Privacy Policy

Notara (“we”, “us”, “our”) operates notara-three.vercel.app. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using Notara, you agree to the collection and use of information in accordance with this policy.

Notara is an AI-powered compliance documentation platform built for Australian NDIS providers and support workers. We are based in Sydney, New South Wales, Australia.

For privacy enquiries contact: saka.asif0@gmail.com

We collect the following personal information:

• Account information: Your email address and password when you create an account.
• Documentation data: Participant names, worker names, session descriptions, and any other information you enter when generating compliance documents. This may include sensitive information about NDIS participants.
• Usage data: Information about how you use the platform including documents generated, document types, and timestamps.
• Payment information: We use Stripe to process payments. We do not store your credit card details. Stripe's privacy policy applies to payment processing and can be found at stripe.com/privacy.
• Technical data: IP address, browser type, device information, and cookies necessary for the platform to function.

We use your information to:

• Provide and operate the Notara platform
• Generate NDIS compliance documents using AI
• Process your subscription payments
• Send account-related emails including verification, password reset, and billing notifications
• Improve and develop the platform
• Comply with legal obligations

Notara uses the Anthropic Claude API to generate compliance documents. When you submit a session description, participant name, and worker name, this information is sent to Anthropic’s API for processing.

Anthropic does not use your data to train their AI models. Their privacy policy can be found at anthropic.com/privacy.

We only send the minimum information necessary to generate your document.

All data is stored in Australia using Supabase with servers located in the Sydney region (ap-southeast-2). Your data does not leave Australia except when processed by the Anthropic API as described above.

We implement the following security measures:

• Row Level Security (RLS) ensuring you can only access your own documents
• Encrypted connections (HTTPS) for all data transmission
• Encrypted password storage — we never store passwords in plain text
• Access controls limiting who can access production systems

Despite these measures, no system is completely secure. We encourage you to use a strong, unique password for your Notara account.

Documents you generate through Notara may contain sensitive information about NDIS participants including health, disability, and personal care information. This is considered sensitive information under the Privacy Act.

We collect this information solely for the purpose of generating compliance documentation at your direction. We do not share, sell, or use participant information for any other purpose.

You are responsible for ensuring you have appropriate authority to enter participant information into Notara and that doing so is consistent with your obligations under the NDIS Practice Standards and Code of Conduct.

We do not sell your personal information to third parties.

We share information only with:

• Anthropic — for AI document generation as described in Section 5
• Stripe — for payment processing
• Supabase — for data storage and authentication
• Vercel — for hosting and deployment
• Law enforcement or regulators — where required by law

Under the Australian Privacy Principles you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and all associated data
• Complain about how we handle your information

To exercise any of these rights contact us at saka.asif0@gmail.com. We will respond within 30 days.

You can delete your account at any time from Settings → Danger Zone → Delete Account. This permanently deletes your account and all documents associated with it.

We retain your account information and documents for as long as your account is active. When you delete your account all personal information and documents are permanently deleted within 30 days. Payment records may be retained for up to 7 years as required by Australian tax law.

Notara uses essential cookies only — these are required for authentication and session management. We do not use advertising or tracking cookies.

Notara is not intended for use by persons under the age of 18. We do not knowingly collect information from minors.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email. Continued use of Notara after changes constitutes acceptance of the updated policy.

If you believe we have breached the Australian Privacy Principles you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

For any privacy questions or concerns:

• Email: saka.asif0@gmail.com
• Location: Sydney, New South Wales, Australia