Privacy Policy

Caira(“we”, “us”) provides software used by disability support workers and disability-support providers to record shifts, progress notes, incidents and related records. This policy explains how we handle personal information, including the sensitive health information of NDIS participants, across our web and mobile applications, APIs and supporting infrastructure. It applies to provider organisations, their workers, and the participants whose information is recorded in the service.

For participant and shift records that a provider enters, the provider organisation is the entity that decides why and how the data is used; we act as a service provider (processor) handling that data on the provider’s instructionsunder our customer agreement. We are an independent controller only for the limited account, billing and product-operations data we need to run the service. Where a customer agreement (e.g. a Data Processing Addendum) conflicts with this policy for that customer’s data, the agreement governs.

• Account & organisation data: names, work email addresses, role, and the organisation a user belongs to.
• Records you create: shifts, clock-on/off times, log entries, progress notes, incidents, photos and AI-generated reports.
• Participant information: the personal and health (sensitive) information about NDIS participants that workers enter while providing support.
• Billing data: subscription and payment status (card details are handled by our payments provider, not stored by us).
• Technical & product data: logs, device/usage and error data used to keep the service secure, reliable and improving.

To provide, secure and improve the service; to generate the documentation you request; to provide support; to bill for the service; and to meet legal and record-keeping obligations. We do not sell personal information and do not use participant information for advertising or to train third-party AI models.

Some features use AI to draft notes and reports. Before content is sent to an AI provider for processing, we remove direct personal identifiers (a PII-scrubbing step) so that identifying details are not exposed to the model. AI providers process this content only to return the requested output and under terms that prohibit using it to train their models. Any platform-level analytics we derive from usage (for example, common terms workers type) are de-identified and aggregated — they carry no organisation, worker or participant identifiers.

We share information only with the infrastructure and service providers we use to run Caira (hosting and database, file storage, email delivery, error monitoring, product analytics, payments and AI processing), each bound by confidentiality and data-protection obligations; with your own organisation; where you direct us to; or where required by law. A current list of sub-processors is maintained and made available to customers, with advance notice of material changes.

We aim to store participant and record data in Australia. Where any provider or sub-processor is located or processes data overseas, we take reasonable steps so that the recipient handles the information consistently with the Australian Privacy Principles, and we disclose the relevant locations in our sub-processor list. Cross-border arrangements are confirmed as part of legal review before launch.

We protect information with encryption in transit, role- and tenant-based access controls (so an organisation can only access its own data, enforced at the database layer), least-privilege access for our staff, audit logging of sensitive actions, and ongoing monitoring. No system is perfectly secure, but we work to industry-standard safeguards appropriate to the sensitivity of the data.

We keep information for as long as needed to provide the service and to meet the record-keeping obligations that apply to disability-support providers, then delete or de-identify it. On termination, customer data is deleted or returned in line with the customer agreement. Specific retention periods are set out in the final policy. Backups are retained for a limited period and then overwritten.

Individuals may request access to, correction of, or deletion of their personal information, subject to the provider organisation’s rights and our legal obligations. For participant information held on a provider’s behalf, we direct requests to that provider and assist them in responding. We support a right-to-erasure (de-identification) workflow for participant records.

We maintain an incident-response process. If an eligible data breach occurs that is likely to result in serious harm, we will notify affected customers without undue delay and support notifications to the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by the Notifiable Data Breaches scheme.

The service records information about people receiving disability support, who may be children or otherwise vulnerable. We treat this information as sensitive, limit access to those who need it, and expect provider organisations to obtain any consents required for collecting and recording it.

We will post material changes to this policy here and, for enterprise customers, provide notice under the customer agreement. Privacy questions, requests and complaints can be directed to the contact published with the final version of this document; if you are not satisfied with our response, you may contact the OAIC.