Privacy Policy

Information you provide

• Account information: email address and an encrypted password if you sign up as a provider
• Profile information: organisation name, ABN, contact details, About section, logo, categories, representative name
• Payment information: handled directly by Stripe — we never see or store your full card details. Stripe sends us a payment reference and subscription/payment status only
• Communications: contact form submissions (name, email, message, enquiry type)

Information collected automatically

• Technical data: IP address, browser type, device type, pages viewed, referral source
• Cookies: see Section 5

Publicly-sourced information

We display public information from the NDIS Commission's register of NDIS providers, including registered provider name, outlet name, address, phone, email, website, and registration groups. This data is publicly available from the NDIS Quality and Safeguards Commission.

We use personal information to:

• Operate the Site and provide its services
• Authenticate provider accounts and process sponsorships
• Process payments via Stripe
• Send transactional emails (welcome, account, billing)
• Respond to enquiries
• Improve the Site and analyse usage patterns
• Comply with legal obligations

We do not sell or rent your personal information.

We may disclose information to:

• Service providers who help us operate the Site (hosting, payments, email delivery, analytics)
• Law enforcement or regulatory authorities when required by law
• A successor entity in the event of a merger, acquisition, or sale of the business

Service providers we currently use:

• Vercel (web hosting)
• Supabase (database, authentication, file storage)
• Stripe (payment processing)
• Resend (transactional email)
• Google Cloud / Google Workspace (Places API for search; email)
• Google Analytics (aggregated, anonymised website usage statistics)
• Brave Search (supplementary web search results)

Some of our service providers store data outside Australia (typically in the United States or European Union). By using the Site you consent to such international transfers. We take reasonable steps to ensure overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles.

We use cookies and similar technologies to:

• Keep you signed in (authentication cookies set by Supabase)
• Process payments (cookies set by Stripe during checkout)
• Remember your preferences
• Understand site usage patterns (basic analytics)

You can control cookies through your browser settings. Disabling cookies may impact site functionality (e.g., you may not be able to stay signed in).

• Provider accounts: retained until you delete your account
• Sponsorship records: retained for 7 years for tax and accounting purposes
• Contact form submissions: retained for up to 2 years
• Anonymous usage data: retained indefinitely in aggregate form

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Request deletion of your account and associated personal information (some information may be retained where required by law)
• Make a complaint about how we handle your information

To exercise any of these rights, contact us at info@findmyprovider.com.au. We will respond within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We use reasonable technical and organisational measures to protect personal information from loss, misuse, unauthorised access, and disclosure. This includes encrypted connections (HTTPS), encrypted password storage, and access controls on our systems. No system is completely secure, however, and we cannot guarantee absolute security.

The Site is not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can delete it.

The Site contains links to third-party websites (e.g., provider websites). We are not responsible for the privacy practices of those sites. Review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time. Material changes will be communicated via the Site or by email. The "Last updated" date at the top reflects the most recent revision.

For privacy-related questions or to exercise your rights, contact us at info@findmyprovider.com.au.