Dibs APP PRIVACY POLICY

WHO WE ARE AND WHAT WE DO

The Dibs App website, website application and data-collection service found at https://dibsapp.net/ (the Dibs App) is owned and operated by Eddie Drury - Positive Behaviour Support Pty Ltd (ABN 41 653 296 130) (we, us, our).

We provide data collection services via the Dibs App to help people with disability and their support team to collect, store and access critical data and information relevant to their support needs.

In this Privacy Policy, “you” and “your” refers to you, the person with disability, subscriber, visitor, customer or user of our website or the Dibs App.

This privacy policy explains how we collect, use, store and protect all private information, including personal and sensitive information. The primary purpose of the Dibs App is to collect and store information according to your instructions. In operating the Dibs APP, we follow and comply with Australian privacy laws to make sure we are doing the right thing with your information.

WE VALUE YOUR PRIVACY

We are committed to protecting your privacy and the privacy of all users of the Dibs App and our website. When you use our website or the Dibs App or get in touch with us, you may provide information to us that is classified as “personal information” and “sensitive information” under the Privacy Act 1988 (Cth). By “personal information,” we mean anything that could identify you, including your name, email address, phone number, or your IP address when you visit our website. By “sensitive information”, we mean sensitive information about an individual’s personal characteristics, as defined in the Act. Information that falls in these classifications may include:

  • information regarding behaviours of concern;
  • health information;
  • types and times of personal support received by Dibs App users; and
  • use of regulated restrictive practices.

Although the Dibs App is not a registered NDIS Provider, we observe relevant aspects of the NDIS Code of Conduct and the NDIS Practice Standards relating to privacy and dignity, ensuring that people with disability have control over their personal information. We handle information about regulated restrictive practices in accordance with relevant NDIS Quality and Safeguards Commission requirements.

We understand that you may authorise people in your support team to upload information to the Dibs App on your behalf. If so, we may ask that person to demonstrate to us that they have your clear consent to do so.

If you are uploading personal or sensitive information to the Dibs App on behalf of another person, our terms of use require you to obtain that person’s explicit agreement to the collection, storage and sharing of their personal and health information for the purpose of positive behaviour support. If you are uploading information on behalf of a child, you confirm that you are that child’s parent or guardian, or that you have obtained consent from the child’s parent or guardian to use the Dibs App on their or their child’s behalf.

We take all reasonable steps to protect information uploaded to the Dibs App from misuse, loss or unauthorised access. We do this by implementing strong security measures, including encryption and access controls. We will never knowingly disclose any information uploaded to the Dibs App without the information owner’s prior written consent, unless required by law to do so.

THE INFORMATION WE COLLECT TO OPERATE THE DIBS APP

When you (or a support worker that you have authorised to act or provide information on your behalf) register an account, use the Dibs App to collect or store information or otherwise purchase or access a service from us, we may collect personal or sensitive information from you or your support team, including information in relation to positive behaviour support and other details including:

  • your name, email address, and phone number;

  • the names and contact details of other people that you have authorised to access your data file, in which case we assume you have obtained their written consent to disclose their name to us, and that you will produce a copy of that consent on request;

  • billing and shipping addresses; and

  • subscription preferences and purchase history.

Whenever you or your authorised support worker provide information to us, you agree that you are consenting to the information being used in the ways described in this privacy policy.

When we process payment for your subscription, we use trusted third-party payment processors (like Stripe or PayPal) to handle your payment details. We may receive transaction confirmations and payment status updates from our payment processors, but we do not store your full credit card details on our systems or in our files, because these are securely handled by our payment processors.

OTHER INFORMATION WE MIGHT COLLECT

We may also collect information required to operate the Dibs App, which includes:

  • processing subscriptions and subscription payments;

  • registering user accounts;

  • managing access to user accounts; and

  • keeping you updated about what we do, including sending you marketing emails if you’re happy to receive them.

From time to time, we may collect other information about you, that may or may not be “personal” or “sensitive” information under Australian privacy law. That information may include:

  • information you give us when you contact us for customer service reasons, such as to request support for the Dibs App;

  • your preferences for accessing the Dibs App;

  • website usage information (such as which products and user accounts you view);

  • your purchase history, to help with customer service and legal requirements;

  • financial records as required by Australian tax law; and

  • information from public sources when relevant.

Usually, you give us this information directly when you make a purchase, call us, email us, or fill out forms on our website.

STORING YOUR INFORMATION

We store your information in a way that reasonably protects it from unauthorised access, misuse, modification or disclosure, including by encrypting and controlling access to the information.

When a new Dibs account is created, the account creator will automatically be given “Master Access”.

Any user with Master Access can:

  • read all personal information;

    • delete all personal information;

    • give other users access to write, read, edit and delete personal information; and

    • give other users Master Access.

When registering a client record, the person creating the record identifies their relationship to the client as one of: (a) the client themselves, (b) the client’s legal guardian or substitute decision-maker, or (c) a third party (such as a Positive Behaviour Support practitioner) acting with the written consent of the client or their guardian. Different consent requirements apply to each category. You agree that you have selected the correct category and that the consents you provide on registration are accurate. We may require evidence of consent or guardianship authority at any time.

When a Dibs App account is deleted or dormant for more than 24 months, all personal information associated with an account where you are the only user with Master Access may be archived or removed from the Dibs App. When permitted by all overriding legal requirements, the data may be destroyed.

Alternatively, you can choose to manually delete any information for which you have Master Access, before deleting your account.

We also retain encrypted backups of App data for up to 24 months for security and disaster recovery purposes (for example, to enable recovery from a cyber attack). Backups are taken daily, stored separately from the live App on encrypted media with keys held by us, and are not used to respond to access or restoration requests. Deleted records remain in backups until those backups are rotated out, after which they are no longer recoverable.

ANONYMOUS DATA-ENTRY LINKS

A user with Master Access may choose to enable an anonymous data-entry link for a client record. When enabled, a person with the link can enter data into the client’s record and view the client’s name, scheduled shifts and the categories of data being collected, without creating an account. The Master Access user controls whether the feature is enabled, who they share the link with, and can disable or regenerate the link at any time.

The Master Access user is responsible for obtaining all required consents and for the distribution of the link. We recommend that anonymous links are only used where appropriate to the sensitivity of the information involved, and that the Master Access user regenerates the link periodically and whenever a previously authorised person no longer requires access.

SHARING YOUR INFORMATION

We will never use or share your personal information except as described in this policy, unless you have agreed, or we are required to by law.

We may share information with trusted service providers who help us run our business, which may include

  • payment processors that we use to process your payments securely;

  • email service providers to send you order confirmations and updates;

  • information technology service providers; and

  • website hosting and analytics providers to keep the Dibs App and website running and understand how the Dibs App and website are used.

These companies can only use your information to provide services to us. They cannot use your information for their own purposes.

Some of our service providers (like payment processors) may be located overseas. When this happens, we make sure they protect your information properly or have similar privacy protections to Australia. All information collected and stored on the Dibs App is stored on servers in Australia.

However, we are not responsible for how other websites and service providers handle your information, even if you communicate with them through links on our site. In this case, the website or service provider’s privacy policy will apply.

Apart from business reasons as set out above, we will only share your information if reasonably required, such as:

  • to prevent injury or protect health and safety;

  • to investigate suspected illegal activity; or

  • to comply with legal requirements, like tax obligations or court orders.

NOTIFIABLE DATA BREACHES

If the Dibs App experiences a data security breach that may result in serious harm to individuals, we will, as soon as practicable:

  • notify the relevant government authority and all affected individuals; and
  • comply with all legal obligations to address the data breach.

WE MAY SEND YOU EMAIL INFORMATION, UPDATES AND NEWSLETTERS

If you agree to receive emails from us, we may use your information to send you:

  • order confirmations and access updates;

  • maintenance and outage details and reminders;

  • newsletters and updates about new products or services; and

  • special offers and business news.

You can opt out of marketing emails at any time by clicking unsubscribe in any email we send you or letting us know and we’ll stop sending them. You will still receive important emails about subscriptions or services that you have purchased from us.

HOW WE PROTECT AND STORE YOUR INFORMATION

We may keep your information for the period of time required for tax or legal purposes. We will always take reasonable efforts to protect it from being misused, lost, or accessed by people who shouldn’t have it, including the following steps:

  • using technical security measures (such as encryption) and organisational measures (such as educating our staff) to protect your information;

  • handled payment details using secure, industry-standard payment processors, and ensuring we don’t store credit card details on our systems;

  • regularly reviewing our security measures, to make sure they are as effective as possible; and

  • using SSL encryption to protect information you send to us.

When we no longer need or are required to store your information, we’ll either delete it securely or remove anything that could identify you.

We don’t currently use computer systems or artificial intelligence to make decisions that significantly affect you, though our payment processors may use automated fraud detection.

YOU CAN SEE OR UPDATE YOUR INFORMATION

You can ask us for a copy of the information we have about you at any time.

If you notice that our information about you is wrong, incomplete, or out of date, please let us know and we’ll fix it. We won’t charge you to access your information, but we may charge a small administrative fee if you want us to provide a copy. We will let you know about any fees before we process your request, and we may need to verify who you are before releasing your information.

COOKIES

Cookies are tiny files that our website puts on your computer to help remember things about your visit and make the website work better for you.

We use cookies to improve your experience on our website and to understand how people use our site.

If this concerns you, most web browsers let you control cookies. You can usually find these settings in your browser’s privacy or security options.

UPDATES, QUESTIONS AND CONCERNS

If we discover that your personal information has been accessed or used inappropriately in a way that may seriously harm you, we will let you know as soon as we reasonably can.

We may update this privacy policy from time to time. We will always post the latest version on our website. If we make significant changes, we’ll try to let you know where we reasonably can.

If you have any questions about this privacy policy or how we handle your personal information, please contact us here. If you need this policy in an alternative format, please contact us.

If you’re not happy with how we’ve handled your privacy concern, you can also contact the Office of the Australian Information Commissioner:

  • Website: www.oaic.gov.au

  • Phone: 1300 363 992

  • Email: enquiries@oaic.gov.au

Effective date: 18 March 2026