Privacy Policy
Last updated: 29 June 2026 · Version 1.0
This Privacy Policy explains how A.C.N. 694 240 152 Pty Ltd (ACN 694 240 152) ("Cenaris", "we", "us") handles personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Purpose and scope
This Privacy Policy explains how A.C.N. 694 240 152 Pty Ltd (ACN 694 240 152) ("Cenaris", "we", "us") handles personal information. Cenaris provides compliance and audit-readiness software for NDIS providers and other regulated organisations. Cenaris handles personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
This Policy applies to:
- personal information that Cenaris collects to operate its business and provide the platform; and
- compliance evidence that customers upload to the platform.
Cenaris is responsible for the personal information in the first category. Customers control the content of the compliance evidence they upload, as set out in section 4 and in the customer's Terms.
2. Information Cenaris collects
Cenaris collects:
- contact and account details, including name, work email, telephone number, organisation, and role;
- information provided in enquiries, communications, or product demonstrations; and
- technical and analytics information, including IP address, browser type, and pages visited, when the website is used.
Cenaris does not seek health information or other sensitive information through its website or marketing.
3. How Cenaris collects personal information
Cenaris collects personal information directly from the individual, from use of its website, and from use of the platform. Where practicable, Cenaris collects personal information directly from the individual concerned.
4. Compliance evidence uploaded to the platform
The platform is designed to hold organisational compliance evidence, including policies, procedures, governance records, registers, training records, and system-level incident and audit documentation.
The platform is not a clinical record system and is not designed to receive personal information about identifiable individuals, including named staff or NDIS participants.
The customer determines the content of its uploads. The customer is responsible for ensuring that personal information about identifiable individuals is not included, and for holding the rights necessary to upload the material it provides. Where personal information is uploaded despite these controls, Cenaris handles it in accordance with this Policy and the customer's Terms.
5. Purposes of use
Cenaris uses personal information to:
- respond to enquiries and provide requested services;
- establish and operate customer accounts and the platform;
- send service communications and, where requested, product updates;
- comply with legal obligations; and
- maintain and improve the security and performance of its systems.
6. Service providers and AI features
Cenaris engages service providers to operate its business, including cloud hosting, email, analytics, and AI providers. These providers are subject to confidentiality and data-handling obligations no less protective than this Policy and the customer's Terms, and may use personal information only to provide services to Cenaris. Cenaris does not sell or rent personal information.
The platform uses AI to assist in classifying and mapping uploaded compliance evidence. AI outputs are indicative only and are intended to support, not replace, the customer's review. AI features are provided by third-party providers that may process content outside Australia. Those providers process content only to generate the AI outputs, do not retain content beyond the period required to return a result, and do not use content to train their models.
A current list of Cenaris service providers is available at cenaris.com.au/sub-processors. Details of the AI providers are available on request. Cenaris will notify customers of material changes to this list by email or by updating that page.
7. Location of information and overseas processing
Information uploaded to the platform is stored in Australia, in the Sydney region. When AI features are used, the relevant content is transmitted to AI providers located outside Australia for the purpose of generating the AI outputs. As the platform is intended to hold organisational compliance evidence and not personal information about identifiable individuals, this processing is not intended to involve such personal information.
Personal information that Cenaris holds to operate its business and customer accounts, including contact and account details, may be handled by service providers located outside Australia, including for cloud hosting, email, and analytics. Where this occurs, Cenaris takes reasonable steps to ensure those providers protect the information and use it only to provide services to Cenaris, consistent with Australian Privacy Principle 8. Cenaris does not otherwise transfer personal information outside Australia without notice.
8. Security
Cenaris takes reasonable technical and organisational steps to protect personal information, appropriate to its size and the sensitivity of the information. These steps include encryption in transit and at rest, role-based access controls, regular security assessments, incident response procedures, and logging of account activity. If a data breach affecting a customer's information occurs, Cenaris will notify the customer without undue delay and assist with the response, in accordance with the customer's Terms.
9. Retention
Cenaris retains personal information for as long as it is required for the purposes in this Policy and for the term of the customer's subscription. After a subscription ends, Cenaris makes the customer's data available for export for 30 days and then deletes it, except where retention is required by law, including records the customer must keep as an NDIS provider. Analysis outputs and related metadata may be retained to support audit history. Activity logs are retained for at least 90 days.
10. Cookies and analytics
Cenaris uses a limited number of cookies for website functionality and for privacy-respecting analytics. Non-essential cookies may be refused through the banner displayed on first visit or through browser settings. Essential cookies are required for the website and platform to operate.
11. Access and correction
An individual may request access to the personal information Cenaris holds about them and may request correction of information that is inaccurate or out of date. Requests should be directed to info@cenaris.com.au. Cenaris will respond within 30 days.
12. Complaints
A complaint about Cenaris's handling of personal information should be directed to info@cenaris.com.au in the first instance. A complaint may also be made to the Office of the Australian Information Commissioner at oaic.gov.au.
13. Changes to this Policy
Cenaris may update this Policy from time to time. Cenaris will notify account holders of material changes by email or by notice on its website. The "last updated" date identifies the current version.
14. Contact
A.C.N. 694 240 152 Pty Ltd (ACN 694 240 152)
Email: info@cenaris.com.au
Address: Level 4, 114 William St, Melbourne VIC 3000