Skip to main content
Legal

Privacy Policy

Last updated: February 2026

1. Introduction

Ready Set Compliant ("we", "our", or "us") is committed to protecting your privacy and the privacy of NDIS participants and staff members whose information may be stored in our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our NDIS staff compliance management platform ("Service").

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and the NDIS Practice Standards regarding information management and privacy.

2. Information We Collect

2.1 Account Information

  • Organisation name and ABN
  • Contact details (name, email, phone number)
  • Billing information
  • Account credentials

2.2 Staff Information

  • Full legal name and contact details
  • Date of birth
  • Emergency contact information
  • Employment role and position
  • Profile photographs

2.3 Compliance Documents

  • NDIS Worker Screening Check results
  • Working with Children Check certificates
  • National Police Checks
  • First Aid and CPR certificates
  • Visa and passport information
  • Driver licence details
  • Training certificates and qualifications
  • Signed codes of conduct and agreements
  • Document expiry and issue dates

2.4 Technical Information

  • IP addresses and device information
  • Browser type and version
  • Usage data and access logs
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Store and manage staff compliance documents securely
  • Send automated renewal reminders and notifications
  • Generate compliance reports for NDIS audits
  • Process onboarding workflows for new staff
  • Verify document authenticity where applicable
  • Communicate with you about your account
  • Respond to support requests
  • Comply with legal obligations
  • Detect and prevent fraud or security issues

4. Data Storage and Security

We take the security of your data seriously. Our security measures include:

  • End-to-end encryption for data in transit (TLS 1.3)
  • Encryption at rest for all stored documents
  • Secure cloud infrastructure via Supabase
  • Role-based access controls
  • TOTP-based multi-factor authentication
  • Comprehensive audit logging and activity trails
  • Strict API request validation
  • Security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options)
  • Rate limiting and brute-force protection
  • Real-time error monitoring and alerting
  • Automated backup systems
  • Formal incident response plan aligned with the Privacy Act 1988

Your data is hosted securely via Supabase with enterprise-grade security and compliance controls.

5. Sharing Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: Trusted third parties who assist in operating our Service (cloud hosting, email delivery), bound by confidentiality agreements
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to you
  • With Your Consent: When you explicitly authorise disclosure

6. NDIS Compliance

As a platform serving NDIS providers, we are committed to supporting your compliance with:

  • NDIS Practice Standards and Quality Indicators
  • NDIS Code of Conduct
  • Information management requirements under the NDIS Act
  • Worker screening requirements

You remain the data controller for staff information you upload. We act as a data processor, handling your data only as necessary to provide the Service.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide our Service. Upon account termination:

  • You may request a complete data export
  • Account data is deleted within 30 days of termination
  • Backup copies are purged within 90 days
  • We may retain aggregated, anonymised data for analytics
  • Some data may be retained longer if required by law (e.g., for audit purposes)

8. Your Rights

Under Australian privacy law, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Data Portability: Request your data in a machine-readable format
  • Withdraw Consent: Withdraw consent for specific processing activities
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, please contact us using the details provided below.

9. Cookies and Tracking

We use essential cookies to:

  • Keep you signed in to your account
  • Remember your preferences (e.g., theme settings)
  • Ensure security of your session

We may use analytics cookies to understand how our Service is used. You can control cookie preferences through your browser settings.

10. Children's Privacy

Our Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Ready Set Compliant
Privacy Officer
Email: hello@readysetcompliant.com

For complaints regarding the handling of your personal information, you may also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.