Privacy Policy — CareVoice NDIS | How We Protect Your Data

        Our core principle: Your invoices, participant data, and progress notes are stored locally on
        your device with AES-256 encryption. They are never uploaded to any cloud server or third-party
        service.
      

1. Who We Are

CareVoice ("we", "our", "us") is an Australian software application designed for NDIS (National Disability Insurance Scheme) support workers and small care providers. CareVoice enables users to generate compliant NDIS invoices from voice recordings.

Contact: jyong756@gmail.com

2. Data We Collect

2.1 Data Stored Locally Only (Never Uploaded)

The following data is stored exclusively on your device using AES-256 encryption (on mobile) or browser IndexedDB (on web). It is never transmitted to our servers or any third party:

Invoices (amounts, dates, billing codes, descriptions)
Participant information (names, NDIS numbers)
Progress notes generated by AI
PIN hash and salt (for app lock)
Offline voice recording queue

2.2 Data Stored in Firebase Cloud

If you sign in with Google, we store the following minimal profile data in Google Firebase (hosted in australia-southeast1):

Data	Purpose	Contains Health Data?
Email address	Account identification	No
Display name	Personalisation	No
Provider profile (name, ABN, rate)	Invoice generation	No
Invoice count	Freemium limit tracking	No
Subscription status (is_pro)	Feature access	No

No health data, no invoice content, no participant details, and no progress notes are ever stored in the cloud.

2.3 Voice Audio Processing

        Zero retention: Voice audio is transmitted to our backend server for AI processing (Google
        Gemini) and is processed in memory only. Audio data is never written to disk, stored in a
        database, or retained after the response is sent. The audio is destroyed immediately after processing.
      

3. How We Use Your Data

Voice recordings: Processed by Google Gemini AI to generate structured NDIS progress notes and billing codes. Destroyed after processing.
Profile data (cloud): Used to pre-fill invoice headers (provider name, ABN) and track your free invoice quota.
Invoice data (local): Used to display your invoice history and generate PDF tax invoices. Never leaves your device.
Email address: Used for Google Sign-In authentication and optional invoice email delivery.

4. Third-Party Services

Service	Purpose	Data Shared
Google Firebase Auth	User authentication (Google SSO)	Email, display name
Google Firebase Firestore	Profile backup (australia-southeast1)	Name, ABN, rate, invoice count
Google Firebase Analytics	Anonymous usage analytics	App events (no PII)
Google Gemini AI	Voice-to-text and note generation	Audio (in-memory only, zero retention)
Resend	Invoice email delivery (optional)	Recipient email, PDF attachment

5. Data Security

Local storage: AES-256 encryption on Android devices. Browser-sandboxed IndexedDB on web.
Transport: All network communication uses HTTPS/TLS encryption.
Authentication: Firebase Auth with Google SSO. No passwords stored.
Backend: Secured with Firebase Admin SDK token verification, CORS allowlist, rate limiting (10 requests per 15 minutes), and Helmet security headers.
PIN protection: Optional 6-digit PIN with salted SHA-256 hashing. PIN data stored locally only.

6. Data Retention

Voice audio: Zero retention. Processed in-memory and destroyed immediately.
Local data (invoices, participants, notes): Retained on your device until you delete them or clear app data.
Cloud profile data: Retained until you delete your account via the app.

7. Your Rights

Under the Australian Privacy Act 1988 and Australian Privacy Principles (APPs), you have the right to:

Access: View all your data via the app (Profile, Invoice Vault, Participants screens).
Correction: Edit your profile via Profile > Edit Profile.
Deletion: Delete your account and all cloud data via Profile > Delete Account & Data. Local data is cleared simultaneously.
Data portability: Export invoices as PDF at any time.
Withdraw consent: Sign out at any time. Your local data remains on your device.

8. NDIS and Health Data

CareVoice is designed for NDIS support workers to generate invoices. Participant names and NDIS numbers are collected for invoice purposes only and are stored exclusively on your device. Progress notes may contain health-related observations and are also local-only.

We comply with the Australian Privacy Act 1988, including the enhanced protections for health information under APP 3.3 and the NDIS Practice Standards for information management.

9. Children's Privacy

CareVoice is designed for adult NDIS support workers and is not intended for use by children under 18. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

Email: jyong756@gmail.com
App: Profile > Privacy Policy