Privacy Policy
1. About Clearline Health
Clearline Health (“we”, “us”, “our”) operates a suite of digital tools for the NDIS sector:
- Aura OS — compliance management software for NDIS Supported Independent Living (SIL) providers
- Compass — NDIS plan management and support coordination tool for families and carers
- Scrive — AI-assisted clinical report writing for occupational therapists and allied health professionals
Platform URL: clearlinehealth.com.au
Contact: hello@clearlinehealth.com.au
This Privacy Policy governs how we collect, use, disclose, and protect personal information across all three products.
2. What Information We Collect
2.1 Information you provide directly
When you create an account or use the Platform, we may collect:
- Name and contact details (email address, phone number)
- Organisation name and ABN (for providers using Aura OS)
- Role and professional qualifications
- Uploaded logo and branding assets
- Billing information (processed by Stripe — we do not store payment card details)
2.2 NDIS participant information (Aura OS and Compass)
Participant information collected may include:
- Name, age, and NDIS participant number
- Primary disability and support classification
- Medical history, diagnoses, and medications (entered by families via Compass; extracted from Webster-pack photos in Aura OS Pro — see section 3.5)
- Behaviour Support Plan (BSP) notes
- Family and emergency contact details
- Shift logs, progress notes, handovers, and incident reports
- Medication Administration Records (MAR) including dose, time, and outcome
- Restrictive practice authorisations and usage logs
- Supervision session records and compliance evidence
- Goals, appointments, and plan funding information
2.3 Worker information (Aura OS)
For provider staff onboarded into Aura OS, we collect employment-grade information to support compliance and payroll:
- Name, email, phone, address, date of birth, role, employment type
- Right-to-work status and document expiry
- NDIS Worker Screening Clearance number and expiry
- Training certificates and expiry dates (first aid, manual handling, medication, BSP, induction)
- Emergency contact details
- Driver licence (where required for the role)
- Payroll information: superannuation fund + member number, bank BSB + account, Tax File Number (TFN)
Payroll fields (bank details and TFN) are encrypted at rest using pgcrypto with a server-side key that is never shipped to clients. TFN handling complies with the Tax File Number Rule 2015 under the Privacy Act — stored only where necessary, never logged in audit trails, and stripped from read endpoints for non-admin roles.
2.4 Automatically collected information
When you use the Platform, we automatically collect:
- Device and browser type
- IP address and general location (country/state)
- Pages visited and features used (via Google Analytics 4)
- Session duration and navigation patterns
- Error events and stack traces when the Platform crashes or throws an unhandled exception (via Sentry). Captures include the URL path, error message, stack trace, and the affected user ID and organisation ID so we can investigate which tenant a crash hit; Authorization headers, cookies, request bodies, and any free-text content are scrubbed before send. Crash data is associated with your account.
This information is used to improve the Platform and is not linked to individual participants.
2.5 Mobile device information (Aura OS native app)
If you install the Aura OS native app on Android or iOS, we additionally collect:
- Push notification tokens issued by Apple Push Notification Service (APNs) or Firebase Cloud Messaging (FCM). These are pseudonymous device identifiers we use to deliver in-app notifications (e.g. new messages, handover prompts). You can disable notifications at any time in your device settings; disabling does not affect your account.
- Device model, OS version, and app version — collected once on registration to help us support the device list we build for, and to diagnose bugs reported via the Support feature.
- Coarse location when you check in or out of a shift — only when you actively tap "Check in" or "Check out". We do not track location continuously, and location is never shared outside your organisation.
The native app does not collect: contacts, photos (beyond what you explicitly upload), microphone audio, SMS, call logs, or advertising IDs.
2.6 Information we do NOT collect
- Payment card numbers (handled entirely by Stripe)
- Biometric data
- Advertising identifiers (IDFA, AAID), cross-site tracking cookies, or behavioural advertising data of any kind
- Microphone audio, SMS messages, call logs, or device contacts
- Continuous (background) location — location is captured only at the moment you tap Check in / Check out on a shift
- Calendar entries from your device
- Information from children under 13 directly — participant information about minors is provided by parents/guardians
2.7 Mobile app permissions (Aura OS native app)
The Aura OS Android and iOS apps request the following device permissions. Each is requested only when needed and you can revoke any of them in your device settings without losing access to your account.
| Permission | When requested | What we use it for |
|---|---|---|
| Camera | When you tap "Take photo" on the Webster-pack medication scanner or worker training certificate uploader | Capture the photo you choose to upload. We do not access the camera in the background. |
| Photo library | When you tap "Choose photo" on Webster-pack medications, training certificates, or incident attachments | Read the specific photo you select. We do not browse or index your library. |
| Photo library (add) — iOS only | When you tap "Save to camera roll" on a generated PDF report | Write a PDF you generated to your camera roll, at your request. |
| Location (when in use) | When you tap Check in or Check out on a shift | Record your approximate location at that moment as part of the shift audit trail required by the NDIS Commission. We do not request "Always" location and do not track you in the background. |
| Push notifications | On first sign-in | Deliver shift reminders, handover prompts, medication low-stock alerts, and inbox messages. The push token is a pseudonymous device identifier — see section 2.5. |
The Aura OS app does not request: contacts, calendar, microphone, SMS, call log, sensors, fitness data, NFC, Bluetooth, advertising ID, or "Always" location.
2.8 Tracking across other apps and websites
Clearline Health does not track you across other apps or websites for any purpose. Specifically:
- We do not request the iOS App Tracking Transparency (ATT) permission, because we do not track.
- We do not use your device's advertising identifier (IDFA on iOS, AAID on Android).
- We do not pass your data to ad networks, data brokers, or analytics partners other than the privacy-respecting sub-processors named in section 4.2.
- Anonymised Google Analytics 4 data is used solely to improve our marketing pages and the in-product experience — never for retargeting or audience-building.
3. How We Use Your Information
3.1 To provide the Platform
- Creating and managing your account
- Storing and displaying your compliance data, shift logs, incidents, and participant records
- Enabling Clearline Connect — the secure data sharing mechanism between Aura OS, Compass, and Scrive
- Generating compliance reports, policy documents, and audit evidence packs (PDF)
- Pushing invoices to your connected Xero accounting tenant (Aura OS Pro, opt-in) — see section 4.5
- Processing Pro subscription payments via Stripe
3.2 To operate our business
- Sending account confirmation and billing emails
- Sending product updates and new feature announcements (you may unsubscribe at any time)
- Responding to support requests and enquiries
- Monitoring platform performance and uptime
3.3 To comply with our legal obligations
- Maintaining records as required by the Privacy Act 1988
- Responding to lawful requests from government bodies or law enforcement
- Meeting our obligations under the NDIS Act 2013 and NDIS Practice Standards
3.4 What we will never do
- Sell your personal information to any third party
- Use participant data for advertising or marketing purposes
- Share clinical or compliance data with insurers, employers, or government agencies unless required by law
- Train AI models on your clinical notes or participant data
3.5 AI-assisted features
Several Platform features use artificial intelligence, run through Clearline’s own server-side gateway, to generate drafts or extract structured data from what you enter or upload. These are always opt-in per feature and are disclosed in the UI at the point of use. Requests are never sent from your device directly to an AI provider; they pass through our gateway first.
- Scrive report drafts — clinical notes and assessment inputs you enter are sent, through our AI gateway, to a contracted AI provider solely to draft a first-pass report. You review, edit, and approve before the report is used externally.
- Aura OS — Audit Evidence summary (Pro) — when you run an evidence pack, the compiled day-level shift, incident, handover, policy, and training data is sent, through our AI gateway, to a contracted AI provider to produce the narrative summary section. The raw data remains in your tenant; only the synthesised summary is generated.
- Aura OS — Webster-pack medication OCR (Pro) — when you tap “From photo” on the Medications list, the uploaded pack image is sent, through our AI gateway, to a contracted AI provider’s vision model to extract medication name, dose, time, and quantity. Extracted rows are shown for your per-row review before save. The image is not retained after extraction.
Our AI providers process these requests under commercial terms that prohibit using your inputs or outputs to train their models. Requests may transit infrastructure outside Australia. The AI provider(s) currently in use, what each receives, and where each processes, are listed in the sub-processor table below (section 4.2) and kept current there. Provider-side log retention is stated per provider in that table.
4. How We Share Your Information
4.1 With your consent — Clearline Connect
The Clearline Connect system allows providers, families, and clinicians to share information across the Platform. Information is only shared when a user explicitly generates and shares a Connect link. No sharing occurs automatically without user action.
4.2 Service providers (sub-processors)
We share information with trusted third-party service providers who assist us in operating the Platform. Each is bound by contractual terms prohibiting the use of your information for any purpose other than delivering their service to Clearline Health.
| Provider | Purpose | Data shared | Region |
|---|---|---|---|
| Supabase | Primary database (Postgres) for all provider, worker, participant, and compliance records | All tenant data at rest | Sydney, Australia (ap-southeast-2) |
| Fly.io | API compute (the server that your Aura OS / Compass / Scrive clients call) | All tenant data in transit during request/response handling — no persistent storage | Sydney, Australia (syd) |
| Netlify | Static web hosting for the marketing site and the Aura OS / Compass / Scrive client apps | No tenant data — Netlify serves static files only; dynamic data is fetched from the API | Global CDN |
| Cloudflare R2 | Object storage for uploaded files: organisation logos, invoice PDFs, audit evidence PDFs, incident attachments, Webster-pack photos | Binary files as uploaded; URLs are time-limited presigned | Asia-Pacific |
| Stripe | Subscription billing and payment processing | Email, name, organisation, subscription tier; card details handled directly by Stripe | Global (Stripe retains primary records in the US; PCI DSS Level 1) |
| Xero | Opt-in (Aura OS Pro): one-way push of generated invoice batches into your connected Xero accounting tenant | Plan-manager contact details, invoice line items, participant first names, invoice totals — only for invoices you explicitly generate | Your Xero tenant region (you control) |
| Anthropic | AI drafting for Scrive reports, Aura OS Audit Evidence narratives, and/or Webster-pack medication OCR (see section 3.5) — all opt-in at the feature level | Only the specific inputs sent for a given AI request. Not used for model training. | United States |
| OpenAI | AI drafting for Scrive reports, Aura OS Audit Evidence narratives, and/or Webster-pack medication OCR (see section 3.5) — all opt-in at the feature level | Only the specific inputs sent for a given AI request. Not used for model training. | United States |
| Resend | Transactional and inbound email: account sign-up, welcome sequence, password reset, billing receipts, clearance alerts, audit-evidence emails to auditors, invoice emails to plan managers | Recipient email address and the email body you choose to send | Global (EU / US) |
| Firebase Cloud Messaging (FCM) | Android push-notification delivery for the Aura OS native app | Pseudonymous device push token plus the notification title/body you receive | Global (Google) |
| Apple Push Notification Service (APNs) | iOS push-notification delivery for the Aura OS native app (when available) | Pseudonymous device push token plus the notification title/body you receive | Global (Apple) |
| Sentry | Application error monitoring | Error stack traces, URL path, and request metadata. Authorization headers, cookies, and request bodies are scrubbed before send. | United States |
| Google Analytics 4 | Anonymised website and app usage analytics on marketing and product pages | Page URL, referrer, anonymised IP, device type — no participant or clinical data | Global (Google) |
| Google Workspace | Our business email inbox (hello@clearlinehealth.com.au) | Support correspondence you send us | Global (Google) |
4.3 Legal requirements
We may disclose your information where required by law, including to the NDIS Commission, the Office of the Australian Information Commissioner (OAIC), law enforcement, or courts. We will notify you of any such disclosure where legally permitted to do so.
4.4 Business transfers
If Clearline Health is acquired, merged, or its assets are transferred, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
4.5 Xero integration (opt-in, Aura OS Pro)
If you connect your Xero accounting tenant to Aura OS, you authorise us via OAuth 2.0 to push invoice batches to that tenant on your behalf. Specifically:
- We request the scopes
openid,profile,email,offline_access,accounting.invoices,accounting.contacts, andaccounting.settings. These let us create draft invoices and the related plan-manager contacts in your Xero tenant. - Access and refresh tokens are encrypted at rest using pgcrypto with a server-side key.
- The connection is one-way (Aura OS → Xero). We do not read data out of Xero beyond listing the tenants your sign-in is authorised for.
- You can disconnect at any time in Aura OS Settings → Integrations. On disconnect we mark the tokens as revoked and stop pushing to that tenant. Revoking the grant from within Xero has the same effect.
- We are not a Xero App Store certified partner at this stage. Your use of Xero remains governed by your Xero subscription agreement.
5. Data Storage and Security
5.1 Data residency
Clearline Health stores tenant data across the following locations:
- Primary database (Postgres) — Sydney, Australia (AWS
ap-southeast-2), hosted by Supabase. All participant, worker, compliance, and billing records live here at rest. - Object storage (PDFs, logos, uploaded files) — Cloudflare R2, APAC region.
- API compute — Sydney, Australia (
syd), hosted by Fly.io. Your data passes through this region in transit when you make a request, but is never persisted there. - AI processing — Inputs sent to our contracted AI provider(s) (currently Anthropic and OpenAI, see section 4.2) for the opt-in features listed in section 3.5 are processed in the United States.
We do not sell, transfer, or share participant information with any party outside these sub-processors without your explicit consent.
5.2 Security measures
We implement industry-standard security measures including:
- HTTPS / TLS encryption for all data in transit
- pgcrypto column-level encryption for sensitive fields at rest — worker bank details, Tax File Numbers, and Xero OAuth tokens — using a server-side key never shipped to clients
- JWT-based authentication with short-lived access tokens
- Role-based access controls (admin / manager / support staff / worker) — workers only see participants they have been explicitly assigned to
- Rate limiting on all sensitive mutation endpoints (incidents, medications, Commission reporting)
- Regular security reviews, dependency updates, and third-party sub-processor audits
- Append-only audit log of all data access and modifications, including evidence exports, Xero invoice pushes, and AI feature invocations
5.3 Breach notification
In the event of a data breach that is likely to result in serious harm to any individual, we will notify affected users and the OAIC within 30 days as required by the Notifiable Data Breaches scheme under the Privacy Act 1988.
5.4 Data retention
| Data type | Retention period |
|---|---|
| Active account data | Retained while account is active |
| Compliance records (shifts, incidents) | 7 years after creation (NDIS requirement) |
| Participant records | 7 years or until the participant turns 25 (whichever is later) |
| Cancelled account data | Deleted within 90 days of account closure, except where retention is required by law |
| Analytics data | 26 months (Google Analytics default) |
5.5 Behaviour Support Plans (Aura OS)
Aura OS allows operators to upload Behaviour Support Plans (BSPs) authored by registered Behaviour Support Practitioners. BSPs are clinical documents containing sensitive participant information, including documented restrictive practices and their authorisations.
How we use BSP data
- BSP PDFs are stored encrypted at rest in Cloudflare R2 (Asia-Pacific region) with access restricted to authorised roles within your organisation.
- With explicit operator consent at the time of upload, BSP PDF content is processed by a contracted AI provider (currently Anthropic or OpenAI, both named US sub-processors, see section 4.2) to extract structured fields for review. Our AI providers do not use this data to train AI models.
- Operators may opt out of AI extraction and enter BSP structure manually instead.
- BSP data flows to other Clearline Health products (Compass, Pilot) only through the Connect identity layer with explicit per-link consent. Consent is auditable and revocable.
- BSP data, including extracted fields and the original PDF, is retained for 7 years per NDIS retention requirements, after which it is securely deleted.
Access controls
- BSP content (target behaviours, triggers, strategies) is visible to organisation members assigned the behaviour_support_lead role, organisation managers, and organisation owners.
- Restrictive practice details (descriptions, authorisations) are restricted to behaviour_support_lead, manager, and owner roles. Support workers see redacted summaries only, within the context of incident logging.
- All access to restrictive practice data is audit-logged.
Sub-processors
Our contracted AI provider(s) (currently Anthropic, PBC, and OpenAI, L.L.C., both US) process BSP PDF content during AI extraction. Processing is limited to extraction scope; no training use. Each provider’s data processing addendum is available on request.
6. Your Privacy Rights
6.1 Access and correction
You have the right to:
- Request a copy of the personal information we hold about you
- Request correction of any inaccurate or incomplete information
- Request deletion of your account and associated data (subject to our legal retention obligations)
To exercise these rights, contact us at hello@clearlinehealth.com.au. We will respond within 30 days.
6.2 Withdrawing consent
Where we rely on your consent to process information (e.g. marketing emails), you may withdraw consent at any time. Withdrawal will not affect the lawfulness of processing before withdrawal.
6.3 Complaints
If you believe we have breached the Australian Privacy Principles, you may:
- Contact us directly at hello@clearlinehealth.com.au — we will respond within 30 days
- If not satisfied, lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992
7. Cookies and Tracking
The Platform uses the following tracking technologies:
- Google Analytics 4 — tracks page views, session data, and feature usage for platform improvement. IP anonymisation is enabled.
- Authentication cookies — session tokens to keep you logged in. These are strictly necessary and cannot be disabled.
We do not use advertising cookies or share tracking data with advertising networks.
8. Children’s Privacy
The Platform is designed for use by adults. We do not knowingly collect personal information directly from children under 13. Participant information about children with disabilities is entered by their parents, guardians, or carers and is governed by the same protections as all participant information.
9. Third-Party Links
The Platform may contain links to third-party websites (e.g. the NDIS Commission portal, NDIS Worker Screening portals). We are not responsible for the privacy practices of those websites and recommend you review their privacy policies independently.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the “Last reviewed” date at the top of this document
- Display a notice within the Platform
- Email registered users with a summary of key changes
Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy or how we handle your information:
Clearline Health
Email: hello@clearlinehealth.com.au
Web: clearlinehealth.com.au
This Privacy Policy was prepared in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the Notifiable Data Breaches scheme.