Privacy Policy

Version 1.0 | Effective date: 1 May 2026 | Last reviewed: April 2026

1. About Clearline Health

Clearline Health (“we”, “us”, “our”) operates a suite of digital tools for the NDIS sector:

Aura OS — compliance management software for NDIS Supported Independent Living (SIL) providers
Compass — NDIS plan management and support coordination tool for families and carers
Scrive — AI-assisted clinical report writing for occupational therapists and allied health professionals

Platform URL: clearlinehealth.com.au
Contact: hello@clearlinehealth.com.au

This Privacy Policy governs how we collect, use, disclose, and protect personal information across all three products.

2. What Information We Collect

2.1 Information you provide directly

When you create an account or use the Platform, we may collect:

Name and contact details (email address, phone number)
Organisation name and ABN (for providers using Aura OS)
Role and professional qualifications
Uploaded logo and branding assets
Billing information (processed by Stripe — we do not store payment card details)

2.2 NDIS participant information (Aura OS and Compass)

Participant information collected may include:

Name, age, and NDIS participant number
Primary disability and support classification
Medical history, diagnoses, and medications (entered by families via Compass)
Behaviour Support Plan (BSP) notes
Family and emergency contact details
Shift logs, progress notes, and incident reports
Goals, appointments, and plan funding information

2.3 Automatically collected information

When you use the Platform, we automatically collect:

Device and browser type
IP address and general location (country/state)
Pages visited and features used (via Google Analytics 4)
Session duration and navigation patterns

This information is used to improve the Platform and is not linked to individual participants.

2.4 Information we do NOT collect

Payment card numbers or banking details (handled entirely by Stripe)
Biometric data
Information from children under 13 directly — participant information about minors is provided by parents/guardians

3. How We Use Your Information

3.1 To provide the Platform

Creating and managing your account
Storing and displaying your compliance data, shift logs, incidents, and participant records
Enabling Clearline Connect — the secure data sharing mechanism between Aura OS, Compass, and Scrive
Generating compliance reports and policy documents
Processing Pro subscription payments via Stripe

3.2 To operate our business

Sending account confirmation and billing emails
Sending product updates and new feature announcements (you may unsubscribe at any time)
Responding to support requests and enquiries
Monitoring platform performance and uptime

3.3 To comply with our legal obligations

Maintaining records as required by the Privacy Act 1988
Responding to lawful requests from government bodies or law enforcement
Meeting our obligations under the NDIS Act 2013 and NDIS Practice Standards

3.4 What we will never do

    Sell your personal information to any third party
Use participant data for advertising or marketing purposes
Share clinical or compliance data with insurers, employers, or government agencies unless required by law
Train AI models on your clinical notes or participant data

  

4. How We Share Your Information

4.1 With your consent — Clearline Connect

The Clearline Connect system allows providers, families, and clinicians to share information across the Platform. Information is only shared when a user explicitly generates and shares a Connect link. No sharing occurs automatically without user action.

4.2 Service providers

We share information with trusted third-party service providers who assist us in operating the Platform:

Provider	Purpose	Data shared
Netlify	Web hosting and serverless functions	Application data, form submissions
Stripe	Payment processing	Email, name, payment details (Stripe handles card data directly)
Google Analytics	Platform analytics	Anonymised usage data, no participant info
Anthropic (Claude AI)	AI report generation in Scrive	De-identified clinical notes for report drafting only
Resend	Transactional emails (clearance alerts)	User email address, worker clearance expiry dates
Google Workspace	Business email	Support correspondence

All service providers are bound by data processing agreements and are prohibited from using your information for any purpose other than providing services to Clearline Health.

4.3 Legal requirements

We may disclose your information where required by law, including to the NDIS Commission, the Office of the Australian Information Commissioner (OAIC), law enforcement, or courts. We will notify you of any such disclosure where legally permitted to do so.

4.4 Business transfers

If Clearline Health is acquired, merged, or its assets are transferred, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Storage and Security

5.1 Australian data residency

All participant data and compliance records are stored on servers located in Australia. We do not transfer participant information outside Australia without your explicit consent.

5.2 Security measures

We implement industry-standard security measures including:

HTTPS encryption for all data in transit
Encrypted storage for sensitive data at rest
JWT-based authentication with short-lived access tokens
Role-based access controls — workers can only see data relevant to their role
Regular security reviews and dependency updates
Audit logging of all data access and modifications

5.3 Breach notification

In the event of a data breach that is likely to result in serious harm to any individual, we will notify affected users and the OAIC within 30 days as required by the Notifiable Data Breaches scheme under the Privacy Act 1988.

5.4 Data retention

Data type	Retention period
Active account data	Retained while account is active
Compliance records (shifts, incidents)	7 years after creation (NDIS requirement)
Participant records	7 years or until the participant turns 25 (whichever is later)
Cancelled account data	Deleted within 90 days of account closure, except where retention is required by law
Analytics data	26 months (Google Analytics default)

6. Your Privacy Rights

6.1 Access and correction

You have the right to:

Request a copy of the personal information we hold about you
Request correction of any inaccurate or incomplete information
Request deletion of your account and associated data (subject to our legal retention obligations)

To exercise these rights, contact us at hello@clearlinehealth.com.au. We will respond within 30 days.

6.2 Withdrawing consent

Where we rely on your consent to process information (e.g. marketing emails), you may withdraw consent at any time. Withdrawal will not affect the lawfulness of processing before withdrawal.

6.3 Complaints

If you believe we have breached the Australian Privacy Principles, you may:

Contact us directly at hello@clearlinehealth.com.au — we will respond within 30 days
If not satisfied, lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992

7. Cookies and Tracking

The Platform uses the following tracking technologies:

Google Analytics 4 — tracks page views, session data, and feature usage for platform improvement. IP anonymisation is enabled.
Authentication cookies — session tokens to keep you logged in. These are strictly necessary and cannot be disabled.

We do not use advertising cookies or share tracking data with advertising networks.

8. Children’s Privacy

The Platform is designed for use by adults. We do not knowingly collect personal information directly from children under 13. Participant information about children with disabilities is entered by their parents, guardians, or carers and is governed by the same protections as all participant information.

9. Third-Party Links

The Platform may contain links to third-party websites (e.g. the NDIS Commission portal, NDIS Worker Screening portals). We are not responsible for the privacy practices of those websites and recommend you review their privacy policies independently.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the “Last reviewed” date at the top of this document
Display a notice within the Platform
Email registered users with a summary of key changes

Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your information:

Clearline Health
Email: hello@clearlinehealth.com.au
Web: clearlinehealth.com.au

This Privacy Policy was prepared in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the Notifiable Data Breaches scheme.