Privacy Policy

Last updated: February 2026

1. Overview

FindMySupport is committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains how we collect, use, store, and disclose your personal information.

2. Information We Collect

Personal Information

  • Name, email address, phone number
  • NDIS participant number (encrypted at rest)
  • Date of birth (encrypted at rest)
  • Address and location information
  • Profile photos

Provider-Specific Information

  • ABN (encrypted at rest)
  • NDIS Worker Screening Check number and expiry (encrypted at rest)
  • Qualifications and experience
  • Insurance details

Usage Information

  • Login timestamps and IP addresses
  • Browser and device information
  • Pages visited and actions taken

3. How We Use Your Information

  • To provide and improve our marketplace services
  • To verify provider qualifications and screening
  • To facilitate communication between participants and providers
  • To process bookings and appointments
  • To send important notifications about your account
  • To comply with legal obligations and NDIS regulatory requirements
  • To maintain platform safety and investigate complaints

4. Data Encryption

Sensitive personal information is encrypted using AES-256 encryption at rest, including:

NDIS numbers Dates of birth ABNs Screening numbers Appointment notes Message contents

5. Data Sharing

We do not sell your personal information. We may share information:

  • Between participants and providers as necessary for service delivery
  • With the NDIS Quality and Safeguards Commission when required by law
  • With law enforcement if required by legal process
  • With our hosting and infrastructure providers (who are bound by data protection agreements)

6. Data Retention

We retain your data while your account is active and for a period after account closure as required by NDIS record-keeping obligations.

Audit logs are retained for 7 years in accordance with regulatory requirements.

7. Your Rights

Under the Australian Privacy Act, you have the right to:

Access your personal information

Use our data export feature

Correct inaccurate information

Update via your profile settings

Delete your account

Request via account settings

Complain about handling of your information

Contact us or the OAIC

8. Cookies

We use session cookies essential for authentication and CSRF protection.

We do not use third-party tracking cookies or advertising cookies.

9. Security

We implement industry-standard security measures including:

  • Field-level encryption for sensitive data
  • HTTPS/TLS for all data in transit
  • Content Security Policy (CSP) headers
  • Brute-force protection on login
  • Two-factor authentication support
  • Regular security audits

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email.

11. Contact

For privacy enquiries or complaints:

Email: privacy@findmysupport.com.au
Contact form: Contact us

If you are unsatisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.