Privacy Notice

Last updated: 29 April 2026

1. Who we are

Luke Martin (trading as NDIS Hub, ABN 48 227 743 949, "we", "us", "our") is the data controller for personal data we collect about you when you use our service. We are based in Australia. You can contact us at support@ndi-ai-viper.app or +61 402 630 306.

2. Personal data we collect

• Account data — name, email address, password hash, business name, ABN, contact phone.
• Profile & role data — your selected role (admin / manager / support worker), preferences, and AI assistant settings.
• Service content — participants, rosters, progress notes, invoices and uploaded files. Some of this data may relate to third-party individuals (your participants); you are responsible for having a lawful basis to enter it.
• Support communications — messages you send us and any files you attach.
• Usage & telemetry — pages viewed, features used, analytics events, error logs, device and browser identifiers, IP address, approximate location.
• Voice & AI data — if you use the AI assistant, your prompts and any audio you record for transcription.

3. Why we use your data & legal basis

• Provide the service (contract performance) — create your account, store your records, render the UI, run the AI assistant.
• Security & fraud prevention (legitimate interests) — detect abuse, secure accounts, investigate incidents.
• Customer support (contract / legitimate interests) — respond to your messages and resolve issues.
• Product improvement & analytics (legitimate interests) — measure feature usage and reliability.
• Legal compliance (legal obligation) — respond to lawful requests, keep accounting records.
• Marketing (consent) — only where you have opted in.

4. Who we share your data with

• Hosting & infrastructure providers — to operate the service (database, file storage, edge compute).
• AI processing providers — when you use the AI assistant or voice features, prompts and audio are processed by third-party AI vendors under contract.
• Paddle (Merchant of Record) — Paddle.com Market Limited acts as the Merchant of Record (reseller) for all subscription purchases. Paddle collects and processes your payment details, billing address, and tax information, appears on your card or bank statement as the merchant, issues invoices, and handles refunds and chargebacks. Paddle is a separate data controller for the payment data it collects and is governed by its own privacy policy.
• Analytics & error monitoring — to measure usage and diagnose problems.
• Professional advisers — legal, accounting, audit.
• Authorities — where required by law.

We do not sell your personal data.

5. International transfers

Some of our providers operate outside Australia. Where personal data is transferred internationally we rely on contractual safeguards (such as Standard Contractual Clauses) and provider certifications.

6. How long we keep your data

We keep account and service content for as long as your account is active. After cancellation we keep your data for a reasonable export window (typically 30 days) and then delete or anonymise it, except where we are required to retain it for legal, tax or audit purposes (typically up to 7 years for invoicing records).

7. Your rights

Subject to applicable law (including the Australian Privacy Act and, for users in the UK/EEA, GDPR) you have the right to: access your data; correct inaccurate data; request deletion; restrict or object to processing; portability; withdraw consent; and lodge a complaint with your data protection authority. To exercise any of these rights contact support@ndi-ai-viper.app or +61 402 630 306 (Luke Martin, ABN 48 227 743 949). We aim to respond within one month.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit, encryption at rest for the database, role-based access controls, and audit logging.

9. Cookies

We use essential cookies to keep you signed in and to remember your preferences. We may also use limited analytics cookies to understand how the service is used. You can manage cookies in your browser settings.

10. Children

The service is not directed at children under 16. If you believe a child has provided us personal data without consent, contact us and we will delete it.

11. Changes

We may update this notice from time to time. Material changes will be notified by email or in-app.

12. Contact

Privacy questions: support@ndi-ai-viper.app or +61 402 630 306 (Luke Martin, ABN 48 227 743 949).