Careli ← Back to home

Privacy Policy

Last updated: 6 June 2026

Careli takes the privacy of every person whose information passes through our app seriously, including the participants, support workers and coordinators our customers care for. This policy explains what personal information we collect, why we collect it, how we use and protect it, and the choices and rights you have.

Careli ("Careli", "we", "us" or "our") is an NDIS care-management application operated by Serour Designs. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and we treat health and disability information as sensitive information requiring a higher standard of care.

In this policy, a "customer" is an NDIS provider or organisation that subscribes to Careli. A "participant" is a person receiving supports whose records a customer manages in Careli. Customers are responsible for obtaining the consents they need from participants and workers before entering their information into Careli.

Contents

  1. Information we collect
  2. How we use information
  3. Health and sensitive information
  4. When we share information
  5. Storage, location and security
  6. How long we keep information
  7. Your rights and choices
  8. Data breaches
  9. Children and vulnerable people
  10. Changes to this policy
  11. How to contact us

1. Information we collect

The information we collect depends on how you use Careli.

Account and contact information

When a customer signs up, we collect names, email addresses, phone numbers, business or organisation details, role, and login credentials for the people who use the app (coordinators, providers and support workers).

Participant and care information

To deliver the service, customers enter records about the participants they support. This can include names, dates of birth, contact details, emergency contacts, care and support plans, service-agreement details, rosters and shifts, handover notes, mood and wellbeing notes, incident reports, tasks, and related documents.

Usage and device information

We collect technical information automatically, such as device type, operating system, app version, log data, and the time and nature of your activity in the app, so we can keep Careli secure and working properly.

Demo and enquiry information

If you request a demo or contact us through our website, we collect the details you provide, such as your name, organisation, email, phone, role and message.

2. How we use information

We use personal information to:

We do not sell personal information, and we do not use participant or care information for advertising.

3. Health and sensitive information

Much of the participant information held in Careli is health or disability information, which is sensitive information under the Privacy Act. We only collect and handle this information so that our customers can provide supports and meet their own obligations, and we apply additional safeguards including access controls and encryption. Customers, as the organisations who decide what information is entered, are responsible for obtaining the consent of participants (or their representatives) before recording their information in Careli.

4. When we share information

We share personal information only where necessary, and never to sell it. We may disclose information to:

5. Storage, location and security

Careli runs on Supabase (database, authentication and storage) and Vercel (web and serverless functions). Some of our service providers may store or process data on servers located outside Australia. Where information is handled overseas, we take reasonable steps to ensure it is protected in a way consistent with the Australian Privacy Principles.

We protect information with measures including encrypted connections, encryption at rest, role-based access controls so each user only sees what their role allows, authentication, and access logging. No method of transmission or storage is completely secure, but we work to protect your information and to continually improve our safeguards.

6. How long we keep information

We keep personal information for as long as a customer's account is active and as long as needed to provide the service, then for any further period required to meet legal, record-keeping, funding or audit obligations. When information is no longer required, we take reasonable steps to delete or de-identify it. Customers can also request deletion of their data as described below.

7. Your rights and choices

Subject to the Privacy Act, you can ask us to:

If your information is held in Careli by a customer (for example, a participant's records entered by their provider), please contact that organisation in the first instance, as they control those records. We will help our customers respond to such requests.

To make a request or a complaint, contact us using the details below. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

8. Data breaches

We maintain processes to detect, assess and respond to data breaches. If a breach occurs that is likely to result in serious harm, we will notify affected individuals and the OAIC as required under the Notifiable Data Breaches scheme.

9. Children and vulnerable people

Careli is used by NDIS providers who may support participants who are children or otherwise vulnerable. Careli is intended for use by these organisations and their staff, not by participants directly, and we rely on our customers to handle this information lawfully and with appropriate consent.

10. Changes to this policy

We may update this policy from time to time. When we do, we will revise the "last updated" date above and, where changes are significant, take reasonable steps to let customers know. Continued use of Careli after an update means you accept the revised policy.

11. How to contact us

For any privacy question, request or complaint, contact us at serourdesigns@gmail.com. We will respond within a reasonable time and in line with our obligations under the Privacy Act.