Privacy Policy

NovoCove Pty Ltd (ABN 12 345 678 901), referred to as “NovoCove,” “we,” “us,” or “our,” is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS compliance tracking platform for Australian childcare and aged care providers.

We are based in Sydney, Australia, and operate in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) scheme. By using our platform, you consent to the practices described in this policy.

We collect the following types of information to provide and improve our services:

• Personal Information: Names, email addresses, phone numbers, job titles, and user credentials of account administrators and authorised users.
• Staff Data: Employee names, roles, locations, employment dates, and organisational hierarchy information entered by your organisation.
• Certification Records: Copies of certificates, licences, training records, working with children checks, police checks, AHPRA registrations, and other compliance documents uploaded to the platform.
• Usage Data: Log data, IP addresses, browser types, device information, access times, pages viewed, and feature usage analytics collected automatically through cookies and similar technologies.

We use the information we collect for the following purposes:

• Compliance Tracking: To monitor certification expiry dates, renewal requirements, and regulatory compliance status across your organisation.
• Alerts and Notifications: To send automated expiry alerts at 90, 60, 30, 14, 7, and 1 day intervals, and other compliance-related reminders via email, SMS, or push notifications.
• Reporting: To generate compliance reports, evidence packs for ACECQA and ACQSC audits, and analytics dashboards.
• Service Improvement: To analyse usage patterns, identify bugs, develop new features, and enhance platform performance and user experience.
• Support: To respond to enquiries, troubleshoot issues, and provide customer and technical support.

All data is stored on Amazon Web Services (AWS) infrastructure located in Sydney, Australia, ensuring Australian data sovereignty. We implement industry-standard security measures including:

• AES-256 encryption at rest for all stored data
• TLS 1.3 encryption in transit for all data transmissions
• Role-based access controls (RBAC) and multi-factor authentication (MFA)
• Regular security audits, vulnerability assessments, and penetration testing
• Automated backup systems with daily snapshots and point-in-time recovery

NovoCove is aligned with ISO 27001 information security management standards. We do not store Australian customer data outside Australia unless explicitly required and agreed upon.

We do not sell, rent, or trade your personal information to third parties. We only share data in the following limited circumstances:

• With Your Consent: We may share information with third parties when you explicitly authorise us to do so.
• Service Providers: We engage trusted third-party vendors (e.g., AWS, email delivery services, analytics providers) who are bound by confidentiality obligations and only process data on our instructions.
• Regulatory Bodies: We may disclose information when required by law, court order, or to comply with requests from Australian regulatory bodies such as ACECQA, ACQSC, or the Office of the Australian Information Commissioner (OAIC).
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

Under the Privacy Act 1988 (Cth), you have the following rights:

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate, outdated, or incomplete information.
• Deletion: Request deletion of your personal information, subject to our legal obligations to retain certain records.
• Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format.
• Complaint: Lodge a complaint with us or the OAIC if you believe we have breached your privacy.

To exercise any of these rights, please contact us using the details provided at the end of this policy. We will respond within 30 days of receiving your request.

We use cookies and similar tracking technologies to enhance your experience, analyse usage, and deliver personalised content. Cookies are small data files stored on your device that help us remember your preferences and understand how you interact with our platform.

The types of cookies we use include:

• Essential Cookies: Required for the platform to function properly (e.g., authentication, security).
• Analytics Cookies: Help us understand how visitors interact with our platform so we can improve it.
• Functionality Cookies: Remember your preferences and settings for a better experience.

You can manage or disable cookies through your browser settings. However, disabling essential cookies may affect the functionality of the platform.

NovoCove complies with the Australian Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). In the event of a data breach that is likely to result in serious harm to individuals, we will:

• Take immediate steps to contain the breach and prevent further unauthorised access
• Conduct a prompt assessment to determine the scope and impact of the breach
• Notify affected individuals and the OAIC as soon as practicable, and within 72 hours where feasible
• Provide guidance on steps individuals can take to protect themselves

We maintain a comprehensive data breach response plan and conduct regular training to ensure our team can respond swiftly and effectively to any security incident.

Our platform integrates with third-party services to provide functionality. These services have their own privacy policies and data handling practices:

• Amazon Web Services (AWS): Cloud infrastructure and data storage (Sydney region).
• SendGrid / Twilio: Email and SMS notification delivery.
• Google Analytics: Usage analytics and platform performance monitoring.
• Stripe: Payment processing for subscription billing (if applicable).

We carefully select third-party providers who maintain appropriate privacy and security standards. We encourage you to review the privacy policies of these services.

Our platform is designed for use by Australian childcare and aged care providers, and is intended for use by adults (administrators, managers, and authorised staff). We do not knowingly collect personal information from children under 16 years of age.

In the course of providing compliance tracking services, childcare providers may enter information about children in their care (e.g., for educator-to-child ratio compliance). This data is processed solely on behalf of the childcare provider and in accordance with their instructions. The provider remains the data controller for this information.

If you believe we have inadvertently collected personal information from a child without appropriate authorisation, please contact us immediately and we will take steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform functionality. We will notify you of material changes by:

• Posting the updated policy on our website with a revised “Last Updated” date
• Sending an email notification to account administrators
• Displaying a notice within the platform upon login

We encourage you to review this policy periodically. Your continued use of the platform after changes constitutes acceptance of the updated policy.

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact our Privacy Officer:

We take all privacy complaints seriously and will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.