Data Processing Agreement

Effective date: 1 January 2025. This Data Processing Agreement (DPA) applies when AuditCore processes personal information on your behalf as a data processor under the Australian Privacy Act 1988 (Cth).

1. Roles and Responsibilities

As an NDIS provider, you are the data controller — you determine what participant and worker data is collected and why. AuditCore is the data processor — we process that data on your instructions to provide the platform service.

2. What We Process

• Participant names, NDIS numbers, and plan details
• Support plans and case notes
• Incident and complaint records
• Worker names, contact details, and screening check records
• Organisational compliance data

3. Our Processing Obligations

• Process data only on your documented instructions
• Ensure all personnel are bound by confidentiality obligations
• Maintain appropriate technical and organisational security measures
• Assist you in responding to participant access and correction requests
• Delete or return all personal data upon termination of the agreement
• Notify you of any personal data breach within 72 hours of becoming aware

4. Sub-processors

AuditCore uses the following sub-processors: DigitalOcean (hosting and managed database, Australia), Anthropic (AI document generation — data is not stored or used for training). We will notify you of any changes to sub-processors with 30 days notice.

5. Contact

For DPA-related enquiries, contact info@auditcore.com.au.