Privacy Policy

1. Introduction

CordoCare (operated by Equila Pty Ltd) (“CordoCare”, “we”, “us”, “our”) is committed to protecting the privacy of our users and the personal information of NDIS participants managed through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our practice management software.

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and relevant NDIS data protection requirements.

2. Information We Collect

We collect information that you voluntarily provide when using our platform, including:

• Account information (name, email, organisation details)
• Participant information entered by authorised users (names, NDIS numbers, contact details, plan information)
• Case notes, invoices, service agreements, and other documents
• Usage data and analytics
• Payment and billing information (processed securely via Stripe)

3. How We Use Your Information

We use collected information to:

• Provide and maintain our practice management platform
• Process invoices and manage subscription billing
• Generate AI-assisted reports and case notes at your direction
• Send transactional communications (e.g., invoice notifications, appointment reminders)
• Improve our services and develop new features
• Comply with legal obligations

4. Data Security

We implement industry-standard security measures including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Managed cloud infrastructure with encryption and backups
• Role-based access controls and tenant isolation
• Regular security audits and penetration testing
• Automated backups and disaster recovery procedures

5. Data Sharing

We do not sell personal information. We may share data with:

• Third-party service providers who assist in operating our platform (hosting, payment processing, email delivery)
• AI service providers for case note and report generation (data is not used for model training)
• Law enforcement or government agencies when required by law

6. Our Commitment to Your Data Privacy

We do not access, read, review, or analyse your organisation's data. Participant information entered by your team is never viewed by CordoCare staff. AI features process data only when you explicitly initiate them, and the data is not stored by the AI provider.

We are pursuing ISO 27001 and ISO 27701 certification to independently verify our security and privacy practices. If you have questions about our data handling, contact privacy@cordocare.com

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. After your subscription ends (cancellation, expiry, or non-payment), your data is retained for 60 days. During this 60-day period, you can resubscribe and your data will be restored.

After 60 days, all organisation data including participant records, case notes, documents, invoices, and user accounts will be permanently and thoroughly deleted. "Thoroughly deleted" means all database records, uploaded documents, AI chat history, audit logs, and backups are purged. This deletion is irreversible.

We will send email reminders at 30 days and 7 days before deletion. You can request an earlier deletion by contacting support@cordocare.com

Please note that NDIS providers may have their own record-keeping obligations and should export data before their subscription ends.

8. Your Rights

Under the Privacy Act, you have the right to:

• Access your personal information
• Request correction of inaccurate information
• Request deletion of your information (subject to legal retention requirements)
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

9. Contact Us

For privacy-related enquiries, contact our Privacy Officer:

Email: privacy@cordocare.com
CordoCare (operated by Equila Pty Ltd), Adelaide, South Australia