Back to Home

Privacy Policy

Effective Date: 13 August 2025

1. Introduction

CareSync AI ("we", "our", "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered rostering and workforce management platform for NDIS providers.

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (GDPR) where applicable.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Full name and contact details (email address, phone number, physical address)
  • Business information (company name, ABN, role/title)
  • NDIS provider registration details
  • Staff information (names, contact details, qualifications, availability)
  • Client information necessary for service delivery (names, NDIS numbers, service requirements)
  • Payment and billing information
  • Login credentials and authentication data

2.2 Location Data

Our platform collects GPS location data to verify staff attendance and prevent timesheet fraud. This includes:

  • Real-time location during shift check-in/check-out
  • Location tracking during active shifts (with consent)
  • Historical location data for audit and compliance purposes

2.3 Usage Data

We automatically collect:

  • IP addresses and device information
  • Browser type and operating system
  • Pages visited and features used
  • Time spent on the platform
  • Error logs and performance data

3. How We Use Your Information

We use collected information for:

  • Providing and maintaining our AI rostering services
  • Matching staff to shifts using our AI algorithms
  • Verifying attendance and preventing timesheet fraud
  • Processing payments and managing subscriptions
  • Sending notifications about shifts, updates, and emergencies
  • Improving our AI models and service quality
  • Complying with NDIS requirements and regulations
  • Preventing fraud and ensuring platform security
  • Providing customer support
  • Sending marketing communications (with consent)

4. Information Sharing and Disclosure

We may share your information with:

4.1 Service Providers

  • Cloud hosting providers (AWS, Google Cloud)
  • Payment processors
  • SMS and email service providers
  • Analytics and monitoring services
  • Customer support tools

4.2 Legal Requirements

We may disclose information when required by law, court order, or to:

  • Comply with NDIS Quality and Safeguards Commission requirements
  • Respond to government or regulatory requests
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement industry-standard security measures including:

  • 256-bit SSL encryption for data in transit
  • Encryption at rest for sensitive data
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • Access controls and employee training
  • Secure data centers with physical security
  • Regular backups and disaster recovery procedures

6. Data Retention

We retain personal information for as long as necessary to provide our services and comply with legal obligations:

  • Active account data: Duration of service agreement plus 30 days
  • Financial records: 7 years as required by Australian tax law
  • NDIS compliance records: 7 years as per NDIS requirements
  • Location data: 12 months for audit purposes
  • Marketing data: Until consent is withdrawn

7. Your Rights and Choices

You have the right to:

  • Access your personal information
  • Correct inaccurate or incomplete data
  • Request deletion of your data (subject to legal requirements)
  • Object to or restrict certain processing
  • Data portability
  • Withdraw consent for marketing communications
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain session state and authentication
  • Remember user preferences
  • Analyze platform usage and performance
  • Provide personalized experiences

You can control cookies through your browser settings, but disabling certain cookies may limit platform functionality.

9. Children's Privacy

Our platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

10. International Data Transfers

Your information may be transferred to and processed in countries outside Australia. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. AI and Automated Decision-Making

11.1 Use of Third-Party AI Models

IMPORTANT NOTICE: Our platform utilizes third-party artificial intelligence models and services including but not limited to:

  • OpenAI (GPT models)
  • Anthropic (Claude models)
  • Google AI services
  • Other machine learning providers

⚠️ Critical AI Disclaimers:

  • We DO NOT control, own, or operate these third-party AI models
  • AI services may experience downtime, errors, or interruptions beyond our control
  • AI-generated outputs may contain errors, inaccuracies, or biases
  • AI predictions and recommendations are not guaranteed to be accurate
  • Third-party AI providers may change their models, pricing, or availability without notice
  • Your data will be processed by these third-party AI services according to their respective privacy policies

11.2 Data Sharing with AI Providers

By using our services, you acknowledge and consent that:

  • Certain data will be sent to third-party AI providers for processing
  • This may include staff names, schedules, locations, and operational data
  • We implement data minimization practices but cannot guarantee complete anonymization
  • Third-party AI providers may retain data for their own model training and improvement
  • Data may be processed in countries outside Australia

11.3 AI Limitations and Risks

You expressly acknowledge that:

  • AI predictions are probabilistic and may be incorrect
  • You should not rely solely on AI recommendations for critical decisions
  • Human oversight and verification of AI outputs is strongly recommended
  • AI models may exhibit unexpected behavior or produce inappropriate content
  • We are not liable for decisions made based on AI recommendations

11.4 Specific AI Functions

Our platform uses AI for:

  • Predictive scheduling and shift matching
  • Fraud detection and prevention
  • Performance optimization
  • Risk assessment
  • Natural language processing for communications
  • Pattern recognition and anomaly detection

You have the right to request human review of automated decisions that significantly affect you, though this may not always reverse or override AI-generated outcomes.

12. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Information

For privacy-related inquiries or to exercise your rights, contact us at:

CareSync AI

Email: info@echoflowsolutions.com.au

14. Complaints and Concerns

If you have any concerns or complaints about our handling of your personal information, please contact us directly and we will do our very best to resolve your concerns promptly and satisfactorily.

📧 Contact Us First:

Email: info@echoflowsolutions.com.au
We are committed to resolving any privacy concerns quickly and fairly. Most issues can be resolved directly with us without needing to escalate elsewhere.

Note: While you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if needed, we strongly encourage you to contact us first so we can address your concerns directly.