Privacy Policy

The app may handle user account details, organisation and team membership, client profile information, appointments, funding records, case notes, documents, alerts, activity logs, feedback, and operational error reports.

Provider organisations decide what participant information they are authorised to enter into AlliedSpace as part of their service delivery and record keeping. They remain responsible for participant consent, nominee/guardian authority, and their own privacy, clinical, record-keeping, and NDIS obligations.

NDIS numbers and similar government identifiers may be entered by provider users as participant reference information where appropriate. AlliedSpace does not adopt NDIS numbers as AlliedSpace account, user, organisation, or customer identifiers.

AlliedSpace gives short collection notices at the main places where information is entered or processed, including account signup, client profile creation and update, funding entries, notes, document uploads, voice transcription, AI SOAP drafting, feedback, contact forms, and data requests.

Those notices explain the collection purpose and remind users not to enter information that is unnecessary or outside their authority.

Information is used to provide authenticated access, organisation and client access controls, appointment visibility, funding tracking, document management, alerts, activity logs, support, reliability monitoring, optional voice transcription, and optional AI SOAP drafting.

Transactional account emails, such as confirmations, invites, and password resets, are used to help users securely access their AlliedSpace account.

Walkthrough and product-news contact is used only where a person has agreed to that contact. People can opt out of marketing-style contact at any time by replying unsubscribe or contacting support.

The app uses Supabase Auth, required authenticator MFA, a 30-minute idle sign-out, organisation-level data separation, database-level Row Level Security, role and client assignment controls, private document storage, app-mediated downloads, metadata-only activity logs, rate limits, monitoring sanitisation, organisation-level controls for AI features, and privacy steps before external AI workflows.

Provider users only see client information according to their organisation, role, and client assignment. AlliedSpace owner/support views focus on product feedback and sanitised reliability events rather than browsing client records, case notes, or documents.

AI SOAP drafting is optional. When a practitioner chooses to convert a case note into a SOAP draft, AlliedSpace first prepares the note inside the app before it is sent to the AI provider.

That preparation step looks for obvious direct identifiers, such as known client or person names, contact details, phone numbers, addresses, dates, links, and common reference numbers. When found, those details are replaced with plain labels such as [client], [person], [contact], [address], or [identifier].

The AI provider receives the prepared case-note content and limited session context needed to draft the SOAP note. Full client profiles, uploaded documents, funding ledgers, access tokens, API keys, and the original unprepared case note are not sent for SOAP drafting.

The generated SOAP note is saved as a draft for the practitioner to review, edit, and approve before relying on it.

Voice transcription is also optional. When a practitioner uses the microphone control, AlliedSpace sends the temporary audio recording and limited transcription instructions to OpenAI's transcription service so speech can be turned into editable draft text.

AlliedSpace does not save the raw audio recording in Supabase, attach it to the client record, or include it in activity logs. The transcript is placed into the note editor and is only saved to the participant record if the practitioner reviews and saves the note.

OpenAI may process and temporarily retain API inputs and outputs under its API data handling terms. AlliedSpace does not describe voice transcription as zero-retention unless the relevant OpenAI account and endpoint have been confirmed for zero data retention.

AlliedSpace uses Supabase for authentication, database, and private storage. The current database region is Sydney, Australia.

AlliedSpace uses Vercel for application hosting, Resend for account, walkthrough, and support emails, Cloudflare for domain services and private document backup storage, OpenAI for optional voice transcription and AI SOAP draft generation, and Google Sheets for provider contact and mailing-list management.

Some subprocessors may process operational, support, AI, email, or contact-list data outside Australia. AlliedSpace records each subprocessor's purpose, data categories, sensitive-data exposure, known region or retention caveats, and review status.

Organisation admins can submit access/correction, export, and workspace closure or deletion requests from the account area. Requests are reviewed by configured AlliedSpace owners before action is taken.

Sensitive exports are handled through an agreed secure channel after requester verification. Destructive changes are not automatic and are reviewed against provider record-keeping, audit, backup, legal, and operational constraints.

Client records, notes, funding entries, documents, and audit history are retained unless changed through a controlled process because they support provider record keeping, traceability, and recovery.

Operational metadata has shorter retention where practical. Provider contact and product-news details are retained only while useful for agreed communications, while opt-out suppression details may be retained in minimal form so unsubscribe requests can be honoured.

Privacy questions, correction requests, access requests, complaints, or unsubscribe requests can be sent to support@alliedspace.com.au.

AlliedSpace will review the request, verify the requester where needed, record the outcome, and escalate privacy or breach concerns through the documented incident and breach response process.

For privacy, support, or walkthrough enquiries, contact support@alliedspace.com.au.