Privacy Policy

Last updated: January 2026

1. Introduction

KoalaNotes ("we", "our", "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform. KoalaNotes is operated in Australia and is designed for NDIS support workers, support coordinators, and independent providers operating within Australia.

2. Information We Collect

We collect the following types of information:

  • Account Information: Your name, email address, phone number, and password when you create an account.
  • NDIS-Related Data: Participant details, case notes, incident reports, shift records, invoices, funding allocations, and other records you create within the platform.
  • Usage Data: How you interact with the platform, including pages visited, features used, and actions taken. We use Mixpanel for anonymous analytics to improve the product.
  • Device Information: Browser type, operating system, and device identifiers for security and performance purposes.
  • Communication Data: Emails sent through the platform (e.g., invoices to plan managers) via our email service provider.

3. How We Use Your Information

  • To provide and operate the KoalaNotes platform and its features.
  • To generate AI-assisted content such as case notes and incident reports at your request.
  • To send transactional emails (e.g., OTP verification, invoices).
  • To improve our platform through aggregated, anonymised usage analytics.
  • To ensure security, detect fraud, and maintain platform integrity.
  • To communicate important updates about our service.

4. Data Storage & Security

Your data is stored on secure servers. All data is encrypted in transit using TLS/SSL and at rest. We implement industry-standard security measures including authenticated access controls, regular backups, and secure infrastructure practices. We do not store your passwords in plain text - all passwords are cryptographically hashed using bcrypt.

5. Data Sovereignty

KoalaNotes is an Australian service designed for Australian users. We are committed to meeting Australian data protection requirements under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). Where possible, we use Australian-based infrastructure for data storage.

6. AI-Generated Content

KoalaNotes uses artificial intelligence to assist with drafting case notes, incident reports, and other records. AI-generated content is created based on your inputs and is designed to save time. However, all AI-generated content should be reviewed and verified by you before finalising. We do not use your data to train AI models. Your participant data is processed solely to generate the specific output you request.

7. Third-Party Services

We use the following third-party services:

  • Zoho ZeptoMail: For sending transactional emails (OTP codes, invoices).
  • Google OAuth: For optional sign-in with Google.
  • Mixpanel: For anonymised product analytics (no personally identifiable participant data is sent).
  • OpenAI: For AI-assisted content generation. Data sent to OpenAI is processed per their enterprise data usage policies and is not used to train their models.

We do not sell, trade, or rent your personal information to any third party.

8. Data Sharing

We do not share your personal data or your participants' data with any third parties for marketing or commercial purposes. Data is only shared with third-party service providers as described above, and only to the extent necessary to operate the platform.

9. Data Retention

Your data is retained for as long as your account is active. If you choose to delete your account, we will remove your personal data within 30 days, except where we are required by law to retain certain records. NDIS-related records may be subject to regulatory retention requirements.

10. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or outdated information.
  • Request deletion of your account and associated data.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

11. Cookies & Local Storage

KoalaNotes uses browser local storage to maintain your login session and user preferences. We use Mixpanel's local storage for anonymised analytics tracking. We do not use third-party advertising cookies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or an in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact us at support@koalanotes.com.au.