Privacy Policy

Last updated: February 2026

1. Introduction

MyCaseNote ("we", "our", or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our case note management platform.

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and relevant NDIS privacy requirements.

2. Information We Collect

We collect the following types of information:

Account Information

  • Name and email address
  • Business name and details
  • Password (encrypted)
  • Role and permissions within your organisation

Case Note Data

  • Participant information (names, identifiers)
  • Session details and dates
  • Shift notes and goal progress notes
  • Service stream categorisation
  • Approval and amendment history

Usage Data

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Analytics data to improve our service

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our platform
  • Enable case note creation, submission, and approval workflows
  • Manage user accounts and authentication
  • Facilitate multi-business access for support workers
  • Send service-related communications
  • Respond to support requests
  • Improve and develop new features
  • Ensure platform security and prevent fraud

4. Data Storage and Security

Your data is stored securely using industry-standard encryption and security practices:

  • Data is encrypted in transit (TLS/SSL) and at rest
  • We use Supabase, hosted on Australian servers where possible
  • Access controls ensure only authorised personnel can access data
  • Regular security audits and vulnerability assessments
  • Multi-tenant architecture ensures complete data isolation between businesses

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data only in the following circumstances:

  • Within your organisation: Data is shared between users of the same business according to their roles and permissions
  • Service providers: We use trusted third-party services (hosting, email) who are bound by confidentiality agreements
  • Legal requirements: When required by law, court order, or to protect our legal rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets

6. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data (subject to legal retention requirements)
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

7. Data Retention

We retain case note data for as long as your account is active and as required by NDIS record-keeping requirements. Upon account termination, data may be retained for up to 7 years to comply with legal and regulatory obligations. You may request data deletion, subject to these retention requirements.

8. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We may use analytics cookies to understand how our platform is used. You can control cookie settings through your browser preferences.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the platform after changes constitutes acceptance of the updated policy.