Medinex

Privacy Policy

Last updated: 02/04/2026

Privacy Policy

Last Updated: 01/03/2026

1. Introduction

Medinex Pty Ltd ("we", "us", "our") is committed to protecting the privacy of personal and sensitive information. As a provider of SaaS solutions for the National Disability Insurance Scheme (NDIS) sector, we understand the importance of data security. This policy outlines how we collect, use, store, and disclose your information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

To provide our services, Medinex collects:

  • Personal Information: Names, email addresses, phone numbers, and job titles of NDIS provider staff.
  • Sensitive Information: Health records, disability status, NDIS participant numbers, and support plan details uploaded by our users.
  • Financial Information: Payment details for subscription billing and bank details for NDIS claim processing.

3. Purpose of Collection

We collect this information strictly to:

  • Provide and maintain the Medinex SaaS platform.
  • Facilitate NDIS plan management and provider claims.
  • Ensure compliance with NDIS Quality and Safeguards Commission requirements.
  • Provide technical support and platform updates.

4. Data Storage and Sovereignty

All data managed by Medinex is stored on secure servers located within Australia. We do not transfer sensitive NDIS participant data outside of Australian jurisdiction, ensuring full compliance with government data residency expectations.

5. Disclosure of Information

We do not sell your data. We only disclose information:

  • To the National Disability Insurance Agency (NDIA) for claim processing.
  • To authorized third-party sub-processors (such as cloud hosting or payment gateways) who assist in running the platform.
  • When required by law or a court order.
  • To NDIS auditors during a provider’s certification or mid-term audit (with your permission).

6. Data Security

Medinex employs industry-standard security measures, including:

  • Encryption: Data is encrypted using AES-256 at rest and TLS 1.2+ in transit.
  • Access Control: Multi-Factor Authentication (MFA) is required for all administrative access.
  • Monitoring: Continuous monitoring for unauthorized access or data breaches.

7. Access and Correction

Under the APPs, you have the right to access the personal information we hold about you and request corrections. Please contact our Privacy Officer at privacy@medinex.com.au to make a request.

8. Complaints

If you believe we have breached the Australian Privacy Principles, please contact us at our registered address:

Medinex Pty Ltd
Unit 2, 118 Cross Road,
Malvern, SA 5061

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).