Skip to content
d
disabilityschemechanges

Privacy Policy

Last updated: 26 April 2026

What we collect when you use the tool

If you complete the wizard but don't submit your email, we don't store anything that identifies you. The wizard runs entirely in your browser. If you submit your email — to receive updates or download the PDF — we store: your email, your first name (if you provided one), your postcode (optional), the wizard answers you gave, and the derived risk band from those answers.

Technical metadata

Alongside any email submission we also store technical metadata: a one-way hash of your IP address (rotated daily, so it cannot be reversed back to an IP), a coarse user-agent class (e.g. mobile-ios, desktop-mac), the timestamp of your submission, and — if you arrived from a partner-co-branded link — the partner identifier. This metadata is used for rate-limiting, security, and aggregate analytics. We never store your raw IP address or your full user-agent string. We never use this metadata to identify you individually.

How we use it

Your email address is used solely to send you updates about NDIS eligibility rule changes — no more than once a month. We do not use your email for advertising, outbound sales, or any commercial purpose. Your wizard answers, postcode, and metadata are used to (1) tailor the email content (e.g. NSW-specific updates if you're in NSW), and (2) build aggregate, anonymised insights about how the changes are affecting different cohorts. Aggregate insights are only published with N≥10 in any segment, and only as anonymised counts — never individual data.

Where it's stored

Your information is stored in a Supabase Postgres database hosted in the Sydney region (Australia). Supabase is the managed-database service we use; data does not leave Australian soil. We do not sell, rent, or share your information with any third party for commercial purposes.

How long we keep it

We keep your information for as long as you remain subscribed. You can unsubscribe at any time using the link in any email, or by emailing hello@callcleo.app. On unsubscribe, your email and personal fields are deleted; anonymised survey data (your answers without identifiers) may be retained for aggregate analysis.

Analytics

This site uses Plausible Analytics (a privacy-friendly, cookie-free analytics service compliant with the Australian Privacy Act). We may also use Google Analytics 4 with IP anonymisation enabled and no advertising features. Neither service identifies individual users. We do not use cross-site tracking.

Bot protection

Our submission forms include a hidden honeypot field and per-IP rate limiting to prevent automated abuse. These measures use the same hashed IP described above and store no additional personal information.

Your rights

Under the Australian Privacy Act 1988, you have the right to access, correct, or delete personal information we hold about you. To exercise these rights, email hello@callcleo.app and reference the email address you used.

Contact

Privacy queries: hello@callcleo.app