Privacy policy

Version 1.0.0 · Effective 26 April 2026

Provero Pty Ltd (ABN to be registered, "Provero", "we", "our", "us") operates the Provero compliance and governance platform for Australian aged care providers. We take privacy seriously — particularly because the platform handles information about older people in care, and the staff who care for them.

This policy explains what personal information we collect, why we collect it, who we share it with, and your rights. It applies to our use of personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What information we collect

We collect different categories of information depending on your relationship with the platform.

1.1 From organisations using Provero (our customers)

• Tenant administrator and staff identity: name, work email, phone number, role, facility allocation.
• Authentication credentials: passwords (hashed with bcrypt), TOTP authenticator setup, biometric refresh tokens (held in your device's secure storage; we hold only a one-way hash).
• Audit-log entries: every read and write action with timestamp, IP address, user id, action description.
• Operational records: incidents, complaints, policies, compliance evidence, workforce credentials, restrictive-practice events, quality-indicator submissions.
• Tenant SSO configuration: identity-provider metadata URL, claim mappings.

1.2 From people in care and their families

Provero is a tool used by care providers — not a direct service to residents. Information about residents (date of birth, care plan references, incident details, complaint resolution data) is provided by your care provider and stored within their tenancy. We process this data on the provider's behalf as a data processor.

1.3 From whistleblowers and complainants

The whistleblower portal is anonymous by default. We do not store the submitter's IP address in plaintext — we hold a one-way hash for rate-limit and abuse-detection purposes only. If you choose to provide contact details, they are encrypted at rest using ASP.NET Data Protection and are only decryptable by handlers at your facility holding the whistleblower.access permission, with every decryption logged.

1.4 From mobile and web app usage

• Device information: user agent, device type, native push tokens (APNS/FCM) when you opt in to notifications.
• Mobile device management (MDM) hints: when your device is enrolled in an MDM (Microsoft Intune, Jamf Pro, etc.) the platform may receive session-timeout, tenant-subdomain, and language preferences pushed by your IT team. These hints can only restrict your access, never elevate it.

2. How we use your information

• To provide the platform's compliance, governance, and reporting features.
• To authenticate users and enforce role-based access control.
• To generate audit packs and regulatory submissions to government bodies including the Aged Care Quality and Safety Commission (ACQSC) and the Department of Health (My Aged Care).
• To send transactional notifications via email (account, security, MFA) and push (incident updates, scheduled reminders).
• To investigate suspected security incidents, fraud, or regulatory non-compliance.
• To maintain an immutable audit trail required for regulator inspections.

3. Who we share information with

We share information only as necessary:

• Within your tenancy: data is visible to users in your organisation according to their role and permissions. Row-Level Security ensures one tenant's data is never accessible to another, even in the event of an application-layer bug.
• Australian regulators: we transmit data on your behalf to My Aged Care (Quality Indicators, RN coverage, provider management) using secure OAuth2-authenticated APIs, only when you instruct us to lodge.
• Service providers: Microsoft Azure (hosting), Microsoft Communication Services (transactional email), Apple (APNS push), Google (FCM push). All providers are contracted under data-protection terms consistent with the APPs.
• Law enforcement: only when required by valid court order or to comply with applicable Australian law.
• We do not sell or rent personal information to anyone, ever.

4. Where your data is stored

All Provero data is stored in Microsoft Azure data centres in Australia East (Sydney) with geo-replicated backups in Australia Southeast (Melbourne). Data does not leave Australia at rest. Transactional email is processed by Microsoft Communication Services in the Australia region. Push notifications transit Apple APNS and Google FCM gateways under the standard cross-jurisdictional transit terms of those services.

5. How long we keep it

• Audit log entries: 7 years from the date of the action (regulator-mandated retention).
• Operational records: indefinitely while your account is active; deleted within 90 days of tenant closure unless retention is required by law.
• Authentication artefacts: refresh tokens expire after 90 days; trusted-device cookies expire after 30 days.
• Whistleblower disclosures: retained while the case is open + 7 years after closure for regulatory traceability.
• Backups: retained for 35 days then automatically destroyed.

6. Security

• TLS 1.3 in transit; AES-256 at rest.
• Per-tenant data isolation via PostgreSQL Row-Level Security plus application-layer permission checks.
• MFA enforced on every account; all admin actions audit-logged.
• Penetration tested regularly (latest test report available to enterprise customers under NDA).
• Sensitive fields (whistleblower contact info, ACM client secrets) encrypted with ASP.NET Data Protection.

No system can be made entirely impenetrable. If we become aware of a security incident affecting your data we will notify you in accordance with the OAIC's Notifiable Data Breaches scheme.

7. Your rights under the APPs

You can ask us to:

• Confirm what personal information we hold about you (APP 12).
• Correct inaccurate information (APP 13).
• Restrict, delete, or export your information.

For data held within a customer's tenancy, contact your tenant administrator first — they hold direct control. For data held by Provero as the platform operator, contact us at privacy@provero.com.au. We respond within 30 days.

8. Complaints

If you believe we have mishandled your information, contact privacy@provero.com.au. If you are unsatisfied with our response, you may complain to the Office of the Australian Information Commissioner at oaic.gov.au.

9. Changes to this policy

Material changes are notified to tenant administrators by email at least 30 days before they take effect, with the option to terminate the contract if the change is unacceptable. Editorial corrections take effect immediately and are reflected by the policy version number above.

10. Contact

Provero Pty Ltd
Privacy Officer · privacy@provero.com.au
provero.com.au