Privacy Policy
The short version
- Your participant data sits on Australian servers, scoped to your account only.
- No one at Bluetail reads it during normal operation. We don't have a tool to browse it, and we don't.
- We only ever access it if you ask us to (e.g. to debug a problem on one participant's file), or if we are legally compelled to by a court order.
- We never sell, share or use your participant data to train AI models.
Bluetail Pty Ltd ("Bluetail") provides software that helps Australian NDIS Support Coordinators generate documents and manage participant information. This policy covers individual Support Coordinators using Bluetail to support their own caseload.
What's stored in your account
When you use Bluetail, the following ends up sitting on our servers, inside your account:
- Your account details — name, email, and an optional business name.
- Anything you choose to add about your participants — names, plan notes, goals, contacts, attached documents.
- Documents Bluetail generates when you click a button — NDIA forms, drafted emails, summaries, polished drafts.
This information sits in your account. It isn't viewed, read, browsed or compiled by anyone at Bluetail in the normal course of running the service. We don't use it for analytics, we don't aggregate it across customers, and we don't look at it out of curiosity. It's yours.
How participant data is handled
- Used solely to render the page or document you request, when you request it.
- Not sold, shared, or rented to any third party — ever.
- Not used to train AI models. Our agreement with Anthropic prohibits it explicitly.
- AI features (Summarise, Polish, Smart Import) are opt-in per use. Each click is an explicit decision you make, and the data sent is deleted on Anthropic's side within ~30 days.
Who can access your data
Only you. Every page in Bluetail is scoped by row-level security so the participants and documents in your account are invisible to every other Bluetail user — full stop.
Bluetail staff have administrative database access for system maintenance (patching, migrations, backups). We do not have an admin tool that browses customer participant records. We have not accessed customer data and we will not, unless one of these specific things happens:
- You ask us to.For example, you report a bug that only happens on a specific participant's file and we need to look at the record to debug it. You'd be told before, during and after.
- We are legally compelled to.A valid court order, subpoena, or lawful direction from an Australian regulator. We'd notify you if we are legally able to.
All database access is logged.
Where your data is stored
On Australian infrastructure — Supabase's Sydney region. Our handling complies with the Australian Privacy Principles under the Privacy Act 1988.
Processors we use
- Vercel — hosts the app code.
- Supabase — database, auth, storage (Sydney region).
- Resend — transactional email (account verification, receipts).
- Stripe — subscription billing.
- Anthropic — only when youtrigger an AI feature (Summarise, Polish, Smart Import). Data sent is deleted on Anthropic's side within ~30 days and is not used for training.
- Google Analytics — aggregate site usage only (which pages are visited, how long, from which region). No participant data, no document content and no account-identifying information is sent to Google. Used to understand which parts of the marketing site and product are useful so we can improve them.
Data deletion
- Deleting a participant, generated document or draft from Bluetail removes the record from our production database immediately.
- If you cancel your subscription and ask us to delete your account entirely, we'll remove it from production within 30 days.
- Backups are retained for up to 90 days for disaster recovery, then expire.
Contact
Privacy questions: info@bluetail.com.au