PlanIt

Privacy Policy

Last updated: 6/3/2026

1. Who we are

PlanIt ("PlanIt", "we", "us", "our") provides software that helps NDIS participants, their nominees, support coordinators, and providers manage plans, goals, services, documents, and communication. PlanIt is the data controller for the personal information described in this notice.

2. Personal data we collect

  • Account data: name, email, password (hashed), role, organisation details.
  • Profile data: business name, ABN, address, phone, website, logo, capability tags.
  • Participant data you upload: NDIS plan content, goals, milestones, case notes, incidents, reports, agreements, documents.
  • Communications: in-app messages, inquiries, email notifications.
  • Usage and device data: log events, IP address, device/browser information, cookies and similar identifiers.
  • Payment-related data: billing tier and subscription status. Payment instruments and tax data are collected and processed by Paddle as our Merchant of Record.

3. Why we use your data

  • Create and operate your account and provide the features you sign up for.
  • Generate plan summaries, goal matches, reports, and reminders.
  • Provide customer support and respond to inquiries.
  • Detect, prevent, and address fraud, abuse, and security incidents.
  • Improve the product, including aggregated analytics.
  • Comply with legal and regulatory obligations.

4. Legal basis

We process personal data on the following bases: performance of a contract (operating your account), legitimate interests (security, product improvement, fraud prevention), consent (optional features, marketing where applicable), and legal obligation (record-keeping, tax, responding to lawful requests).

5. How we share data

  • Service providers / subprocessors we use to host, store, monitor, email, and secure the service.
  • Paddle.com Market Limited acts as the Merchant of Record for all our orders. Paddle handles checkout, payment processing, billing, tax compliance, invoicing, and refund handling. See Paddle's Buyer Terms at paddle.com/legal/checkout-buyer-terms.
  • Other users you share with — when you invite a coordinator, nominee, provider, or participant, the relevant data is shared with them inside the platform.
  • Professional advisers (legal, accounting) where reasonably necessary.
  • Authorities where required by law or to protect rights, safety, and property.

6. International transfers

Some of our service providers may process personal data outside your country. Where this happens, we rely on appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions) to protect your data.

7. Data retention

We keep personal data only for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymise it.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, object to certain processing, withdraw consent, and complain to a supervisory authority. To exercise these rights, contact us using the details below. We will respond within the timeframe required by applicable law (generally within one month under the GDPR).

9. Security

We use appropriate technical and organisational measures including encryption in transit, access controls, audit logging, and least-privilege role-based access to protect your personal data.

10. Cookies

We use strictly necessary cookies to keep you signed in and to operate the service. We may use limited analytics cookies to understand product usage. You can manage cookies through your browser settings.

11. Contact

For privacy questions, contact PlanIt at privacy@ethiplan.com.