Privacy Policy

1. About This Policy

Supportly Pty Ltd ("Supportly", "we", "us", "our") provides NDIS software and related services to disability service providers across Australia. This Privacy Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy applies to all personal information collected through our platform at supportly.au, our mobile applications, customer support channels, and any other services we provide.

By using Supportly, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

We collect personal information that is necessary to provide our platform and services. This includes information you give us directly, information generated through your use of our software, and information we receive from third parties where authorised.

2.1 Information from Providers and Administrators

• Name, job title, and contact details (email address, phone number, business address)
• Organisation name, ABN, and registration details
• Billing and payment information (processed securely through a PCI-compliant payment gateway)
• Account login credentials and access settings
• Communication history with our support team

2.2 Information Related to NDIS Participants

When providers use Supportly to manage participant records, the platform may store personal information about NDIS participants. This includes:

• Full name, date of birth, NDIS number, and contact details
• Support plans, care goals, and service agreement details
• Progress notes, shift records, and incident reports
• Health-related information entered by authorised support staff

Supportly acts as a data processor in relation to participant information. The NDIS provider retains responsibility as the data controller under Australian privacy law.

2.3 Information from Support Workers

• Name, contact details, and employment information
• Qualifications, certifications, and NDIS Worker Screening Check status
• Rostered shifts, attendance, and timesheet records
• Mobile app usage logs for shift management

2.4 Technical and Usage Data

• IP addresses, browser type, and device identifiers
• Pages visited, features used, and session duration
• Error logs and diagnostic data to improve platform performance

3. How We Use Your Information

We use the personal information we collect to:

• Provide, maintain, and improve our NDIS software platform and mobile applications
• Process transactions and manage your subscription account
• Respond to support requests and technical enquiries
• Send transactional communications such as billing notices, product updates, and security alerts
• Monitor platform security and prevent unauthorised access or fraud
• Meet our legal obligations under Australian law, including the NDIS Act 2013
• Conduct research and analysis to improve platform functionality

We do not use personal information for direct marketing unless you have explicitly opted in. You can withdraw consent at any time by contacting us at privacy@supportly.au.

4. Disclosure of Information

Supportly does not sell personal information to third parties. We disclose information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers to assist in operating our platform. These include cloud hosting providers, payment processors, email delivery services, and analytics tools. All providers are bound by confidentiality obligations and are only permitted to use personal information to perform services on our behalf.

4.2 Legal Requirements

We may disclose information where required by law, court order, or government authority, including the NDIS Quality and Safeguards Commission where lawfully required.

4.3 Business Transfers

If Supportly is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. Affected parties will be notified in advance.

4.4 With Your Consent

We may share information in other circumstances where you have provided explicit consent.

5. Data Storage and Security

All data collected by Supportly is stored on secure servers located in Australia. We use industry-standard security measures including:

• AES-256 encryption for data at rest
• TLS 1.2+ encryption for all data in transit
• Role-based access controls and multi-factor authentication
• Regular security audits and penetration testing
• Automated backup and disaster recovery systems

Despite these measures, no system is entirely immune to risk. If you become aware of a potential data breach, contact us immediately at security@supportly.au.

In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by law.

6. Your Access and Correction Rights

Under the Privacy Act 1988 (Cth), you have the right to:

• Request access to personal information we hold about you
• Request correction of inaccurate, incomplete, or out-of-date information
• Request the deletion of personal information where it is no longer required for the purpose it was collected

To exercise these rights, contact us at privacy@supportly.au. We will respond to all requests within 30 days. In some circumstances, we may decline a request where permitted or required by law, and will explain the reason in writing.

7. Sensitive Information

Supportly may process sensitive information in the course of providing our platform to NDIS providers. This includes health information about NDIS participants, information about disabilities, and in some cases information about criminal history (such as NDIS Worker Screening Check results).

We collect and process sensitive information only where:

• The individual has provided explicit consent, or
• Collection is required or authorised by law, including the NDIS Act 2013 and NDIS Practice Standards

Sensitive information receives the highest level of protection within our platform and is subject to strict access controls.

8. Cookies and Tracking

Our website uses cookies and similar tracking technologies to improve your browsing experience and analyse site usage. Cookies we use include:

• Essential cookies: Required for the platform to function correctly. These cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our website. Data is aggregated and anonymised.
• Preference cookies: Remember your settings and preferences across sessions.

You can control non-essential cookies through your browser settings. Disabling cookies may limit some platform functionality.

9. NDIS-Specific Data Handling

Supportly is built exclusively for NDIS registered service providers. We understand the unique privacy obligations that apply in the disability services sector, including obligations under the NDIS Act 2013, the NDIS Practice Standards, and the NDIS Quality and Safeguards Commission guidelines.

Key principles we apply to NDIS-related data:

• Participant data stored within Supportly is accessible only to authorised staff at your organisation.
• Support workers access only the participant information necessary to deliver their assigned supports.
• All access to participant records is logged and auditable through the provider dashboard.
• We assist providers in meeting their own privacy obligations by providing configurable data access controls, audit trails, and compliant documentation workflows.

10. Complaints and Contact

If you have a concern about how Supportly handles your personal information, please contact our Privacy Officer:

• Email:privacy@supportly.au
• Phone:1300 866 959
• Post: Privacy Officer, Supportly Pty Ltd, U30, 22-30 Wallace Avenue, Melbourne VIC 3000

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 business days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone on 1300 363 992.

Changes to This Policy

We review this Privacy Policy regularly and may update it from time to time. Material changes will be communicated via email to account holders or by notice on our website. The effective date at the top of this page reflects the most recent update.