Privacy Policy

Version 1.2 | Effective date: 1 May 2026 | Last reviewed: 30 April 2026

1. About Clearline Health

Clearline Health (“we”, “us”, “our”) operates a suite of digital tools for the NDIS sector:

Aura OS — compliance management software for NDIS Supported Independent Living (SIL) providers
Compass — NDIS plan management and support coordination tool for families and carers
Scrive — AI-assisted clinical report writing for occupational therapists and allied health professionals

Platform URL: clearlinehealth.com.au
Contact: hello@clearlinehealth.com.au

This Privacy Policy governs how we collect, use, disclose, and protect personal information across all three products.

2. What Information We Collect

2.1 Information you provide directly

When you create an account or use the Platform, we may collect:

Name and contact details (email address, phone number)
Organisation name and ABN (for providers using Aura OS)
Role and professional qualifications
Uploaded logo and branding assets
Billing information (processed by Stripe — we do not store payment card details)

2.2 NDIS participant information (Aura OS and Compass)

Participant information collected may include:

Name, age, and NDIS participant number
Primary disability and support classification
Medical history, diagnoses, and medications (entered by families via Compass; extracted from Webster-pack photos in Aura OS Pro — see section 3.5)
Behaviour Support Plan (BSP) notes
Family and emergency contact details
Shift logs, progress notes, handovers, and incident reports
Medication Administration Records (MAR) including dose, time, and outcome
Restrictive practice authorisations and usage logs
Supervision session records and compliance evidence
Goals, appointments, and plan funding information

2.3 Worker information (Aura OS)

For provider staff onboarded into Aura OS, we collect employment-grade information to support compliance and payroll:

Name, email, phone, address, date of birth, role, employment type
Right-to-work status and document expiry
NDIS Worker Screening Clearance number and expiry
Training certificates and expiry dates (first aid, manual handling, medication, BSP, induction)
Emergency contact details
Driver licence (where required for the role)
Payroll information: superannuation fund + member number, bank BSB + account, Tax File Number (TFN)

Payroll fields (bank details and TFN) are encrypted at rest using pgcrypto with a server-side key that is never shipped to clients. TFN handling complies with the Tax File Number Rule 2015 under the Privacy Act — stored only where necessary, never logged in audit trails, and stripped from read endpoints for non-admin roles.

2.4 Automatically collected information

When you use the Platform, we automatically collect:

Device and browser type
IP address and general location (country/state)
Pages visited and features used (via Google Analytics 4)
Session duration and navigation patterns
Error events and stack traces when the Platform crashes or throws an unhandled exception (via Sentry). Captures include the URL path, error message, stack trace, and the affected user ID and organisation ID so we can investigate which tenant a crash hit; Authorization headers, cookies, request bodies, and any free-text content are scrubbed before send. Crash data is associated with your account.

This information is used to improve the Platform and is not linked to individual participants.

2.5 Mobile device information (Aura OS native app)

If you install the Aura OS native app on Android or iOS, we additionally collect:

Push notification tokens issued by Apple Push Notification Service (APNs) or Firebase Cloud Messaging (FCM). These are pseudonymous device identifiers we use to deliver in-app notifications (e.g. new messages, handover prompts). You can disable notifications at any time in your device settings; disabling does not affect your account.
Device model, OS version, and app version — collected once on registration to help us support the device list we build for, and to diagnose bugs reported via the Support feature.
Coarse location when you check in or out of a shift — only when you actively tap "Check in" or "Check out". We do not track location continuously, and location is never shared outside your organisation.

The native app does not collect: contacts, photos (beyond what you explicitly upload), microphone audio, SMS, call logs, or advertising IDs.

2.6 Information we do NOT collect

Payment card numbers (handled entirely by Stripe)
Biometric data
Advertising identifiers (IDFA, AAID), cross-site tracking cookies, or behavioural advertising data of any kind
Microphone audio, SMS messages, call logs, or device contacts
Continuous (background) location — location is captured only at the moment you tap Check in / Check out on a shift
Calendar entries from your device
Information from children under 13 directly — participant information about minors is provided by parents/guardians

2.7 Mobile app permissions (Aura OS native app)

The Aura OS Android and iOS apps request the following device permissions. Each is requested only when needed and you can revoke any of them in your device settings without losing access to your account.

Permission	When requested	What we use it for
Camera	When you tap "Take photo" on the Webster-pack medication scanner or worker training certificate uploader	Capture the photo you choose to upload. We do not access the camera in the background.
Photo library	When you tap "Choose photo" on Webster-pack medications, training certificates, or incident attachments	Read the specific photo you select. We do not browse or index your library.
Photo library (add) — iOS only	When you tap "Save to camera roll" on a generated PDF report	Write a PDF you generated to your camera roll, at your request.
Location (when in use)	When you tap Check in or Check out on a shift	Record your approximate location at that moment as part of the shift audit trail required by the NDIS Commission. We do not request "Always" location and do not track you in the background.
Push notifications	On first sign-in	Deliver shift reminders, handover prompts, medication low-stock alerts, and inbox messages. The push token is a pseudonymous device identifier — see section 2.5.

The Aura OS app does not request: contacts, calendar, microphone, SMS, call log, sensors, fitness data, NFC, Bluetooth, advertising ID, or "Always" location.

2.8 Tracking across other apps and websites

Clearline Health does not track you across other apps or websites for any purpose. Specifically:

We do not request the iOS App Tracking Transparency (ATT) permission, because we do not track.
We do not use your device's advertising identifier (IDFA on iOS, AAID on Android).
We do not pass your data to ad networks, data brokers, or analytics partners other than the privacy-respecting sub-processors named in section 4.2.
Anonymised Google Analytics 4 data is used solely to improve our marketing pages and the in-product experience — never for retargeting or audience-building.

3. How We Use Your Information

3.1 To provide the Platform

Creating and managing your account
Storing and displaying your compliance data, shift logs, incidents, and participant records
Enabling Clearline Connect — the secure data sharing mechanism between Aura OS, Compass, and Scrive
Generating compliance reports, policy documents, and audit evidence packs (PDF)
Pushing invoices to your connected Xero accounting tenant (Aura OS Pro, opt-in) — see section 4.5
Processing Pro subscription payments via Stripe

3.2 To operate our business

Sending account confirmation and billing emails
Sending product updates and new feature announcements (you may unsubscribe at any time)
Responding to support requests and enquiries
Monitoring platform performance and uptime

3.3 To comply with our legal obligations

Maintaining records as required by the Privacy Act 1988
Responding to lawful requests from government bodies or law enforcement
Meeting our obligations under the NDIS Act 2013 and NDIS Practice Standards

3.4 What we will never do

    Sell your personal information to any third party
Use participant data for advertising or marketing purposes
Share clinical or compliance data with insurers, employers, or government agencies unless required by law
Train AI models on your clinical notes or participant data

  

3.5 AI-assisted features (Claude by Anthropic)

Several Platform features send your inputs to Anthropic’s Claude API to generate drafts or extract structured data. These are always opt-in per feature and are disclosed in the UI at the point of use.

Scrive report drafts — clinical notes and assessment inputs you enter are sent to Claude solely to draft a first-pass report. You review, edit, and approve before the report is used externally.
Aura OS — Audit Evidence summary (Pro) — when you run an evidence pack, the compiled day-level shift, incident, handover, policy, and training data is sent to Claude to produce the narrative summary section. The raw data remains in your tenant; only the synthesised summary is generated.
Aura OS — Webster-pack medication OCR (Pro) — when you tap “From photo” on the Medications list, the uploaded pack image is sent to Claude’s vision model to extract medication name, dose, time, and quantity. Extracted rows are shown for your per-row review before save. The image is not retained after extraction.

Anthropic processes these requests under its commercial API terms and does not use your inputs or outputs to train its models. Requests may transit Anthropic infrastructure outside Australia. Anthropic retains API request logs for up to 30 days for abuse monitoring; no data is retained beyond that period.

4. How We Share Your Information

4.1 With your consent — Clearline Connect

The Clearline Connect system allows providers, families, and clinicians to share information across the Platform. Information is only shared when a user explicitly generates and shares a Connect link. No sharing occurs automatically without user action.

4.2 Service providers (sub-processors)

We share information with trusted third-party service providers who assist us in operating the Platform. Each is bound by contractual terms prohibiting the use of your information for any purpose other than delivering their service to Clearline Health.

Provider	Purpose	Data shared	Region
Supabase	Primary database (Postgres) for all provider, worker, participant, and compliance records	All tenant data at rest	Sydney, Australia (ap-southeast-2)
Railway	API compute (the server that your Aura OS / Compass / Scrive clients call)	All tenant data in transit during request/response handling — no persistent storage	Singapore (asia-southeast1)
Netlify	Static web hosting for the marketing site and the Aura OS / Compass / Scrive client apps	No tenant data — Netlify serves static files only; dynamic data is fetched from the API	Global CDN
Cloudflare R2	Object storage for uploaded files: organisation logos, invoice PDFs, audit evidence PDFs, incident attachments, Webster-pack photos	Binary files as uploaded; URLs are time-limited presigned	Asia-Pacific
Stripe	Subscription billing and payment processing	Email, name, organisation, subscription tier; card details handled directly by Stripe	Global (Stripe retains primary records in the US; PCI DSS Level 1)
Xero	Opt-in (Aura OS Pro): one-way push of generated invoice batches into your connected Xero accounting tenant	Plan-manager contact details, invoice line items, participant first names, invoice totals — only for invoices you explicitly generate	Your Xero tenant region (you control)
Anthropic (Claude)	AI drafting for Scrive reports, Aura OS Audit Evidence narratives, and Webster-pack medication OCR — all opt-in at the feature level	Only the specific inputs sent for a given AI request (see section 3.5). Not used for model training.	United States
Resend	Transactional and inbound email: account sign-up, welcome sequence, password reset, billing receipts, clearance alerts, audit-evidence emails to auditors, invoice emails to plan managers	Recipient email address and the email body you choose to send	Global (EU / US)
Firebase Cloud Messaging (FCM)	Android push-notification delivery for the Aura OS native app	Pseudonymous device push token plus the notification title/body you receive	Global (Google)
Apple Push Notification Service (APNs)	iOS push-notification delivery for the Aura OS native app (when available)	Pseudonymous device push token plus the notification title/body you receive	Global (Apple)
Sentry	Application error monitoring	Error stack traces, URL path, and request metadata. Authorization headers, cookies, and request bodies are scrubbed before send.	United States
Google Analytics 4	Anonymised website and app usage analytics on marketing and product pages	Page URL, referrer, anonymised IP, device type — no participant or clinical data	Global (Google)
Google Workspace	Our business email inbox (hello@clearlinehealth.com.au)	Support correspondence you send us	Global (Google)

4.3 Legal requirements

We may disclose your information where required by law, including to the NDIS Commission, the Office of the Australian Information Commissioner (OAIC), law enforcement, or courts. We will notify you of any such disclosure where legally permitted to do so.

4.4 Business transfers

If Clearline Health is acquired, merged, or its assets are transferred, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.5 Xero integration (opt-in, Aura OS Pro)

If you connect your Xero accounting tenant to Aura OS, you authorise us via OAuth 2.0 to push invoice batches to that tenant on your behalf. Specifically:

We request the scopes openid, profile, email, offline_access, accounting.invoices, accounting.contacts, and accounting.settings. These let us create draft invoices and the related plan-manager contacts in your Xero tenant.
Access and refresh tokens are encrypted at rest using pgcrypto with a server-side key.
The connection is one-way (Aura OS → Xero). We do not read data out of Xero beyond listing the tenants your sign-in is authorised for.
You can disconnect at any time in Aura OS Settings → Integrations. On disconnect we mark the tokens as revoked and stop pushing to that tenant. Revoking the grant from within Xero has the same effect.
We are not a Xero App Store certified partner at this stage. Your use of Xero remains governed by your Xero subscription agreement.

5. Data Storage and Security

5.1 Data residency

Clearline Health stores tenant data across the following locations:

Primary database (Postgres) — Sydney, Australia (AWS ap-southeast-2), hosted by Supabase. All participant, worker, compliance, and billing records live here at rest.
Object storage (PDFs, logos, uploaded files) — Cloudflare R2, APAC region.
API compute — Singapore (Google Cloud asia-southeast1), hosted by Railway. Your data passes through this region in transit when you make a request, but is never persisted there. The Singapore datacentre is the closest region to Australia on Railway’s current footprint; we expect to move compute to an Australian region when Railway offers one.
AI processing — Inputs sent to Anthropic (Claude) for the opt-in features listed in section 3.5 are processed in the United States.

We do not sell, transfer, or share participant information with any party outside these sub-processors without your explicit consent.

5.2 Security measures

We implement industry-standard security measures including:

HTTPS / TLS encryption for all data in transit
pgcrypto column-level encryption for sensitive fields at rest — worker bank details, Tax File Numbers, and Xero OAuth tokens — using a server-side key never shipped to clients
JWT-based authentication with short-lived access tokens
Role-based access controls (admin / manager / support staff / worker) — workers only see participants they have been explicitly assigned to
Rate limiting on all sensitive mutation endpoints (incidents, medications, Commission reporting)
Regular security reviews, dependency updates, and third-party sub-processor audits
Append-only audit log of all data access and modifications, including evidence exports, Xero invoice pushes, and AI feature invocations

5.3 Breach notification

In the event of a data breach that is likely to result in serious harm to any individual, we will notify affected users and the OAIC within 30 days as required by the Notifiable Data Breaches scheme under the Privacy Act 1988.

5.4 Data retention

Data type	Retention period
Active account data	Retained while account is active
Compliance records (shifts, incidents)	7 years after creation (NDIS requirement)
Participant records	7 years or until the participant turns 25 (whichever is later)
Cancelled account data	Deleted within 90 days of account closure, except where retention is required by law
Analytics data	26 months (Google Analytics default)

5.5 Behaviour Support Plans (Aura OS)

Aura OS allows operators to upload Behaviour Support Plans (BSPs) authored by registered Behaviour Support Practitioners. BSPs are clinical documents containing sensitive participant information, including documented restrictive practices and their authorisations.

How we use BSP data

BSP PDFs are stored encrypted at rest in Australia (Cloudflare R2, APAC region) with access restricted to authorised roles within your organisation.
With explicit operator consent at the time of upload, BSP PDF content is processed by Anthropic (a named US sub-processor) to extract structured fields for review. Anthropic does not use this data to train AI models.
Operators may opt out of AI extraction and enter BSP structure manually instead.
BSP data flows to other Clearline Health products (Compass, Pilot) only through the Connect identity layer with explicit per-link consent. Consent is auditable and revocable.
BSP data, including extracted fields and the original PDF, is retained for 7 years per NDIS retention requirements, after which it is securely deleted.

Access controls

BSP content (target behaviours, triggers, strategies) is visible to organisation members assigned the behaviour_support_lead role, organisation managers, and organisation owners.
Restrictive practice details (descriptions, authorisations) are restricted to behaviour_support_lead, manager, and owner roles. Support workers see redacted summaries only, within the context of incident logging.
All access to restrictive practice data is audit-logged.

Sub-processors

Anthropic (PBC, US) processes BSP PDF content during AI extraction. Processing is limited to extraction scope; no training use. Anthropic data processing addendum available on request.

6. Your Privacy Rights

6.1 Access and correction

You have the right to:

Request a copy of the personal information we hold about you
Request correction of any inaccurate or incomplete information
Request deletion of your account and associated data (subject to our legal retention obligations)

To exercise these rights, contact us at hello@clearlinehealth.com.au. We will respond within 30 days.

6.2 Withdrawing consent

Where we rely on your consent to process information (e.g. marketing emails), you may withdraw consent at any time. Withdrawal will not affect the lawfulness of processing before withdrawal.

6.3 Complaints

If you believe we have breached the Australian Privacy Principles, you may:

Contact us directly at hello@clearlinehealth.com.au — we will respond within 30 days
If not satisfied, lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992

7. Cookies and Tracking

The Platform uses the following tracking technologies:

Google Analytics 4 — tracks page views, session data, and feature usage for platform improvement. IP anonymisation is enabled.
Authentication cookies — session tokens to keep you logged in. These are strictly necessary and cannot be disabled.

We do not use advertising cookies or share tracking data with advertising networks.

8. Children’s Privacy

The Platform is designed for use by adults. We do not knowingly collect personal information directly from children under 13. Participant information about children with disabilities is entered by their parents, guardians, or carers and is governed by the same protections as all participant information.

9. Third-Party Links

The Platform may contain links to third-party websites (e.g. the NDIS Commission portal, NDIS Worker Screening portals). We are not responsible for the privacy practices of those websites and recommend you review their privacy policies independently.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the “Last reviewed” date at the top of this document
Display a notice within the Platform
Email registered users with a summary of key changes

Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your information:

Clearline Health
Email: hello@clearlinehealth.com.au
Web: clearlinehealth.com.au

This Privacy Policy was prepared in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the Notifiable Data Breaches scheme.