Privacy Policy

NexOrbit is a NDIS care management platform operated by Newdawn Support Services Pty Ltd (“NexOrbit”, “we”, “us”, or “our”). We take the privacy of participants, support workers, and our customers seriously, and we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What this policy covers

This policy explains what personal information we collect through our website (nexorbit.com.au) and the NexOrbit platform, why we collect it, how we use and protect it, and the choices you have about it. It applies to anyone who visits our website, requests a demo, or uses NexOrbit as part of an organisation that subscribes to our service.

2. Information we collect

Information you provide

• Account & contact details — name, work email, phone number, organisation name, role.
• Demo requests & enquiries — anything you choose to share when you fill in our forms.
• Customer-uploaded data — when your organisation uses the NexOrbit platform, it may include personal information about participants, staff, and other individuals (for example names, NDIS numbers, contact details, shift notes, and care records). Your organisation determines what is uploaded and is the data controller; NexOrbit acts as the data processor.

Information collected automatically

• Device and browser information (type, version, operating system).
• Usage information (pages visited, features used, approximate location based on IP).
• Cookies and similar technologies — see our Cookie Policy for details.

3. How we use your information

• To deliver, maintain, and improve the NexOrbit platform.
• To respond to your enquiries and process demo requests.
• To communicate product updates, security notices, and changes to this policy.
• To meet our legal, regulatory, and audit obligations, including those relevant to NDIS service providers.
• To detect, prevent, and respond to fraud or misuse of the platform.

We do not sell personal information to third parties, and we do not use participant or care-delivery data for advertising.

4. Sharing your information

We share personal information only when it’s necessary to operate the service or required by law. This may include:

• Service providers we engage to host, secure, monitor, or support the platform (for example, our Australian cloud infrastructure provider). These providers are bound by written agreements that protect your information.
• Your organisation — if you are a support worker, participant, or other individual whose data is uploaded by a NexOrbit customer, your information is accessible to your organisation’s authorised users.
• Authorities when we are legally required to disclose information (for example, a lawful court order).

5. Where your data is stored

NexOrbit data is hosted in Australia in a sovereign Australian cloud region. We do not transfer customer data offshore in the normal course of operations. Where a sub-processor is located overseas (for example, an email delivery service for system notifications), we contractually require equivalent privacy and security protections.

6. How we protect your information

• End-to-end encryption (256-bit) in transit and at rest.
• Role-based access controls so users only see what they need to.
• Daily encrypted backups.
• Continuous platform monitoring and audit logging.
• Staff training on privacy and security.

No system can be perfectly secure. If we ever experience a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme.

7. How long we keep your information

We retain personal information only for as long as needed to provide the service, comply with our legal obligations, resolve disputes, and enforce our agreements. Customer-uploaded data is retained according to the customer’s own retention rules and applicable NDIS record-keeping requirements.

8. Your rights

Under the Privacy Act, you have the right to:

• Ask what personal information we hold about you.
• Ask us to correct information that is inaccurate or out of date.
• Ask us to delete your personal information, subject to legal and contractual obligations.
• Withdraw consent for marketing communications at any time.
• Make a complaint about how we have handled your information.

If you are an individual whose data was uploaded by a NexOrbit customer (for example, a participant or staff member), please contact your organisation first as they control that data.

9. Cookies

We use a small number of cookies to keep you signed in, remember preferences, and understand how the site is used. See our Cookie Policy for the full list and how to opt out.

10. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of the page reflects the most recent change. If a change is material, we will let our customers know by email or in-product notice before it takes effect.

11. Contact us

If you have questions about this policy, want to exercise any of your rights, or believe we have breached the Privacy Act, please reach out:

• Email: privacy@nexorbit.com.au
• Post: Newdawn Support Services Pty Ltd, Melbourne, Victoria, Australia