Privacy Policy

Last updated: 27 April 2025

NDIS Vault ("we", "us", "our") is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, store, and disclose your personal information.

1. Who We Are

NDIS Vault is an Australian-based platform providing AI-assisted compliance document generation for registered NDIS providers. Our registered contact is: bryce@thevco.com.au. Our operations and data are based in Australia.

2. What Personal Information We Collect

We may collect the following types of personal information:

• Name, email address, and business/organisation name (during registration and account setup)
• Payment information (processed securely by our payment provider — we do not store card details)
• NDIS provider registration details you enter into documents
• Participant information included in support plans or progress notes you generate (which may include sensitive information about NDIS participants)
• Usage data, including pages visited, features used, and session activity
• Technical data such as IP address, browser type, and device identifiers

3. How We Collect Personal Information

We collect personal information when you:

• Register for an account or sign up to our waitlist
• Use our platform to generate NDIS documents
• Contact us via email or our website
• Subscribe to communications from us

We may also collect information automatically through cookies and similar tracking technologies. You may disable cookies in your browser settings, though this may affect platform functionality.

4. Why We Collect Personal Information

We collect and use your personal information to:

• Provide, operate, and improve the NDIS Vault platform
• Generate AI-assisted compliance documents on your behalf
• Process payments and manage your subscription
• Communicate with you about your account, updates, and support
• Comply with legal obligations, including NDIS and privacy laws
• Improve our services through aggregated, anonymised analytics

5. Sensitive Information

Documents you generate on our platform may contain sensitive information about NDIS participants (including health, disability, and personal information). You are responsible for ensuring you have appropriate authority and consent to enter participant information into our platform. We treat all such data with heightened security and do not use it for any purpose other than generating your requested documents.

6. How We Store and Protect Your Information

Your information is stored on secure servers located in Australia. We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews. While we take all reasonable steps to protect your data, no internet transmission is completely secure.

7. Disclosure to Third Parties

We do not sell your personal information. We may share it with:

• Service providers who assist us in operating the platform (e.g., cloud hosting, payment processing, AI infrastructure) — bound by confidentiality obligations
• Regulators and law enforcement when required by Australian law
• Professional advisers (lawyers, accountants) under strict confidentiality

Some service providers may be located outside Australia. Where this occurs, we take steps to ensure they handle your information in accordance with the APPs.

8. Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Complain about a breach of the APPs
• Request deletion of your data (subject to legal retention requirements)

To exercise any of these rights, contact us at bryce@thevco.com.au.

9. Data Retention

We retain your personal information for as long as your account is active, or as required to provide our services and meet legal obligations. When data is no longer needed, it is securely deleted or anonymised.

10. Cookies

Our website uses cookies to improve your experience and analyse usage. Cookies do not identify you personally. You can control cookies through your browser settings.

11. Links to Other Websites

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Complaints

If you believe we have breached the Australian Privacy Principles, please contact us at bryce@thevco.com.au. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

14. Contact Us

For any privacy-related enquiries:

NDIS Vault
Email: bryce@thevco.com.au
Website: ndisvault.com.au
Jurisdiction: Australia