Privacy Policy
Last updated: January 2026 · Version 1.0
Nuzetta is committed to protecting your privacy and handling your personal information with care. This policy explains how we collect, use, store and disclose information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Who We Are
Nuzetta is an NDIS plan management platform operated in Brisbane, Queensland, Australia. We are an NDIS Registered Plan Management Provider.
If you have questions about this policy, contact us at: privacy@nuzetta.com.au
2. Information We Collect
We collect personal information necessary to provide NDIS plan management services:
- Participants: Name, date of birth, NDIS number, plan details, support budgets, contact information, and payment records
- Providers: ABN, business name, contact details, NDIS registration number, bank account details, worker screening clearance numbers, and insurance certificates
- Plan Managers: Name, contact details, professional credentials
- All users: Login credentials (passwords are hashed), IP address, and activity logs for audit purposes
We only collect information that is necessary for the purpose it is being collected.
3. How We Use Your Information
Your information is used to:
- Process and manage NDIS invoices on your behalf
- Track plan budgets and ensure funds are used appropriately
- Verify provider credentials (NDIS registration, worker screening, insurance)
- Generate monthly statements and compliance reports
- Communicate with you about your plan and invoices
- Comply with NDIS Quality and Safeguards Commission requirements
- Maintain audit trails as required by NDIS legislation
🔒 We do not sell your personal information to third parties. We do not use your information for marketing purposes without your explicit consent.
4. Disclosure of Information
We may disclose your information to:
- NDIS Quality and Safeguards Commission — as required by law for registered plan managers
- National Disability Insurance Agency (NDIA) — for plan management purposes
- Your support providers — only to the extent necessary for invoice processing, and only with your consent
- Auditors — as required for NDIS compliance audits
- Law enforcement — where required by law
We never disclose information to overseas entities without your consent, except where required by law.
5. Data Storage & Security
- Data location: All data is stored on servers located in Australia
- Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256)
- Access controls: Role-based access — participants, providers, and plan managers only see their own data
- Audit logging: All access to sensitive data is logged and retained for compliance
- Backups: Daily automated backups with point-in-time recovery
- Password storage: Passwords are hashed using bcrypt — we cannot read your password
🇦🇺 Your data never leaves Australia. We use Australian-hosted infrastructure that complies with Australian data sovereignty requirements.
6. Retention of Information
We retain your information for as long as necessary to fulfil the purposes for which it was collected, and to comply with legal obligations:
- Financial records (invoices, payments): 7 years (ATO requirement)
- NDIS participant records: Duration of plan management engagement plus 7 years
- Audit logs: 7 years minimum (NDIS Commission requirement)
- Verification documents: Duration of engagement plus 3 years
- Login/access logs: 2 years
7. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — ask us to correct information that is inaccurate or out of date
- Deletion — request deletion of your data (subject to legal retention obligations)
- Complaint — lodge a complaint about how we handle your information
- Consent withdrawal — withdraw consent for data sharing (via your Privacy Settings in the participant portal)
To exercise these rights, contact us at privacy@nuzetta.com.au or lodge a complaint at nuzetta.com.au/lodge-complaint.
8. Complaints
If you believe we have handled your personal information improperly, please contact us first at privacy@nuzetta.com.au. We will respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.
9. Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a prominent notice on our platform. Continued use of Nuzetta after notification constitutes acceptance of the updated policy.
The current version of this policy is always available at nuzetta.com.au/privacy.