Privacy Policy

This Privacy Policy explains how Kings AI Automation Pty Ltd (ACN 697 368 282, ABN 31 697 368 282), trading as KAINDIS ("KAINDIS", "we", "us", "our"), collects, holds, uses, discloses and protects personal information. It applies to the KAINDIS platform, our websites at kaindis.com and kai-auto.com, and any related services. It is the current and authoritative version of our Privacy Policy and supersedes any earlier version, including any earlier PDF published before 9 May 2026.

We are an APP entity under the Privacy Act 1988 (Cth) and we handle "health information" that is also regulated by the Health Records Act 2001 (Vic). We comply with the Australian Privacy Principles (APPs) and, where they apply, the Health Privacy Principles (HPPs). The platform is used by Australian NDIS providers, and we recognise that almost all Customer Data we process for them is sensitive information about people with disability. We treat that data accordingly.

1. Who we are and how to contact us

Our registered office is in Victoria, Australia. Our Privacy Officer can be reached at kaindis@kai-auto.com. We aim to respond to privacy enquiries and complaints within 30 days, and to access requests within the timeframes required by APP 12 (reasonable period, generally 30 days) and HPP 6 (within 45 days for health information held in Victoria).

2. Our role: APP entity and processor

For the data we collect directly from website visitors, prospective customers and our own staff, we are the APP entity and the relevant organisation under the Health Records Act 2001 (Vic).

For the Customer Data that NDIS providers (our customers) upload to the KAINDIS platform about their participants, staff, carers and nominees, the customer organisation is the APP entity and we act as a service provider processing the data under our Data Processing Addendum on behalf of and under the documented instructions of the customer. Individuals whose data is uploaded by an NDIS provider should generally contact that provider first to exercise privacy rights; we will assist the provider to respond.

3. Information we collect

3.1 Account and registration

Names, email addresses, phone numbers, role titles, organisation name, ABN, billing address, the date, time and IP address of Terms acceptance, and any referral code.

3.2 Customer Data uploaded by NDIS provider customers

Including, depending on configuration:

• Participant data: name, preferred name, date of birth, gender, NDIS number (encrypted at rest using AES-256-GCM), contact details and address, primary disability and risk factors (risk factors encrypted at rest using AES-256-GCM), medical and health information (encrypted at rest using AES-256-GCM), emergency contacts, NDIS plan and funding details, GPS coordinates of service addresses, goals, care plans, service agreements, booking history, incident reports and care notes.
• Staff data: name, contact details and address, profile photo, employment type, availability, qualifications and screening checks (NDIS Worker Screening, Working with Children Check, including check number and expiry), GPS clock-in/clock-out coordinates, accessibility preferences, hashed passwords, MFA secrets, session and trusted-device records and failed-login attempts.
• Family member, carer and nominee details where the Customer links them to a participant.

We treat health information, disability information and NDIS numbers as sensitive information under APP 3 and as health information under the HPPs.

3.3 Billing

Business name, ABN, billing email and address, subscription tier and payment status, Stripe customer and subscription identifiers, and tokenised payment methods. We do not store raw card or bank details — those are tokenised by Stripe.

Where the Customer has enabled clause 12A of the Terms of Service (participant payments via a connected Stripe account), we additionally collect and store Stripe customer ids, session ids, payment intent ids, and the audit record of director acknowledgment (acknowledging director identity, timestamp, and any supplied note). These identifiers are linkable to the participant whose invoice was generated and are treated as Personal Information (but not as sensitive information under APP 3). Raw card or bank details are never stored by KAINDIS — they are tokenised by Stripe.

3.4 Automatically collected information

• Session data: IP address, user-agent, device type, session timestamps.
• Device fingerprint: a one-way SHA-256 hash used for trusted device identification only.
• Audit logs: a record of every create, update and delete on the platform, including the acting user, timestamp, IP, and before/after data snapshots — used to meet NDIS Practice Standards accountability requirements.
• Error logs: technical error records. Sensitive fields (NDIS numbers, medical data, credentials, MFA codes and 25+ other fields) are redacted at the point of capture before storage.
• Document access logs: records of when documents are viewed, downloaded or deleted.
• Cookies: see clause 11.

3.5 Mobile applications

Foreground GPS at clock-in/out and task-completion events; photographs (with embedded GPS and timestamp) for cleaning task documentation and incident reports; push notification tokens; the Expo installation ID. We do not collect advertising identifiers. Background location and microphone access are declared in the manifest for future functionality but are not currently active in production.

4. How and why we use information (APP 6)

We use personal information for the following purposes:

• To provide, secure, support, maintain and improve the platform, including bookings, rostering, care notes, incident reporting, claims and invoicing.
• To prepare NDIS claim files for upload to the NDIA (and, in future, to submit claims directly via Services Australia's PRODA / Medicare ECLIPSE APIs when those integrations are activated and the Customer enables them). Today, KAINDIS generates the NDIA Bulk Payment Request CSV inside the platform; the Customer uploads it via myplace themselves. No claim data is transmitted from KAINDIS to PRODA or ECLIPSE yet — see the sub-processor list for the current status.
• To authenticate users, enforce MFA and detect, prevent and respond to security incidents, abuse, and fraud.
• To meet our legal and compliance obligations, including the Privacy Act 1988 (Cth), the Health Records Act 2001 (Vic), the Spam Act 2003 (Cth), the NDIS Act 2013 (Cth), the NDIS Code of Conduct, the NDIS Practice Standards, the Fair Work Act 2009 (Cth), the Corporations Act 2001 (Cth) and tax law.
• To communicate with users about the service, including incident notifications, billing and changes to legal documents.
• To produce aggregated, de-identified analytics for the purpose of operating, improving and benchmarking the service, where the data cannot reasonably be used to re-identify any individual.

We do not use personal information for direct marketing without consent, and we do not sell personal information.

5. Disclosure to sub-processors and third parties

We disclose personal information to a limited list of vetted sub-processors only as necessary to operate the platform. The current list, including the data categories disclosed and the country of processing, is published at /legal/sub-processors. We contractually bind sub-processors to data protection obligations equivalent to those in our DPA, in accordance with APP 8.1.

We may also disclose personal information: (a) where compelled by a law of Australia, including a subpoena, warrant or production notice; (b) to professional advisers under confidentiality obligations; (c) to law enforcement, regulators, or the NDIS Quality and Safeguards Commission where required or permitted by law; and (d) in connection with a corporate transaction (acquisition, merger or sale of assets), in which case the recipient must be bound by privacy obligations no less protective than this Policy.

6. AI features

The platform includes optional AI-assisted features (a chatbot, suggestion engine, and voice-to-text transcription).

• The AI chatbot transmits the user's typed query, the conversation history for the current session, and contextual NDIS data relevant to the query (which may include participant names, plan information, booking details, budgets, goals, staff profiles and organisation details) to Anthropic, PBC for processing via the Claude API.
• Voice-to-text transcription transmits audio recordings made by Customer staff to OpenAI, L.L.C. (primary, via the Whisper API) or Google LLC (Google Cloud Speech-to-Text, fallback). Audio may contain voices of participants and staff. The transcribed text is returned to KAINDIS and stored in the Customer tenant. Both providers operate on a zero-retention basis for API submissions and do not use the data to train their models.
• Based on each provider's published API terms as at the date of this Policy, none of the AI providers we use train their models on Customer Data submitted via the relevant API. We monitor those terms and will update the Sub-processor list and this Policy if the position changes for any provider.

AI features are optional. An organisation administrator may request that AI features be disabled at the tenant level by emailing kaindis@kai-auto.com. AI output is generated probabilistically and may be inaccurate or incomplete; users should independently verify any AI output before relying on it for any decision affecting an NDIS participant. Our use of AI is consistent with the principles in the Australian Government's Voluntary AI Safety Standard (2024).

7. Cross-border data transfers (APP 8)

Customer Data is primarily stored in Sydney, Australia (AWS ap-southeast-2). Some sub-processors are based outside Australia, as listed in the Sub-processor list. Before disclosing personal information to an overseas recipient, we take the steps required by APP 8.1 to ensure the recipient handles the information consistently with the APPs, including by entering into a written contract that imposes equivalent obligations.

8. Data retention and deletion (APP 11)

We retain personal information only as long as necessary for the purposes set out in this Policy and to meet our legal obligations. Retention periods are configured centrally and enforced by an automated nightly purge:

• Participant records and service-delivery records: 7 years after the last service. For participants who were minors at the time of service: until age 25, or 7 years, whichever is later (NDIS Practice Standards).
• Financial records, invoices, and NDIS claims: 7 years from financial year end (Corporations Act 2001 (Cth) and ATO requirements).
• Staff compliance and screening records: 7 years from the check date.
• Employment records: 7 years (Fair Work Act 2009 (Cth)).
• Audit logs: 7 years.
• Error logs: 90 days, with sensitive-field redaction applied at point of capture.
• Session and trusted-device records: 12 months.
• AI chat history: retained while the account is active; orphaned conversations purged after 90 days; deleted on a verified erasure request.
• Uploaded files and photos: 7 years from creation, or until the organisation account is closed.
• Inactive user accounts: retained for 7 years then purged, unless an earlier verified erasure request is made.

On termination of a customer subscription, Customer Data is retained for 30 days to allow self-export and reactivation, then permanently deleted, except where a longer period of retention is required by law.

9. Security (APP 11)

We maintain a risk-appropriate information-security program, including:

• AES-256-GCM encryption at rest for NDIS numbers, medical information, and authentication secrets.
• HTTPS/TLS 1.2+ for all traffic in transit, with HSTS enforced.
• PostgreSQL Row-Level Security enforcing multi-tenant isolation on every database query.
• Role-Based Access Control with granular permissions, MFA on privileged accounts, and account lockout after repeated failed logins.
• Infrastructure hosted in Sydney, Australia (AWS ap-southeast-2).
• Sensitive-field redaction in error and audit logs at the point of capture.
• Vulnerability management, monitoring, and incident response aligned with the ACSC Essential Eight self-assessment.

While we take significant steps to protect personal information, no system is completely immune to security risk, and we cannot guarantee absolute security.

10. Your rights (APP 12, APP 13, HPP 6, HPP 7)

• Access. You may request access to the personal information we hold about you. NDIS participants can view their own data through the participant portal. Other requests should be made by email — we will respond within 30 days for APP information and 45 days for health information held in Victoria.
• Correction. You may request correction of inaccurate, incomplete, irrelevant or out-of-date personal information.
• Erasure. You may request deletion of your personal information. We will honour the request unless we are required by law to retain the data (for example, NDIS or tax retention obligations), in which case we will tell you which records are retained and why.
• Withdraw consent. Where we rely on your consent (for example, optional integrations), you may withdraw consent at any time by contacting us or disconnecting the integration.
• Anonymity and pseudonymity. Where lawful and practicable, you may interact with us anonymously or under a pseudonym (APP 2).
• Complain. See clause 12.

11. Cookies

We use only essential authentication cookies. We do not use advertising, profiling or third-party analytics cookies. Cookies are HttpOnly and Secure, and not accessible to client-side JavaScript. Because the cookies we use are strictly functional and necessary to provide the service, a consent banner is not presented; we disclose their use in this Policy in accordance with APP 5 notice requirements.

12. Complaints

If you have a privacy complaint, please contact our Privacy Officer at kaindis@kai-auto.com. We will acknowledge your complaint within 5 business days and respond substantively within 30 days. If you are not satisfied with our response, you may complain to:

• Office of the Australian Information Commissioner (OAIC): oaic.gov.au · 1300 363 992 · GPO Box 5218, Sydney NSW 2001.
• Health Complaints Commissioner (Victoria): hcc.vic.gov.au · 1300 582 113 — for complaints involving health information held in Victoria.
• NDIS Quality and Safeguards Commission for NDIS-specific concerns: ndiscommission.gov.au · 1800 035 544.

13. Notifiable Data Breaches

We comply with Part IIIC of the Privacy Act 1988 (Cth) (the Notifiable Data Breaches scheme). If we become aware of an eligible data breach, we will assess it without undue delay, and notify the Office of the Australian Information Commissioner and affected individuals as soon as practicable, in any event within 30 days of becoming aware where notification is required. For Personal Information processed on behalf of a customer organisation, we will notify the customer without undue delay and within the time windows specified in the DPA.

14. Children

The NDIS supports participants of all ages, including minors. KAINDIS does not knowingly collect personal information directly from children. Where a participant is a minor, the participant's nominated family member or carer holds the linked account. The customer organisation is responsible for ensuring that consent and notification requirements for minors are met under the NDIS scheme's consent framework and applicable law.

15. Statutory tort of serious invasion of privacy

From 10 June 2025, individuals in Australia have had a statutory right under Schedule 2 of the Privacy Act 1988 (Cth) to bring proceedings for a serious invasion of privacy by intrusion upon seclusion or misuse of personal information. We design our controls to minimise the risk of intrusion or misuse of personal information. If you consider you may have a claim, you may notify our Privacy Officer in addition to any complaint to the OAIC.

16. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified to organisation administrators by email at least 14 days before they take effect, and will be published on this page with an updated effective date. Continued use of the platform after that date constitutes acceptance of the revised Policy.