Legal

Privacy Policy

Last updated: 1 May 2026 · Version 1.0

Cenaris is an Australian company. We handle personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what we collect, why, and your rights.

1. Who we are

Cenaris Pty Ltd ("Cenaris", "we", "us") is an Australian company providing compliance software for NDIS providers and healthcare organisations. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Our registered office is in Adelaide, South Australia.

2. What we collect

We collect personal information you give us through our website forms, sales conversations, and during use of the Cenaris platform. This may include:

  • Contact details (name, work email, phone, organisation, role)
  • Account credentials (when you create a Cenaris account)
  • Information you choose to share in messages or demo calls
  • Technical information (IP address, browser, pages visited) via privacy-respecting analytics
  • Compliance content you upload to the Cenaris platform, on your organisation's behalf

We do not intentionally collect personal health information about NDIS participants through marketing channels. Customer-managed content within the Cenaris platform is governed by your organisation's own privacy obligations and the contract you hold with Cenaris.

3. Why we collect it

We collect personal information to:

  • Respond to enquiries and provide the services you request
  • Operate the Cenaris platform for our customers
  • Send service updates and (with consent) the monthly insights email
  • Comply with our own legal and regulatory obligations
  • Improve our products and the security of our systems

4. How we store it

Personal information is stored on infrastructure hosted in Australia. We use commercially reasonable physical, technical and organisational safeguards, including encryption in transit and at rest, role-based access controls, mandatory MFA for Cenaris staff, and full audit logging.

5. Sharing & disclosure

We do not sell or rent personal information. We share information only with:

  • Service providers who help us operate the business (cloud hosting, email, analytics), bound by confidentiality and processing agreements
  • Authorities where required by law
  • Other parties with your express consent

6. Australian hosting

Cenaris customer data is hosted on Microsoft Azure within the Australia East (Sydney) region. We do not transfer customer-managed compliance data offshore without explicit consent and contractual arrangements.

7. Cookies

We use a small number of cookies for site functionality and privacy-respecting analytics. You can refuse non-essential cookies through the cookie banner shown on first visit, or by adjusting your browser settings. Essential cookies (such as those that maintain your session) are required for the site and platform to function.

8. Your rights

Under the APPs you have the right to:

  • Request access to the personal information we hold about you
  • Ask us to correct information that is inaccurate or out of date
  • Withdraw consent for marketing communications at any time
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

We aim to respond to access and correction requests within 30 days.

9. Policy changes

We may update this policy from time to time. Material changes will be notified by email to account holders and via a banner on the website. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact us

For privacy enquiries, access requests, or complaints, contact our Privacy Officer:

Email: privacy@cenaris.com.au
Post: Privacy Officer, Cenaris Pty Ltd, Melbourne VIC
Hours: Mon–Fri, 9am–5pm AEST