Last updated: 4 May 2026
SERVEOS is an NDIS operational integrity platform developed and operated in Australia. SERVEOS provides software-as-a-service (SaaS) tools to registered and unregistered NDIS providers to assist with shift management, compliance documentation, participant records, and workforce management.
SERVEOS is operated by its developer ("we", "us", "our"). Our platform is hosted in Australia using Supabase (Sydney, ap-southeast-2) and Vercel infrastructure.
This Privacy Policy applies to all users of SERVEOS including Provider administrators, support workers, and any person whose information is entered into the platform by a Provider.
We are committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Given the sensitive nature of NDIS participant data, we apply heightened standards of care to all information processed through our platform.
We recognise that NDIS participant information is sensitive health and disability-related information under the Privacy Act and handle it accordingly.
When a Provider signs up for SERVEOS we collect:
Providers may enter worker information including:
Providers may enter participant information including:
This information is entered by the Provider and is the Provider's responsibility to collect with appropriate consent from participants.
We automatically collect certain technical information including:
We use the information collected for the following purposes:
We do not use participant data for any purpose other than providing the platform service to the Provider who entered it.
We do not sell, rent, or share personal information with third parties for marketing purposes.
SERVEOS collects GPS location data from workers during shift activities including check-in, check-out, and checklist item completion. This data is collected for the purpose of verifying service delivery for NDIS compliance and audit purposes.
Workers are required to consent to location data collection before their first check-in. GPS data is:
All data is stored in Australia using Supabase (Sydney, ap-southeast-2 region). We implement the following security measures:
While we implement strong security measures, no system is completely impenetrable. In the event of a data breach we will notify affected Providers in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act.
We use the following third-party services to operate SERVEOS:
Each provider operates under their own privacy policy and we have data processing agreements in place where required.
We retain data for as long as a Provider account is active. Upon account cancellation:
Providers are responsible for retaining records as required by NDIS rules (generally 7 years for financial records and 5 years for service records).
Under the Privacy Act 1988, you have the right to:
To exercise these rights, contact us at the email address below. We will respond within 30 days.
Note for Participants: If you are an NDIS participant whose information has been entered by a Provider, please contact your Provider directly regarding your information. Providers are the data controllers for participant information.
If you have a complaint about our handling of personal information, please contact us first. If we cannot resolve your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
We may update this Privacy Policy from time to time. We will notify Providers of material changes by email and by displaying a notice within the platform. Continued use of SERVEOS after changes constitutes acceptance of the updated policy.
For privacy enquiries, data requests, or complaints: