Minikai Logo
Sign in

Privacy Policy

Version: 1 October 2025

Minikai Pty Ltd (ABN 32 674 548 577) (referred to in this Privacy Policy as Minikai, we, our or us) is committed to protecting the privacy of individuals whose Personal Information we handle. We provide a secure software-as-a-service (SaaS) platform to aged care and disability providers in Australia and New Zealand.

This Privacy Policy sets out how we collect, use, disclose, and protect Personal Information in accordance with the Privacy Act 1988 (Cth) (Australian Privacy Act) and the Australian Privacy Principles (APPs), as well as the Privacy Act 2020 (NZ) (NZ Privacy Act) and the Information Privacy Principles (IPPs).

By using Minikai's services or providing Personal Information to us, you acknowledge and agree to the terms of this Privacy Policy.

Introduction

Minikai provides a secure cloud-based platform (the Platform) that enables Customers (care providers) to record, manage, and share information about the Care Recipients they support. In doing so, we handle Personal Information and Sensitive Information of both Customers and Care Recipients. We are committed to managing that information responsibly, in line with applicable privacy laws and the consent given by individuals and their Authorised Representatives.

Definitions

Capitalised terms and expressions used in this Privacy Policy but not otherwise defined have the meanings given to them in this section, unless the context requires otherwise.

  • APPs means the Australian Privacy Principles set out in the Australian Privacy Act, as amended from time to time.
  • Australian Privacy Act means the Privacy Act 1988 (Cth), as amended from time to time.
  • Authorised Representative means a parent, guardian, enduring or medical power of attorney, or another person who is legally authorised to provide consent on behalf of a Care Recipient.
  • Care Recipient means any individual whose Personal Information is collected, stored, or otherwise managed on the Platform by a Customer, including (without limitation) individuals receiving care, services, or other forms of support from that Customer.
  • Customer means any organisation, entity, or individual that registers for, subscribes to, purchases, or otherwise uses Minikai's services, whether directly or through an authorised representative. This includes, without limitation, aged care providers, disability service providers, and similar users of our services.
  • IPPs means the Information Privacy Principles set out in the NZ Privacy Act, as amended from time to time.
  • NZ Privacy Act means the Privacy Act 2020 (NZ), as amended from time to time.
  • Personal Information has the meaning given in the Australian Privacy Act and the NZ Privacy Act. In this Privacy Policy, it generally refers to information or an opinion about an individual who is identified, or reasonably identifiable. This may include, without limitation, contact details, account information, health information, disability information, and care needs. For the avoidance of doubt, Personal Information includes Sensitive Information.
  • Platform means Minikai's SaaS solution, including its software, systems, applications, websites, mobile applications, integrations, and any related technologies, updates, enhancements, or services made available by Minikai from time to time.
  • SaaS means software-as-a-service, being a software licensing and delivery model in which software is provided on a subscription basis and hosted by Minikai or its service providers.
  • Sensitive Information means a category of Personal Information that is given additional legal protection under the Australian Privacy Act and the NZ Privacy Act. It includes, without limitation, health information, disability information, care needs, and any other information considered sensitive under applicable privacy laws (such as racial or ethnic origin, religious beliefs, sexual orientation, or criminal history).

What Information We Collect

The Platform may be used by Customers to collect, store, and share the following types of Personal Information and Sensitive Information about Care Recipients:

  • Identifying details: name, date of birth, gender, address, contact details, ethnicity, sexual orientation, cultural background, language preferences, next of kin, and emergency contacts.
  • Health and medical information: diagnoses, medical history, medications, allergies, test results, clinical notes, treatment plans, referrals, imaging and laboratory reports.
  • Care and support needs: disability information, aged care assessments, daily living assistance, support plans, behavioural support records, incident reports, and progress notes.
  • Personal and social information: family details, relationships, living arrangements, employment or education history, lifestyle preferences, communication preferences, religious or spiritual beliefs (where relevant to care).
  • Legal and administrative information: Medicare/NHI number, health insurance details, guardianship or power of attorney documents, advance care directives, consent records, funding and service agreements.
  • Financial information: billing details, payment records, government subsidies or funding (for example, NDIS, My Aged Care, ACC in New Zealand).
  • Multimedia records: photographs, audio or video recordings for identification, care planning, or clinical purposes.
  • Technology and usage data: information about how Care Recipients or their representatives interact with the Platform (for example, log-in activity, device details, and communications exchanged).
  • Other information: any other information, documentation, or materials reasonably required by care providers to deliver, coordinate, or manage care.

Minikai collects and handles this information on behalf of Customers and Care Recipients as part of hosting the Platform. We recognise that Care Recipient data may be comprised of Sensitive Information, and we treat it with strict confidentiality and robust security measures. It will only be collected where relevant to the provision of care, required by law, or where appropriate consent has been provided.

How We Collect Information

We collect Personal Information and Sensitive Information in several ways:

  • Directly from Customers: When a Customer signs up for our services or uses the Platform, they may provide us with Customer and Care Recipient information (for example, by entering data into the Platform or contacting us for support).
  • From Care Recipients or their Authorised Representatives: In some cases, a Care Recipient or their Authorised Representative may provide information directly (for example, by completing a form linked to the Platform or supplying documents to their Care Provider). In these cases, we collect that information on behalf of the relevant Customer.
  • Automatically through use of the Platform: When Customers use the Platform, we may automatically collect certain technical data (such as usage logs, device information, and IP addresses) to maintain performance, support functionality, and enhance security. This data is not ordinarily used to identify individuals and is analysed only in aggregate form for trends, system monitoring, and improvements.
  • From third-party integrations: If Customers connect other software, applications, or systems with the Platform, we handle the integrated information in accordance with this Privacy Policy and applicable privacy laws.
  • Change of Care Provider: Where a Care Recipient changes from one Customer to another (for example, moving to a new care provider or being referred to another service), their existing Personal Information and Sensitive Information stored in the Platform may be made available, or transferred to, the new Customer. Such transfers will only occur where permitted under applicable privacy laws and subject to the necessary consent arrangements.

We handle Personal Information and Sensitive Information only where permitted by applicable privacy laws. This may include where the handling is necessary for providing our services to Customers, required by law, based on consent, or otherwise authorised under the Australian Privacy Act or the NZ Privacy Act.

Unsolicited Information

If we receive Personal Information or Sensitive Information that we did not request and that is not reasonably necessary for our services or the services provided by Customers, we will securely delete or de-identify it, provided it is lawful and reasonable for us to do so.

Anonymity and Pseudonymity

Where practicable, individuals have the option of not identifying themselves, or of using a pseudonym when dealing with us (for example, when making a general enquiry). However, due to the nature of our services, we will usually need certain Personal Information (such as names and contact details) to provide effective support or access to the Platform.

Cookies and Similar Technologies

We use cookies and similar technologies to enhance, personalise, and secure your experience with our website and the Platform. Cookies are small data files placed on your device when you visit our site.

  • Session Cookies: Temporary cookies that are essential for the operation of our site and for keeping you logged in. These are deleted once you close your browser.
  • Preference Cookies: Cookies that remember your settings and preferences (such as language or layout choices) to improve your experience.
  • Analytics Cookies: Cookies that help us understand how users interact with the Platform. They collect information such as which pages are visited and any errors encountered, which we use to improve our services.

We do not store Sensitive Information or health data in cookies. We may also use third-party analytics services that rely on cookies or similar tools to gather usage statistics, but these services are only permitted to collect non-identifiable, non-sensitive information.

You can disable or block cookies at any time through your browser settings. Please note, however, that some features of our site and the Platform may not function properly if cookies are disabled, particularly those required for login or other core functions.

Disclosure of Information

Minikai does not sell Personal Information or Sensitive Information to anyone. We only disclose such information outside of Minikai in limited circumstances, including:

  • Other Health and Care Providers: We may disclose Personal Information and Sensitive Information to other health and care providers directly involved in a Care Recipient's care, including doctors, specialists, hospitals, allied health professionals, aged care providers, and disability service providers. This may also include potential providers, where disclosure is reasonably necessary to determine their ability to provide appropriate care.
  • Emergency Situations: We may disclose Personal Information and Sensitive Information to emergency services or other relevant organisations where reasonably necessary to protect the life, health, or safety of a Care Recipient or others.
  • Regulators, Government Agencies, and Funding Authorities: We may disclose Personal Information and Sensitive Information where required by law or regulation, including to regulators, law enforcement, or government agencies. This may include disclosures for compliance with aged care, disability, or public health reporting obligations, or to funding authorities such as NDIS, My Aged Care, or ACC for claims and subsidy purposes.
  • Minikai Staff: Our staff may access Personal Information and Sensitive Information where required to operate, maintain, and support the secure functioning of the Platform (for example, system troubleshooting or technical support). Access is strictly limited to authorised personnel, subject to confidentiality obligations, and monitored through internal controls.
  • Service Providers (Sub-processors): We may engage trusted third parties to support our business operations (for example, cloud hosting providers, analytics tools, and customer support systems). These providers may handle Personal Information on our behalf, but only for our purposes and under our instructions. They are bound by confidentiality obligations and must comply with privacy standards equivalent to ours. Where a provider is located outside Australia or New Zealand, we take additional measures as described in the Data Sovereignty and Cross-Border Protection section.
  • Change of Care Provider: Where a Care Recipient moves from one Customer to another, their existing Personal Information (including Sensitive Information) stored in the Platform may be made available to the new Customer. Such transfers will only occur where permitted under applicable privacy laws and in accordance with the Care Recipient's valid consent form or equivalent authorisation.
  • Business Transactions: If Minikai is involved in a business transaction such as a merger, acquisition, or sale of part or all of our company, Personal Information (including Sensitive Information) may be transferred to the relevant parties as part of that process. In such cases, we will ensure that any recipients of the information are required to protect it in line with this Privacy Policy and applicable law.

How We Use Information

We use the Personal Information and Sensitive Information we collect to operate, maintain, and improve our services, to support the delivery of care, to communicate with Customers, Care Recipients and their Authorised Representatives (where appropriate), and to meet our legal and regulatory obligations. Key purposes include:

  • Providing and improving services: To set up and manage Customer accounts, authenticate users, deliver the core features of the Platform, and ensure its security. We also analyse service usage (in an aggregated, non-identifiable form) to improve the Platform and develop new features.
  • Supporting care delivery: To record, monitor, and update Care Recipients' care, and to share information with other health and care providers (including potential providers) where necessary to coordinate care, manage referrals or handovers, or confirm their ability to deliver services.
  • Communications and support: To communicate with Customers, and where appropriate with Care Recipients or their Authorised Representatives, regarding service updates and to provide support (such as responding to enquiries, resolving technical issues, or assisting with consent or access requests).
  • Funding and administration: To support funding, billing, subsidy, and reimbursement processes, including NDIS, My Aged Care, ACC, and private health insurance.
  • Quality and training: To conduct audits, quality assurance, service improvement, and safety monitoring activities. To train and support care provider staff (using de-identified information where possible).
  • Compliance and protection: To comply with legal obligations (for example, health record-keeping requirements, aged care and disability reporting), and to enforce contractual terms. We may also use information to detect, investigate, and prevent fraud, misuse of the Platform, or other unlawful activity.
  • Marketing (opt-in): We may use Customer contact details to send updates about new features or services relevant to the Platform. These communications are optional, and Customers can opt out at any time. We do not use Care Recipient Personal Information for marketing purposes.

Data Security

We implement a range of security measures to protect Personal Information from misuse, loss, unauthorised access, modification, or disclosure. These measures include encryption of data (both in transit and at rest), strict internal access controls, and regular security testing of our systems.

While no method of electronic storage or transmission is completely secure, we continually update our safeguards to align with industry best practices. Customers remain responsible for ensuring they have obtained the necessary consent or authorisation before uploading Personal Information or Sensitive Information into the Platform.

Data Sovereignty and Retention

Data Location: Minikai stores Personal Information on secure servers located in Australia. For our New Zealand Customers and Care Recipients, this means your data may be stored in, or accessed from, Australia.

Cross-Border Data Protection (New Zealand): Consistent with the NZ Privacy Act and specifically IPP 12, we take particular care when Personal Information is disclosed outside New Zealand. We will only disclose Personal Information to an overseas recipient if at least one of the following applies:

  • The recipient is subject to the NZ Privacy Act (for example, an overseas company carrying on business in New Zealand).
  • The recipient is subject to privacy laws that provide comparable safeguards (for instance, Personal Information stored in Australia is protected under the Australian Privacy Act).
  • We have a contractual agreement requiring the recipient to protect the Personal Information to standards equivalent to New Zealand law.
  • If none of the above apply, disclosure will only occur with the express, informed consent of the individual (or their Authorised Representative), after explaining that the information may not be protected to the same extent in the recipient's jurisdiction.

We apply similar safeguards for cross-border disclosures of Australian Personal Information, in accordance with the APPs. Where we transfer Personal Information overseas, we remain responsible under the APPs for ensuring it is handled consistently with this Privacy Policy.

Data Retention: We retain Customer Personal Information for as long as the Customer's subscription remains active, or as otherwise directed by the Customer, unless a longer retention period is required by law.

We retain Care Recipient Personal Information and Sensitive Information for as long as the Care Recipient continues to receive treatment, care, or support from a Customer using the Platform, unless a longer retention period is required by law. When a Care Recipient is no longer supported by a Customer using the Platform, their Personal Information will be deleted, de-identified, or returned to the Customer, subject to any legal obligations to retain records. Residual copies of data may remain in backup systems for a limited period for security and disaster recovery purposes, after which they are securely overwritten.

If a specialised service provider located overseas (for example, an after-hours technical support vendor) is engaged, we will obtain the Customer's consent (and, where required, the consent of affected individuals) before granting access to Personal Information. In all cases, such providers will be bound by contractual terms requiring compliance with safeguards equivalent to those under the APPs and the NZ Privacy Act.

All subprocessors engaged by Minikai are bound by written agreements requiring compliance with privacy and security obligations equivalent to those set out in this Policy.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services or legal obligations. If we make a significant change, we will notify Customers (for example, by email or via a notice in the Platform). The "Last updated" date at the top of this page shows when it was most recently revised. We encourage you to check back periodically to review updates.

Contact, Your Rights and Complaints

You have certain rights regarding your Personal Information under privacy laws, including the Australian Privacy Act and the NZ Privacy Act. These rights include:

  • Access: You can request a copy of the Personal Information we hold about you, unless legal exceptions apply.
  • Correction: You can ask us to correct or update any Personal Information you believe is inaccurate, out of date, or incomplete.
  • Object to processing: You may object to specific uses of your Personal Information, such as direct marketing, and we will respect such requests wherever possible.
  • Withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time, and we will stop the processing (where feasible).
  • Data portability: You may request a copy of the Personal Information you have provided to us in a structured, commonly used, machine-readable format, where this is technically feasible.

If you have any questions, wish to exercise your rights, or would like to make a complaint, please contact our Privacy Officer at privacy@minikai.com. We typically respond within 30 days.

If you are not satisfied with our response, you may escalate your concern to the Office of the Australian Information Commissioner (OAIC) in Australia or the Office of the Privacy Commissioner in New Zealand. We will cooperate fully with the relevant authority to resolve your concerns.

Contact us

We're here to help you

Our dedicated team is here to ensure you feel completely confident using Minikai.

Sales

Our team is ready to chat about how Minikai fits your needs, from pricing and plans to a live demo.

Start the conversation

Help Desk

Whether you need a quick answer, help resolving an issue, or want to share valuable feedback.