Data handling summary

This summary covers personal information held in Practice Binder accounts: account details (name, email, hashed password, practice name), the records you enter (incidents, behaviour support plans, complaints, restrictive practice entries, registers), and billing metadata when paid plans are enabled. File uploads are disabled during the beta; when re-enabled, attachments will be added to the processor table below.

Data storage is pinned to Australian regions wherever the provider supports it. The current sub-processor list is published on the privacy policy and is versioned; we publish changes before any new processor handles personal information.

Data is stored onshore. However, several providers are incorporated overseas, primarily in the United States, and their staff or systems may access data from overseas for support, maintenance, backups, or security purposes. Before disclosing personal information to an overseas provider we take reasonable steps to ensure the provider handles it consistently with the Australian Privacy Principles, principally through the data protection terms in our agreements with them.

Access to production data is limited to people who need it to operate the Service. During the beta this is a small operator team (one or two people) acting on customer support requests, incident response, or system maintenance. Access is via credentialed accounts on each processor, not shared logins.

• TLS for data in transit.
• Processor-native encryption at rest (Vercel, Neon, Stripe).
• Passwords stored only as salted bcrypt hashes, never in plain text.
• Storage pinned to Australian regions as listed above.

We do not hold ISO 27001, SOC 2, or IRAP certification today. A security maturity roadmap is planned before the Service stores real participant data outside the beta.

The production database uses Neon point-in-time recovery with a 7-day window. Beta data may be purged at the end of the beta period. Account data is retained for as long as the account is active or as needed to provide the Service.

If we confirm a security incident that affects your data, we will notify you within 72 hours of confirmation, by email to the contact address on your account. We assess every confirmed incident against the Notifiable Data Breaches scheme in the Privacy Act 1988 (Cth) and notify the Office of the Australian Information Commissioner (OAIC) where the scheme requires it.

On request, or on termination of your account, we provide a structured machine-readable export of your account data (CSV or JSON) by email. Production data is deleted within 30 days of confirmed termination. Backups containing the data expire on the recovery window described in section 6 and are not retained beyond it.

We may retain limited records (for example, billing records) where Australian law requires it. Those records are kept only for the period the law requires and are not used for any other purpose.

The federal Privacy Act 1988 (Cth) and Australian Privacy Principles apply nationally. In New South Wales, the Health Records and Information Privacy Act 2002 and the Health Privacy Principles also apply to health information; the Australian Capital Territory has equivalent obligations under the Health Records (Privacy and Access) Act 1997. We handle health information consistently with these obligations regardless of where your practice is located.