Privacy Policy

Last updated: 8 June 2026

This privacy policy outlines how I manage your personal information in accordance with the Australian Privacy Principles (APPs) established by the Privacy Act 1988.

At a Glance: How I Handle Your Data

  • Website Hosting: This site is managed by Squarespace, which monitors traffic to help me understand how the site is used.

  • Bookings: Processed via Google Bookings, which collects names and email addresses to schedule and confirm your appointments.

  • Forms: Managed through Astalty to gather necessary information for service coordination. This information is stored securely within Australia and is encrypted both during transit and while at rest.

  • Payments: Information is used to facilitate payments, primarily through NDIS plan managers.

1. Website Traffic and Monitoring

This website is built on the Squarespace platform. Squarespace collects personal data to power the site analytics, including:

  • Information about your browser, network, and device.

  • Web pages you visited prior to coming to this website.

  • Your IP address.

This data is used to analyze site traffic and improve the user experience. Squarespace shares this information with me in a summarised format so I can see how visitors interact with the site. Website traffic information that I have access to includes whether the visitor accessed my site from a search engine like Bing or Google, whether they came from a social media site like Facebook, where the visitor accessed the site from (Australia/US)—yes, according to these statistics, the website appears to be getting traffic from the US (although, I think this traffic is likely to be bots, he he). I can also see which search terms were used to access the website through a search engine. I do not collect any identifying information through Squarespace. However, I do embed and link to Astalty forms and Google bookings through my Squarespace site, which collects the information and stores it securely.

2. Google Bookings and Forms

I use Google services to manage appointments and gather information:

  • Google Bookings: When you book a session, I collect your name and email address as well as other information to assist me to serve your needs. This data is stored within Google's secure infrastructure and used to send you confirmation emails and calendar invites.

  • Astalty Forms: I use forms to collect details necessary for providing support coordination. Data you input is stored on Astalty servers to help me manage your services effectively. This information is stored securely and is encrypted, both at rest and in transit (if you’ve given your consent for me to send it to a third party).

You can read more about how Google protects privacy here. You can read more about Astalty’s security credentials here.

3. Payment Processing

I collect information to ensure I am paid fairly for the services provided.

  • NDIS Participants: I collect details such as your NDIS number, plan start/end dates, and your Plan Manager’s contact information.

  • Invoicing: I use this information to generate invoices, which include the service date, item number, and description of the support provided.

  • Bank Transfers: Payments are made via bank transfer to my designated account.

4. Participant Records and Australian Privacy Law

I am committed to protecting your privacy and keeping good records as required by the NDIS Practice Standards. All participant records—including phone call logs and service agreements—are stored securely in the Astalty database to meet the requirements of the Privacy Act 1988. All participant data, including emails (to and from), information submitted to the newsletter request form, Google bookings, contacts, Google Meet and Google Chat information are all stored on Google Workspace servers in Australia. I have direct control over who accesses this data, and because Google’s security is world class and covered by 2FA. The data is encrypted both while at rest and in transit, which means that all the data I hold is secure. Information I hold will only be shared with direct consent from participants/authorised representatives.

Privacy is hugely important these days for everyone, but doubly for those individuals who live with a disability. From experience, I’ve seen how some providers store data and control who can accesses it. According to Australian privacy laws, data must be controlled and protected, so that only those who need to know information about a participant has access to this data. Unfortunately, some CRM systems used by Australian NDIS providers (yes, registered providers) apply group permissions to their data controls. This means that anyone in a particular group will have access to participant data, regardless of whether they need to know that information or not. This is not acceptable. So I’ve chosen to manage data I hold about participants, their families and other providers with a system where I control what every single individual sees and has access to. Even to the point that if I have sent them a link to a specific document, and the participant/authorised representative consent changes (which often happens), I can still alter access to that document, even though the link has already been sent. Any information held within Google Workspace is never used to train AI bots.

It is the unfortunate circumstance that administrative mistakes can happen (because we’re all human), and information can mistakenly be sent to unauthorised individuals. This is every provider’s worst nightmare, but believe me it happens. This can happen when templates are used and participant information is inadvertently or accidentally saved into the templates, and then due to time constraints, the first participant’s information is not removed. The document is then sent to another participant, not realising it contains information they should not see. Something like this might only result in a minor privacy breach, but that doesn’t mean it is acceptable. It’s not.

I’ve read many allied health reports, where the allied health professional has copied and pasted information from the report of one participant into the report they are currently working on for another participant and forgotten to change the name or some other defining characteristic. It is so easy to do, and it doesn’t necessarily mean the responsible person was careless—it likely means their systems are lax, and they were in a rush and time poor. Astalty’s system doesn’t allow this to happen. It merges information using locked templates (can’t be changed, overwritten or altered) to create a new document, so accidentally leaving information about a specific participant in a template can’t happen. My system also warns me when I am sending information to external organisations such as other providers or the NDIA, so that the chance of accidentally sending information to external parties/organisations is reduced. My audit log also indicates how many times documents have been sent to external organisations/individuals and on what dates. In addition, my system maintains a log of what happened to specific documents, such as if a document was opened, edited, locked, unlocked etc. Not many NDIS CRM systems have features where information can be controlled and audited like that.

5. Your Rights: Accessing, Editing, and Deleting Records

Under the Australian Privacy Principles, you have clear rights regarding the information I hold about you:

  • Access: You have the right to ask to see the records I keep about you at any time.

  • Correction: If any of your information is inaccurate or out of date (such as a change in address or phone number), you can request I edit your records.

  • Deletion: You can request the deletion of your records, subject to my legal obligations to retain certain information under NDIS regulations.

How to make a request:

To view, update, or request the deletion of your information, please contact Jenny Mathers directly:

  • Phone: 0424 766 144

  • Email: jenny@steadyguide.com.au

If you are ever unhappy with how your privacy is handled, you can also contact the NDIS Quality and Safeguards Commission at 1800 035 544.