Privacy Policy

How Reposia collects, stores, and protects your data.

Data collection

Reposia collects information you provide when creating an account, adding participants, and managing STR requests. This includes names, NDIS numbers, disability details, carer information, and uploaded evidence documents.

Data storage

All data is stored on Australian-region infrastructure. Data is not transferred offshore. We comply with the Australian Privacy Act 1988 and applicable NDIS confidentiality obligations.

Data security

All data is encrypted in transit (TLS 1.2+) and at rest. Access is controlled through role-based permissions. Every action is logged to an immutable audit trail.

Third parties

Reposia does not sell or share participant data with third parties. Automated features (document generation, guidance assistant) use Anthropic's Claude API with zero-retention data processing agreements.

Your rights

You can request access to, correction of, or deletion of your data at any time by contacting us. Organisation administrators can export all data associated with their account.

Contact

For privacy enquiries, contact us at our contact page.

This privacy policy was last updated May 2026. Reposia reserves the right to update this policy. Users will be notified of material changes via email or in-app notification.