Privacy Policy
Last updated: April 2026
TogetherDaily Pty Ltd (ABN 36 689 161 368) is committed to protecting the privacy of everyone who uses our platform. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Aged Care Act 1997 (Cth), the National Disability Insurance Scheme Act 2013 (Cth), and the NDIS Practice Standards.
By using our platform, you agree to the practices described in this policy.
1. Who We Are
TogetherDaily is a software platform designed for Australian aged care and NDIS providers. We help care organisations share updates, photos, and care documentation with authorised family members and support networks in real time.
We act as a data processor on behalf of provider organisations (our clients), who are the data controllers responsible for the personal information of the people in their care.
2. What Information We Collect
2.1 Provider and Staff Information
- Name, job title, and contact details
- Login credentials (email and encrypted password)
- Activity logs and usage data within the platform
2.2 Family and Authorised Contact Information
- Name and contact details (email, phone)
- Relationship to the person in care
- Communication preferences
2.3 Client (Person in Care) Information
- Name, date of birth, and profile information
- Care notes, daily updates, and progress records
- Photos and videos shared by care staff
- Health and medical information (see Section 3)
- NDIS plan details or aged care assessment information where provided by the operator
2.4 Technical and Usage Data
- IP addresses and device identifiers
- Browser type and operating system
- Pages visited, features used, and session duration
- Cookies and similar tracking technologies (see Section 9)
3. Sensitive Information: Health and Medical Data
We recognise that health and medical information is among the most sensitive categories of personal data. Where our platform is used to record or share health-related information, including diagnoses, medications, behaviours, incidents, or clinical observations, we treat this as sensitive information under the Privacy Act.
We only collect, use, and disclose sensitive information:
- With the consent of the individual or their authorised representative
- Where required or authorised by law
- Where it is necessary to provide the care or service requested
Provider organisations are responsible for obtaining appropriate consents from individuals and their families before entering sensitive information into the platform.
4. How We Use Your Information
- Delivering and maintaining the TogetherDaily platform
- Enabling care staff to document and share updates with authorised family members
- Supporting provider compliance with aged care and NDIS reporting obligations
- User authentication and account management
- Providing customer support to provider organisations
- Improving platform functionality using aggregated, de-identified data only
- Sending service-related communications such as account notifications and policy updates
- Meeting our legal and regulatory obligations
We do not sell data to any third party, use personal information for third-party marketing, or use client health data to train AI models without explicit consent.
5. How We Share Information
5.1 Within the Platform
Information is shared between authorised users only: care staff and family members granted access by the provider organisation.
5.2 Sub-processors and Service Providers
We use a limited number of third-party services bound by data processing agreements:
- Supabase – database and authentication (transitioning to Australian-hosted servers)
- Hostinger – web hosting infrastructure
- Transactional email providers – system notifications only
5.3 Legal Requirements
We may disclose information where required by law or regulatory authority, including the Aged Care Quality and Safety Commission, the NDIS Quality and Safeguards Commission, or the OAIC.
5.4 Business Transfers
In the event of a merger or acquisition, personal information may transfer as part of the transaction. We will notify affected users before any such transfer occurs.
6. Data Storage and Security
- Encrypted data transmission (TLS/HTTPS) for all platform communications
- Encrypted storage of passwords and sensitive credentials
- Role-based access controls: staff and families only see information they are authorised to access
- Regular security assessments and vulnerability monitoring
- Audit logging of data access and modifications
Australian data residency: We are committed to storing all personal data on Australian-based servers. We are currently transitioning our database infrastructure to Australian data centres. Until this transition is complete, data may be processed in the Asia-Pacific region under comparable privacy protections.
7. Data Retention
- Active account data: Retained for the duration of the provider subscription
- Care records and documentation: Retained for a minimum of 7 years, in line with aged care regulatory requirements
- NDIS participant records: Retained in accordance with NDIS Practice Standards and applicable state and territory legislation
- Inactive accounts: Data is securely deleted or anonymised within 90 days of account closure, unless a longer period is required by law
8. Your Rights
Under the Australian Privacy Act, you have the right to:
- Access personal information we hold about you
- Correct inaccurate or out-of-date information
- Request deletion of personal information (subject to legal retention obligations)
- Opt out of non-essential communications
- Make a complaint about how we handle personal information
Contact us at privacy@togetherdaily.com.au. We will respond within 30 days.
9. Cookies and Tracking
Our website uses cookies to improve your experience:
- Essential cookies: Required for core website functionality
- Analytics cookies: Aggregated and anonymised usage insights
We do not use advertising or cross-site tracking cookies. You can manage cookies through your browser settings.
10. Aged Care Specific Obligations
TogetherDaily is designed to support compliance with the Aged Care Quality Standards:
- Standard 1 (Consumer Dignity and Choice): Families and authorised representatives can access care updates with consent
- Standard 6 (Feedback and Complaints): Transparent communication channels between providers and families
- Standard 8 (Organisational Governance): Audit logs and access controls support governance and accountability
Provider organisations retain full responsibility for ensuring their use of TogetherDaily complies with all applicable aged care legislation and standards.
11. NDIS Specific Obligations
For registered NDIS providers, TogetherDaily supports compliance with the NDIS Practice Standards:
- Safe storage and sharing of participant information with authorised support networks
- Role-based access to prevent unauthorised disclosure of participant data
- Incident documentation and reporting support
NDIS providers must ensure that participants have provided informed consent for their information to be shared via the platform, consistent with the NDIS Code of Conduct and Privacy Rule.
12. Data Breach Notification
We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. In the event of an eligible data breach likely to result in serious harm, we will:
- Notify the OAIC as soon as practicable
- Notify affected individuals directly where required
- Take immediate steps to contain and remediate the breach
13. Children and Vulnerable Persons
Our platform may be used in contexts involving children (particularly within NDIS services) and elderly or cognitively vulnerable adults. We do not permit direct collection of information from children under 13 without verifiable parental or guardian consent. Provider organisations are responsible for ensuring appropriate consent and safeguarding procedures are in place for all clients in their care.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify provider organisations via email and update the date at the top of this page. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.
15. Contact Us and Complaints
TogetherDaily Pty Ltd
Email: privacy@togetherdaily.com.au
ABN: 36 689 161 368
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992