version will be published on this page with a revised date.