Privacy Policy

Effective date: 21 April 2026
Last updated: 21 April 2026

NDIStress (“we”, “us”, “our”) is committed to protecting the privacy of members, lecturers, and visitors. This Privacy Policy explains how we collect, use, disclose and store your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Who we are

NDIStress is an Australian provider of NDIS governance, compliance and education services. You can contact us at info@ndistress.com.au or via our contact page.

2. What information we collect

We only collect personal information that is reasonably necessary to provide our services. This may include:

  • Account data — name, email, password (hashed), role, date of registration.
  • Billing data — billing address, GST registration status. Credit card details are never stored on our servers; they are handled directly by Stripe (see Section 6).
  • Membership activity — current plan, subscription status, renewal dates, invoices.
  • Booking data — lecturer selected, session date and time, topic/notes you provide, attendance status.
  • Learning activity — videos watched, playback progress, quiz results, NDIS Stress Check responses.
  • Technical data — IP address, browser type, referring page, session cookies, and abuse-prevention records (rate-limit counters).
  • Support correspondence — emails, form submissions, support tickets.

3. How we collect it

We collect information directly from you when you register, subscribe, book a session, complete the Stress Check, or contact us. Technical data is collected automatically by our servers and cookies. Payment metadata is relayed back to us by Stripe after you complete a transaction.

4. Why we collect it (purpose and legal basis)

We use your personal information to:

  • Create and manage your account and membership.
  • Process payments, issue tax invoices and manage subscriptions.
  • Schedule, confirm and run one-on-one consultations with lecturers.
  • Deliver the video library and track your educational progress.
  • Send transactional emails (receipts, reminders, cancellations).
  • Respond to enquiries and provide customer support.
  • Maintain the security of the platform and investigate abuse.
  • Comply with Australian taxation, consumer protection and record-keeping laws.

We do not use your information for automated decision-making that would produce a legal or similarly significant effect on you.

5. Marketing communications

We may send you occasional updates about new plans, lecturers, or training content. Every marketing email contains a one-click unsubscribe link. You can also opt out at any time by emailing info@ndistress.com.au. Transactional emails (receipts, booking confirmations, password resets) will continue because they are necessary to provide the service.

6. Payment processing (Stripe)

All payments are processed by Stripe Payments Australia Pty Ltd. When you enter card details, they are submitted directly to Stripe over an encrypted connection and never touch our servers. We only store the Stripe customer ID, payment intent ID, and the last four digits of the card (where returned by Stripe) for reconciliation and refunds. Stripe’s privacy practices are governed by its own privacy notice.

7. Third parties we share with

We do not sell personal information. We share data only with processors that help us operate the service:

  • Stripe — payment processing.
  • Email delivery provider — sending transactional and marketing emails.
  • Hosting provider — storage of our database and application servers in Australia.
  • Professional advisers — accountants, auditors, or lawyers, where strictly necessary.
  • Government or law enforcement — where we are required by Australian law.

8. International transfers

Some of our processors (notably Stripe) may process data outside Australia. Where this occurs, we rely on the contractual and technical safeguards offered by those providers. We will take reasonable steps to ensure that any overseas recipient handles your personal information in a manner consistent with the APPs.

9. Cookies and similar technologies

We use a small number of cookies:

  • Essential cookies — login session, CSRF/nonce tokens, shopping/booking state. These cannot be disabled without breaking the service.
  • Analytics cookies — if enabled, these help us understand aggregate usage. Analytics can be disabled via your browser settings.

10. Security

We protect personal information with reasonable technical and organisational measures, including TLS/HTTPS, hashed passwords, signed video stream tokens, rate limiting, server-side input validation, and least-privilege access for staff. Despite our best efforts, no system is perfectly secure; if we become aware of a data breach that poses a likely risk of serious harm we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme.

11. How long we keep your data

  • Account and membership records: while your account is active, plus 7 years to meet Australian tax and record-keeping obligations.
  • Booking and attendance records: 7 years.
  • Video progress logs: until you delete your account.
  • Support correspondence: up to 3 years.
  • Server logs: up to 90 days.

12. Your rights

Under the APPs you have the right to:

  • Ask what personal information we hold about you.
  • Request that we correct information that is inaccurate or out of date.
  • Request deletion of your account (subject to legal retention obligations).
  • Withdraw consent to marketing at any time.
  • Make a privacy complaint.

To exercise any of these rights, email info@ndistress.com.au. We will respond within 30 days.

13. Complaints

If you are not satisfied with our handling of a privacy issue, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.

14. Children

NDIStress services are intended for adults 18 years or older. We do not knowingly collect personal information from children under 18. If you believe a minor has provided us information, please contact us and we will delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the latest revision. Material changes will be notified to registered members by email at least 14 days before they take effect.

16. Contact

For all privacy-related enquiries:
Email: info@ndistress.com.au
Web: Contact form