Legal

Privacy Policy

Launch preview · Last updated 25 June 2026
This Policy explains how CiaraLink handles personal information, including the sensitive health information involved in care. It’s written to reflect the Australian Privacy Principles. It’s the launch-preview version and may be updated as the platform develops.

Contents

  1. Who this applies to
  2. What we collect
  3. Health & sensitive information
  4. How we use it
  5. Who can see it
  6. Storage & security
  7. Service providers
  8. Your rights
  9. Keeping & deleting data
  10. Cookies & local storage
  11. Changes to this Policy
  12. Contact & complaints

01 Who this applies to

This Policy covers personal information CiaraLink handles when you use the platform — whether you’re a provider, support coordinator, allied-health professional, support worker, participant, guardian or nominee. Where an organisation uses CiaraLink to manage its own records, that organisation is responsible for how it handles the information it puts in; we act as the software provider that stores and processes it on their behalf.

02 What we collect

  • Account details — name, email, role and organisation;
  • Care records you enter — participants, care teams, notes, shifts, documents, consent records, invoices and related details;
  • Usage information — basic technical data needed to run and secure the platform (for example, log and device information).

We collect information directly from you and from the people in your organisation who use CiaraLink.

03 Health & sensitive information

Care data is sensitive. CiaraLink is built to hold health and disability information. We only handle it to provide the platform to you and your care team, with access governed by recorded consent and role-based permissions. You’re responsible for having the appropriate consent to record and share a person’s information in CiaraLink.

04 How we use it

We use personal information to:

  • Provide, maintain and secure the platform;
  • Let the right people in a care team see the right records;
  • Support your account, billing and customer requests;
  • Improve reliability and fix problems.

We don’t sell your personal information, and we don’t use care data for advertising.

05 Who can see it

Access inside CiaraLink is controlled by row-level security and consent — users only load the records they’re permitted to see. We share information outside your care team only where it’s needed to run the service (see “Service providers”), where you ask us to, or where the law requires it.

06 Storage & security

Data is stored in our managed database with access controls, encryption in transit, and row-level security so records are isolated to the people entitled to them. No system is perfectly secure, but we take reasonable steps to protect information and to limit who can access it. Tell us promptly if you believe your account has been compromised.

07 Service providers

We rely on trusted infrastructure providers to run CiaraLink — for example, hosting, database and payment processing. These providers handle data only to deliver their service to us, under their own security and privacy obligations. Some providers may store or process data outside Australia; where that happens, we take reasonable steps to ensure appropriate protections apply.

08 Your rights

You can ask to access or correct the personal information we hold about you. If your information was entered by an organisation using CiaraLink (for example, your provider), we’ll usually direct your request to that organisation, as they control those records. Contact us and we’ll help you reach the right place.

09 Keeping & deleting data

We keep personal information for as long as it’s needed to provide the platform and to meet legal obligations. When an account is closed, we’ll delete or de-identify information we no longer need, subject to any retention obligations the organisation or the law requires. Keep your own copies of records you need to retain.

10 Cookies & local storage

CiaraLink uses essential cookies and browser local storage to keep you signed in and to remember basic preferences (for example, an early-access sign-up stored in your browser). We don’t use these for advertising.

11 Changes to this Policy

We may update this Policy as CiaraLink develops. We’ll change the “last updated” date and, for material changes, take reasonable steps to let you know.

12 Contact & complaints

Questions, access requests or privacy concerns? Contact us through the CiaraLink site. If you’re in Australia and aren’t satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.