Here to help.
Email
Terms & Conditions
Office
700 Swanston Street,
Carlton Victoria 3053
Carlton Victoria 3053
Here to help.
Privacy Policy
Minikai Pty Ltd ABN 32 674 548 577
Minikai Pty Ltd (ABN 32 674 548 577) - referred to as “Minikaiˮ, “weˮ, or “usˮ – is committed to
protecting the privacy of all individuals whose personal information we handle. We provide a software-
as-a-service platform to aged-care and disability providers in Australia and New Zealand. This Privacy
Policy explains how we collect, use, disclose, and protect personal information in alignment with the
Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as New Zealandʼs Privacy
Act 2020 and its Information Privacy Principles (IPPs).
By using Minikaiʼs services or providing personal information to us, you agree to this Privacy Policy. If
you have any questions, please contact us using the details in Section 9
1. Introduction
Minikai is a SaaS provider for aged-care and disability services. We handle personal information from
customers and care recipients in Australia and New Zealand, and we comply with relevant privacy laws
in both jurisdictions. This policy outlines our practices and commitments regarding your personal
information.
2. Definitions
Customer: An organisation or individual who has a subscription or account with Minikai to use our
services. This typically includes aged-care providers, disability service providers, or similar entities.
Care-Recipient: An individual receiving care or services from a Customer, whose personal information
may be entered into the Minikai platform by the Customer (for example, a patient or client of the
provider).
Personal Information: Any information or opinion about an identified individual, or an individual who is
reasonably identifiable. This includes names, contact details, account information, and also sensitive
information such as health or disability details, as defined in relevant privacy law.
Sensitive Information: A subset of personal information that is given a higher level of protection under
law. This mainly includes health information or details about a personʼs disabilities or care needs.
3. Collection of Personal Information
We collect personal information only when it is reasonably necessary for our functions or activities as
a SaaS provider for aged-care and disability services. The types of personal information we collect and
how we collect it are outlined below.
3.1 Customer Information
We collect personal information about our Customers and their authorised users (for example,
employees or contractors of the Customer who use Minikai). This information typically includes:
Contact details of the Customerʼs staff who use or administer our services (name, work email,
phone number, etc.).
Account login credentials (such as username and password) for the Minikai platform.
Billing information needed for invoicing or subscription management. (Note: We do not store credit
card details; payments are handled by a secure third-party provider.)
3.2 Care-Recipient Information
Our platform may be used by Customers to store and manage personal information about Care-
Recipients. This information is typically entered by the Customer and can include:
- Personal details of Care-Recipients (such as name, date of birth, contact information, and
emergency contacts).
- Health and disability-related information necessary to provide proper care (e.g. medical history,
care plans, care notes). This may include sensitive information like medical conditions,
medications, and related care history.
Minikai collects and handles this information on behalf of our Customers as part of providing our
service. We understand that Care-Recipient data is highly sensitive, and we treat it with strict
confidentiality and strong security measures.
3.3 How We Collect Personal Information
We collect personal information in several ways:
- Directly from Customers: When a Customer signs up for our services or uses the Minikai platform, they provide us with Customer and Care-Recipient information (for instance, by entering data or contacting us for support).
- From Care-Recipients or their representatives: In some cases, a Care-Recipient (or their family member/guardian) may provide information directly (for example, by filling out a form linked to our system). In these cases, we collect that information on behalf of the Customer.
- Automatically through use of the Service: When Customers use our platform, we automatically collect certain technical data (usage logs, device information, IP addresses) to maintain performance and security. This data is generally not used to identify individuals and is analysed only in aggregate form for trends and improvements.
- From third-party integrations: If Customers connect other software or systems with Minikai, we handle that integrated information according to this Policy.
3.4 Unsolicited Personal Information
If we receive Personal Information that we did not request and that is not needed for our services, we will securely delete or de-identify it, as long as it is lawful and reasonable for us to do so.
3.5 Anonymity and Pseudonymity
Where practical, individuals have the option to interact with us anonymously or under a pseudonym(for example, when making a general inquiry). However, because of the nature of our services, we usually need certain personal details (like names and contact information) to effectively provide support or services.
3.6 Cookies & Similar Technologies
We use cookies and similar technologies to enhance and secure your experience with our website and platform. Cookies are small data files placed on your device when you visit our site. The types of cookies we may use include:
- Session Cookies: Temporary cookies that are essential for running our site and allowing you to stay logged in. They are deleted when you close your browser.
- Preference Cookies: Cookies that remember your preferences and settings (e.g. language or layout choices) to personalise your experience.
- Analytics Cookies: Cookies that help us understand how users interact with our platform. They collect information like which pages are visited and any errors encountered, which we use to improve our services. (Importantly, we do not store any sensitive personal information or health data in cookies.) We may use third-party analytics services that utilise cookies or similar tools to gather usage statistics, and we only allow them to collect non-identifiable, non-sensitive information (no personal care records or sensitive details).
You can disable or block cookies through your browser settings at any time. However, some parts of our site or platform may not function properly if cookies are disabled, especially those needed for login or core features.
4. Disclosure of Personal Information
Minikai does not sell personal information to anyone. We only disclose Personal Information outside of Minikai in a few circumstances, such as:
- Service Providers (Sub-processors): We use trusted third-party companies to support our business operations (for example, cloud hosting providers and customer support tools). These providers may handle personal information on our behalf but only for our purposes and under our instructions. They are bound by confidentiality obligations and are required to comply with privacy standards equivalent to ours. If any such provider is located outside New Zealand, we ensure additional measures are in place as described in Section 7 (Cross-Border Data Protection) to protect your information.
- Legal or Safety Requirements: We may disclose Personal Information when required by law, regulation, or court order. We may also disclose information to cooperate with law enforcement or regulatory authorities, or if disclosure is necessary to prevent a serious threat to a person’s health or safety.
Business Transactions: If we undergo a business transaction like a merger, acquisition, or sale of part or all of our company, personal information may be transferred to the relevant parties as part of that process. In such cases, we will ensure that any recipients of the information agree to protect it in line with this Policy and applicable law.
Outside of these circumstances, Minikai will not disclose your Personal Information to any third party unless you have been informed or we have your permission (consent).
5. How We Use Personal Information
We use the personal information we collect to operate and improve our services, to communicate with you, and to fulfil our legal obligations. Key purposes include:
- Providing and Improving Services: To set up and manage Customer accounts, authenticate users, and deliver our platform’s core features. We also analyse service usage (in an aggregated, non-identifiable manner) to improve our platform and develop new features.
Communicating and Support: To communicate with Customers (and if needed, Care-Recipients or their guardians) about service updates and to provide support (responding to inquiries, fixing issues, etc.).
- Compliance and Protection: To comply with any legal obligations we have (such as health record-keeping requirements) and to enforce our terms of service. We also use information as necessary to detect and prevent fraud or misuse of our platform.
- Marketing (Opt-in): If you are a Customer, we may use your contact information to send updates about new features or services relevant to our platform. These communications are optional and you can opt out at any time. (We do not use Care-Recipient Personal Information for marketing purposes.)
6. Data Security
We implement a range of security measures to protect personal information from misuse, loss, or unauthorised access. These measures include encryption of data (both when sent over the internet and when stored on our servers), strict internal access controls (so only staff with a genuine need can access information), and regular security testing of our systems. While no method of electronic storage or transmission is completely secure, we continuously improve our safeguards to meet industry best practices.
7. Data Sovereignty and Retention
Data Location: Minikai stores Personal Information on secure servers located in Australia. For our New Zealand customers and users, this means your data may be stored or accessed outside of New Zealand (in this case, in Australia). We will not transfer or disclose Sensitive Information to any other country unless it is necessary and we have put appropriate protections in place.
Cross-Border Data Protection (New Zealand): In line with New Zealand’s Privacy Act 2020 –specifically Information Privacy Principle 12 – we take special care when personal information is disclosed outside New Zealand. We will only disclose personal information from New Zealand to an overseas recipient if at least one of the following conditions is met:
- The overseas recipient is subject to the New Zealand Privacy Act 2020 (for example, the recipient is an overseas company that is carrying on business in New Zealand, and thus must comply with the NZ Privacy Act).
- The overseas recipient is subject to privacy laws that provide comparable safeguards to New Zealand’s privacy laws. (For instance, personal data stored in Australia is protected under Australia’s Privacy Act, which we consider to offer comparable privacy safeguards to New Zealand law.)
- We have a contractual agreement with the overseas recipient that requires them to protect the personal information to the same standard required under New Zealand law (for example, by using model contract clauses approved or recommended by the New Zealand Privacy Commissioner).
- If none of the above conditions can be met, we will only disclose the personal information overseas with the express, informed consent of the individual concerned. In such cases, we will explain to the individual that their information may not be protected to the same extent by the privacy laws of the country where the recipient is located.
(In every case, our goal is to ensure that the privacy protections you enjoy under New Zealand law will continue to apply to your information, even when it is handled in another country.) We apply similar stringent safeguards for cross-border disclosures involving Australian personal information, in accordance with the Australian Privacy Principles.
Data Retention: We retain Customer and Care-Recipient personal data only for as long as the Customer’s subscription is active or as otherwise directed by the Customer, unless a longer retention period is required by law. When a Customer leaves Minikai, we will delete or return the personal information associated with their account as instructed, subject to any legal requirements to retain certain records.
If a specialised service provider located overseas (for example, an after-hours technical support vendor) is ever needed to assist us, we will seek the Customer’s consent (and, where required, the consent of affected individuals) before allowing any access to personal information. In such cases, we will ensure the provider is bound by contractual terms that require compliance with privacy safeguards equivalent to those under the APPs and New Zealand’s Privacy Act 2020.
8. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services or legal obligations. If we make a significant change, we will notify Customers (for example, by email or via a notice in our application). The “Last updated” date at the end of this Policy shows when it was most recently revised. We encourage you to check back periodically to review any updates.
9. Contact, Your Rights & Complaints
You have certain rights regarding your personal information under privacy laws (including the Australian Privacy Act 1988 and New Zealand Privacy Act 2020), and we are here to help you exercise them. These rights include:
Access: You can request a copy of the personal information we hold about you. We will provide it unless legal exceptions apply.
Correction: You can ask us to correct or update any personal information that you believe is inaccurate, out-of-date, or incomplete. We will promptly correct the information where possible.
Object to Processing: You may object to specific uses of your personal information, such as using your data for direct marketing. We will consider and respect such requests as much as possible.
Withdraw Consent: If we are processing your personal information based on consent, you can withdraw that consent at any time and we will stop that specific processing (where feasible).
Data Portability: You can request a copy of personal data you have provided to us in a structured, commonly used, machine-readable format. We will provide this when it is technically feasible and reasonable to do so.
If you have any questions, want to exercise your rights, or wish to make a complaint, please contact our Privacy Officer. You can reach us by email at privacy@minikai.com. We typically respond within 30 days.
If you are not satisfied with our response, you can escalate your concern to the Office of the Australian Information Commissioner (OAIC) in Australia, or to the Office of the Privacy Commissioner in New Zealand. New Zealand residents can contact the Privacy Commissioner for guidance or to lodge a complaint if needed. We will cooperate with the relevant authorities to resolve any concerns.
Last updated: May 2025