Introduction

Welcome to Ndisync.ai, your dedicated platform for connecting NDIS participants, support workers, companies, coordinators, and allied health professionals. We are committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your data. This Privacy Policy applies to all users, including those utilizing our freemium model.

Information we collect

To provide and enhance our services, we collect various types of data:

• Personal information: Name, email address, telephone number.
• Professional Information Job titles, work history, educational background, certifications, and qualifications.
• User-Generated Content: Profile details, posts, and other content created by users.
• Permissions data: Access to files, media, microphone, camera, and notifications.
• Usage data: Interactions on the platform, such as activity on the news feed or community discussions.
• Verification documents: Documents submitted for identity and NDIS verification.

Verification process

To ensure authenticity and adherence to NDIS verification protocols, we internally manage all user verifications. Users are required to:

• Submit necessary documents via the "Verify" feature on the platform
• Undergo manual review by our verification team.

Once verified, users will receive a verified badge on their profiles, enhancing security and trust.

Usage of collected data

The collected data is utilized for the following purposes:

Platform purpose

• Name, email address, telephone number.
• Matching users with relevant opportunities and services.

Functionality Enablement:

Allowing document uploads, photo/video capturing, and audio recordings

Service Improvements:

Analyzing service usage to customize and enhance user experience

Identity Verification:

Authenticating users to maintain the platform’s integrity.

Data Collection Practices and Third-Party Libraries

Our platform integrates third-party libraries and services to enhance functionality, including:

• Local Storage Usage: For offline features.
• Notification Tokens: To manage notifications.
• Payment Information: For secure transactions via Stripe.
• Network Status Information: To optimize platform responsiveness.

These integrations collect data solely to improve performance and are not shared with external third parties for their independent use.

Third-Party Data Sharing Practices

While personal data is not shared with third parties for independent purposes, certain functionalities necessitate data sharing:

• Payment Processing: Stripe processes payment information to ensure secure transactions.
• Notifications: Token access is used for managing and delivering notifications.

All data collected by third-party services is restricted to the functionalities provided within the app.

User Consent Management

Users can manage their consent and preferences for data collection and sharing:

Marketing Communications:

Preferences can be adjusted in the app’s settings menu.

Permissions Management:

Device permissions for camera, media, and notifications are prompted by the operating system and can be modified in device settings.

Opt-Out Options:

Users may opt out of non-essential communications through the platform’s settings.

User Rights and Choices

As a user of Ndisync.ai, you have the following rights:

Access and Update:

Modify your personal information via the app’s profile settings.

Data Deletion:

Request deletion of your personal data, with the exception of data retained for legal or operational purposes (e.g., email addresses linked to job posts).

Objection:

Decline specific uses of your data, such as marketing communications.

Restrictions:

Request processing limitations under specific circumstances, such as contested data accuracy.

Cookies and Tracking Technologies

We utilize cookies and similar technologies to enhance your experience:

Session Cookies:

Temporary cookies removed when you close your browser.

Persistent Cookies:

Remain on your device until expired or manually deleted.

These tools help store profile information (e.g., name, user role) and track activity for analytics. Users can manage cookie preferences via their browser settings.

Security Measures

We prioritize your data security and have implemented robust measures, including:

Encryption:

Data is encrypted in transit and at rest.

Secure Storage:

Data is stored in secure facilities with state-of-the-art protocols.

Access Controls:

Only authorized personnel can access your data.

Regular Audits:

Routine security assessments to address vulnerabilities.

Incident Response:

Prompt responses to any security breaches.

Compliance with Data Protection Regulations

Ndisync.ai complies with the following regulations:

Australian Privacy Principles (APPs):

Ensuring transparency, security, and user control over data.

General Data Protection Regulation (GDPR):

For users within applicable jurisdictions.

Your rights under these regulations include:

Access:

Request copies of your personal data.

Rectification:

Correct inaccuracies in your data.

Erasure:

Request deletion under specific conditions.

Restriction:

Limit data processing in certain scenarios.

Portability:

Transfer your data to another provider.

Objection:

Decline data processing for specific purposes.

Data Retention

We retain user data only as long as necessary to fulfill service requirements or comply with legal obligations. For instance:

Billing Records:

Retained for 7 years as required by Australian law.

Operational Data:

Deleted upon user request or account termination, except for data required for ongoing legal or operational obligations.

Changes to This Policy

This Privacy Policy may be updated periodically. Users will be notified of significant changes via email or platform notifications. Continued use of the platform constitutes acceptance of the revised policy.

Contact Information

For questions or concerns regarding this Privacy Policy, contact us at: Hello@ndisync.ai.ai.