Careli takes the privacy of every person whose information passes through our app seriously, including the participants, support workers and coordinators our customers care for. This policy explains what personal information we collect, why we collect it, how we use and protect it, and the choices and rights you have.
Careli ("Careli", "we", "us" or "our") is an NDIS care-management application operated by Serour Designs. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and we treat health and disability information as sensitive information requiring a higher standard of care.
Contents
1. Information we collect
The information we collect depends on how you use Careli.
Account and contact information
When a customer signs up, we collect names, email addresses, phone numbers, business or organisation details, role, and login credentials for the people who use the app (coordinators, providers and support workers).
Participant and care information
To deliver the service, customers enter records about the participants they support. This can include names, dates of birth, contact details, emergency contacts, care and support plans, service-agreement details, rosters and shifts, handover notes, mood and wellbeing notes, incident reports, tasks, and related documents.
Usage and device information
We collect technical information automatically, such as device type, operating system, app version, log data, and the time and nature of your activity in the app, so we can keep Careli secure and working properly.
Demo and enquiry information
If you request a demo or contact us through our website, we collect the details you provide, such as your name, organisation, email, phone, role and message.
2. How we use information
We use personal information to:
- provide, operate and maintain the Careli app and website;
- set up and manage accounts, rosters, shifts, handovers and participant records on behalf of our customers;
- send operational notifications, such as incident alerts and shift reminders;
- generate the reports and exports our customers use for funding, auditing and NDIS reporting;
- respond to demo requests, enquiries and support questions;
- keep Careli secure, prevent misuse, and meet our legal obligations; and
- improve the app and develop new features.
We do not sell personal information, and we do not use participant or care information for advertising.
3. Health and sensitive information
Much of the participant information held in Careli is health or disability information, which is sensitive information under the Privacy Act. We only collect and handle this information so that our customers can provide supports and meet their own obligations, and we apply additional safeguards including access controls and encryption. Customers, as the organisations who decide what information is entered, are responsible for obtaining the consent of participants (or their representatives) before recording their information in Careli.
4. When we share information
We share personal information only where necessary, and never to sell it. We may disclose information to:
- Service providers who help us run Careli, such as our cloud hosting and database provider (Supabase), our website and function hosting provider (Vercel), and our transactional email provider (Resend). These providers process information on our instructions and under confidentiality and security obligations.
- At our customer's direction, for example when a coordinator exports a report to share with the NDIA, an auditor or another stakeholder.
- Legal and safety recipients, where we are required or permitted by law, or where it is necessary to prevent a serious threat to a person's life, health or safety.
- A successor in the event of a business sale or restructure, subject to this policy.
5. Storage, location and security
Careli runs on Supabase (database, authentication and storage) and Vercel (web and serverless functions). Some of our service providers may store or process data on servers located outside Australia. Where information is handled overseas, we take reasonable steps to ensure it is protected in a way consistent with the Australian Privacy Principles.
We protect information with measures including encrypted connections, encryption at rest, role-based access controls so each user only sees what their role allows, authentication, and access logging. No method of transmission or storage is completely secure, but we work to protect your information and to continually improve our safeguards.
6. How long we keep information
We keep personal information for as long as a customer's account is active and as long as needed to provide the service, then for any further period required to meet legal, record-keeping, funding or audit obligations. When information is no longer required, we take reasonable steps to delete or de-identify it. Customers can also request deletion of their data as described below.
7. Your rights and choices
Subject to the Privacy Act, you can ask us to:
- access the personal information we hold about you;
- correct information that is inaccurate, out of date or incomplete; and
- delete information or close an account.
If your information is held in Careli by a customer (for example, a participant's records entered by their provider), please contact that organisation in the first instance, as they control those records. We will help our customers respond to such requests.
To make a request or a complaint, contact us using the details below. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
8. Data breaches
We maintain processes to detect, assess and respond to data breaches. If a breach occurs that is likely to result in serious harm, we will notify affected individuals and the OAIC as required under the Notifiable Data Breaches scheme.
9. Children and vulnerable people
Careli is used by NDIS providers who may support participants who are children or otherwise vulnerable. Careli is intended for use by these organisations and their staff, not by participants directly, and we rely on our customers to handle this information lawfully and with appropriate consent.
10. Changes to this policy
We may update this policy from time to time. When we do, we will revise the "last updated" date above and, where changes are significant, take reasonable steps to let customers know. Continued use of Careli after an update means you accept the revised policy.
11. How to contact us
For any privacy question, request or complaint, contact us at serourdesigns@gmail.com. We will respond within a reasonable time and in line with our obligations under the Privacy Act.