Privacy

Privacy Policy

This policy explains how we handle personal information across the iWeave Cloud platform, the iWeave Staff mobile app for iOS and Android, and this website.

Who we are

iWeave Cloud is built and operated by Triple R Technology PTY LTD ("iWeave", "we", "us"), an Australian company that makes software for NDIS and aged care providers. This policy covers the iWeave Cloud platform (the web portals and APIs providers use to run their operations), the iWeave Staff mobile app for iOS and Android, and this website, iweave.com.au. We handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Our role: we hold data on behalf of care providers

Most of the information in iWeave is entered by care providers (our customers) about their own staff and the people they support. Those records belong to the provider. We store and process them on the provider's behalf so they can deliver care and meet their own obligations, and each provider's data is kept separate and isolated from every other provider's.

If you're a participant, client, or family member with questions about information a provider holds about you, start with that provider. They control those records, and we will support them in responding to you.

What we collect

  • Staff account details: name, email address, and login credentials for provider staff who use the platform or the mobile app.
  • Client and participant care records: information provider staff enter about the people they support, including NDIS-related details and health and support information. This is sensitive information under the Privacy Act, and we hold it on behalf of the care provider.
  • Rosters and shifts: schedules, shift assignments, and shift activity.
  • Location at check-in and check-out: the mobile app records your location at the moment you check in or out of a shift, so the provider can confirm the shift happened at the right place. That's it. The app does not track your location in the background or between shifts.
  • Shift notes and attachments: notes, photos, and documents staff attach to their work.
  • Timesheets and incident reports: records of hours worked and incidents logged during care delivery.
  • Invoicing and billing data: the billing records providers generate from delivered services.
  • Push notification tokens: a device token so we can send notifications like shift reminders.
  • Crash and performance diagnostics: the mobile app uses Firebase Crashlytics to collect crash reports and performance data so we can find and fix problems. This data is not used for advertising, and the app contains no tracking or advertising SDKs.

Biometric unlock (Face ID / Touch ID / fingerprint) is processed entirely on your device by the operating system. Biometric data never leaves your device and we never see it.

This website itself uses no analytics, tracking, or advertising cookies.

How we use information

We use this information to run the service: rostering, care records, timesheets, billing, and reporting for care providers. Where a provider has turned on geofenced check-in, we use location to confirm shift attendance. We also use information to send operational notifications like shift reminders, to keep the service secure, to diagnose faults and fix crashes, and to support providers and their staff.

We do not use personal information for advertising, and we never sell it.

Who we share information with

We share personal information only with the service providers we need to run the platform: Google Cloud / Firebase (hosting, file storage, notifications, and crash reporting) and Neon (database hosting). Both process data for us under their own security and privacy commitments. If you submit the demo form on this website, the details you enter (such as your name, email, and organisation) are delivered to us by Formspree, our form-processing provider. We may also disclose information where Australian law requires it.

Where your data lives

Core personal information, including client and participant records, rosters, and documents, is stored in Australia (Sydney). Some limited technical data, such as crash reports and device tokens, may be processed overseas, including in the United States, by our service providers, such as Google. Enquiries submitted through this website's demo form are also processed in the United States by Formspree.

How we protect it

Data is encrypted in transit and at rest. Access is controlled through role-based permissions, so people only see what their role requires, and our own staff's access is limited the same way. Each provider's data is kept separate from every other provider's. No system is perfectly secure, but we take this seriously and keep improving.

How long we keep it, and how to have it deleted

We keep personal information for as long as we need it to provide the service and as long as Australian law requires. After that, we delete it or de-identify it.

Anyone can ask us to delete their personal information by emailing support@iweave.com.au. Where the information is part of a care provider's records (which is most of it), the provider controls those records, so we will route your request to them or work with them to resolve it. Staff accounts in the iWeave Staff app are created and managed by your employer, not by you in the app, so account deletion also goes through your employer. Email us and we will help make that happen.

Access and correction

You can ask to see the personal information we hold about you, and ask us to correct it if it's wrong. Email support@iweave.com.au. If the information is part of a care provider's records, we will usually work with that provider to handle your request, since they own and manage those records.

Complaints

If you think we've mishandled your personal information, email support@iweave.com.au and tell us what happened. We will look into it and reply. If you're not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Changes to this policy

When we change this policy, we will update this page and the "Last updated" date at the top. If a change is significant, we will tell the care providers who use the platform directly.

Contact us

For privacy questions, access or correction requests, deletion requests, or complaints, email support@iweave.com.au.