Privacy Policy
HubShift is committed to transparency and protecting the privacy of support workers, participants, and service providers across Australia. This policy covers our website and mobile application, including location, camera, microphone, and notification data, in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
HubShift Privacy Policy
Last updated: May 2026
1. Introduction
HubShift is operated by HubShift Pty Ltd (ABN 37 656 268 450), an Australian company providing workforce management solutions for the National Disability Insurance Scheme (NDIS) sector. We are committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website at hubshift.au and our mobile application (collectively, the "Services").
2. Information We Collect
2.1 Account Information
When you register for a HubShift account, we collect your name, email address, phone number, date of birth, job title, and organisational affiliation. For support workers, we may also collect professional qualifications, certifications, and emergency contact details as part of onboarding.
2.2 Location Data
HubShift may collect precise and approximate location information when you use features related to shifts, clock-in and clock-out, travel, transport, or support service delivery. This may include current location, travel start and end points, route information, timestamps, and distance travelled.
Location data is used solely for legitimate business and service delivery purposes, including:
• verifying attendance and service delivery locations;
• tracking authorised work-related travel;
• calculating travel distance and timesheets;
• supporting travel reimbursement and claims;
• maintaining service delivery and audit records; and
• meeting operational, safety, contractual, and NDIS compliance obligations.
Location data-Background location access is used only during an active shift, transport activity, or travel tracking session, allowing work-related travel to continue being recorded when the app is minimised or not actively open. HubShift does not track support workers outside authorised work-related activities or active sessions.
Users can start or stop location tracking within the app at any time and may also manage location permissions through their device settings.
Location and travel information is accessible only to authorised personnel, such as organisation administrators, managers, coordinators, or approved service provider representatives, in accordance with role-based access controls and privacy requirements.
2.3 Camera and Photos
The app may request access to your device camera and photo library to capture and upload shift evidence, incident documentation, and profile photos. Photos are only captured or accessed when you explicitly choose to take or select an image.
2.4 Microphone and Speech Recognition
HubShift may access your device microphone to support voice-to-text functionality when creating progress notes, case notes, or using voice assistant features within the app.
Audio input is processed in real time solely for speech transcription and command functionality. HubShift does not record, store, or retain audio recordings on its servers unless explicitly stated for a specific feature and consented to by the user.
Microphone access is used only while the relevant feature is actively in use. Users can disable microphone permissions at any time through their device settings.
Voice-generated content and transcribed text may be visible to authorised organisation administrators, managers, coordinators, or approved service provider representatives in accordance with role-based access permissions and applicable privacy obligations.
2.5 Push Notifications
We use push notifications to alert you about upcoming shifts, shift changes, swap requests, messages, and other time-sensitive information. You can manage notification preferences in your device settings at any time.
2.6 Device and Usage Information
We automatically collect device information including your device type, operating system, app version, IP address, browser type, and usage analytics (pages viewed, features used, session duration). This helps us improve performance, diagnose issues, and enhance the user experience.
3. How We Use Your Information
HubShift uses the personal information we collect to provide, operate, secure, and improve the HubShift platform and mobile application. This includes using information to:
• create and manage user accounts;
• provide access to app features and services;
• manage shift rostering, scheduling, clock-in and clock-out verification, and timesheet processing;
• support staff onboarding, training, credential checks, and compliance management;
• create, process, and store progress notes, incident reports, shift notes, and other service delivery documentation;
• send app notifications, reminders, messages, and account-related updates;
• support NDIS compliance, audit records, quality assurance, service delivery reviews, and regulatory obligations;
• process support requests and communicate with users about their account, organisation, or app activity;
• monitor app performance, usage trends, errors, and user feedback to improve the platform;
• maintain system security and protect against fraud, unauthorised access, misuse, abuse, or security incidents; and
• comply with legal, contractual, operational, and regulatory requirements.
We only use personal information for purposes that are reasonably necessary to deliver HubShift services, support authorised organisation workflows, meet compliance obligations, and maintain the safety and security of the platform.
4. How We Share Your Information
We do not sell your personal information.
We may share personal information only where reasonably necessary to provide, operate, secure, support, or improve the HubShift platform, or where required by law. This may include sharing information with:
• Your organisation — such as your employer, service provider, or the organisation that manages your HubShift account, for rostering, service delivery, compliance, payroll, reporting, and account administration purposes.
• NDIS participants, nominees, guardians, or authorised representatives — limited information relevant to service delivery, communication, care coordination, incident reporting, or support documentation.
• Cloud infrastructure and hosting providers — to securely store, process, back up, and manage platform data.
• Analytics providers — to help us understand how the platform and mobile app are used, improve performance, identify usage trends, and enhance user experience.
• Error monitoring and crash reporting providers — to detect app crashes, diagnose technical issues, improve app stability, and maintain security.
• Integration partners — where enabled by your organisation, such as accounting, payroll, invoicing, mapping, communication, or workflow tools.
• Legal, regulatory, or government bodies — where required by law, court order, regulatory obligation, investigation, audit, dispute, or compliance requirement.
We only share the information that is reasonably necessary for the relevant purpose. Where third-party providers process personal information on our behalf, we take reasonable steps to ensure they handle information securely and in accordance with applicable privacy obligations.
5. Third-Party Service Providers
HubShift may use trusted third-party service providers to operate, support, secure, and improve our services. These providers may process personal information only as necessary to provide services to HubShift or to your organisation.
Third-party services may include:
• Cloud infrastructure providers, such as Amazon Web Services, for secure hosting, storage, backup, and data processing.
• Google Maps and Google Places, for maps, address lookup, location display, route information, travel-related features, and service delivery support.
• Xero, where enabled by an organisation, for accounting, invoicing, payroll, finance, or related integration purposes.
• Email, SMS, push notification, and communication providers, to send account notifications, shift alerts, support messages, service-related updates, and system communications.
• Analytics and performance monitoring tools, to understand usage patterns, improve functionality, diagnose errors, and maintain platform reliability.
• Error monitoring and crash reporting tools, to detect technical issues, troubleshoot app performance, and improve app stability.
These third-party providers are subject to their own privacy policies and security practices. We recommend reviewing the privacy policies of any third-party services used in connection with HubShift.
Where third-party integrations are enabled by your organisation, your use of those integrations may also be subject to the terms and privacy policies of the relevant third-party provider.
6. Data Storage and Security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.
HubShift uses technical, administrative, and organisational safeguards, which may include:
• Encryption of data in transit using TLS or equivalent secure transmission protocols.
• Encryption of data at rest where supported by our infrastructure and systems.
• Secure authentication and access control mechanisms.
• Role-based access permissions.
• Audit logs and activity monitoring.
• Secure hosting environments.
• Regular security reviews and system monitoring.
• Backup and recovery controls.
• Measures to detect, investigate, and respond to security incidents.
Although we take reasonable steps to protect your personal information, no method of electronic transmission, internet communication, or digital storage is completely secure. Users are responsible for keeping their login details confidential and for using strong passwords and secure devices when accessing HubShift.
7. Data Retention
We retain personal information for as long as reasonably necessary to provide our services, support your organisation, comply with legal and regulatory obligations, resolve disputes, enforce agreements, and maintain business records.
This may include retaining information for:
• Account administration and user access management.
• Service delivery and support documentation.
• Rostering, clock-in/out, timesheet, payroll, and travel records.
• Progress notes, care records, incident reports, and compliance records.
• NDIS audit, reporting, and record-keeping obligations.
• Legal, contractual, insurance, dispute resolution, and regulatory purposes.
Location, travel, shift, and attendance records may be retained for as long as reasonably necessary to support service delivery verification, timesheet processing, travel claims, billing, audit, compliance, dispute resolution, and legal obligations.
When personal information is no longer required, we will take reasonable steps to securely delete, de-identify, or anonymise it in accordance with our data retention and destruction procedures, unless we are required or permitted by law to retain it.
8. Your Rights
Subject to applicable laws, you may have rights in relation to the personal information we hold about you. These may include the right to:
• Request access to the personal information we hold about you.
• Request correction of inaccurate, incomplete, or outdated information.
• Request deletion of personal information, subject to legal, regulatory, contractual, or service delivery obligations.
• Withdraw consent for optional features, such as push notifications or device permissions.
• Manage device permissions, including location, microphone, camera, and notification access, through your device settings.
• Make a privacy complaint if you believe your privacy has been breached.
Where your HubShift account is managed by an organisation, some requests may need to be directed to that organisation because they control how your information is collected, used, retained, and disclosed within HubShift.
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with additional privacy rights, you may have additional rights, such as the right to data portability, restriction of processing, or objection to certain processing activities.
To exercise your rights or make a privacy enquiry, please contact us using the details below.
You may also contact the Office of the Australian Information Commissioner if you are not satisfied with how we handle your privacy complaint.
9. Cookies
Our website may use cookies and similar technologies to improve user experience, analyse website traffic, understand visitor behaviour, and support website functionality.
Cookies may be used to:
• Remember user preferences.
• Analyse website usage and performance.
• Improve website content and navigation.
• Support security and fraud prevention.
• Understand how visitors arrive at and interact with our website.
You can manage or disable cookies through your browser settings. If you disable cookies, some website features may not function properly.
The HubShift mobile app may also use similar technologies, analytics tools, or device identifiers to support app functionality, security, performance monitoring, and service improvement.
10. Children's Privacy
HubShift is not directed to individuals under the age of 18.
We do not knowingly collect personal information directly from children through our platform. If we become aware that we have collected personal information from a child without appropriate authorisation, we will take reasonable steps to delete or de-identify that information, unless retention is required by law or necessary for authorised service delivery records.
Where information about minors is entered into HubShift by an authorised organisation, service provider, parent, guardian, nominee, or representative, that organisation is responsible for ensuring it has the appropriate authority, consent, or legal basis to collect and manage that information.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our services, technology, legal requirements, business operations, or privacy practices.
If we make material changes, we will take reasonable steps to notify users, which may include posting the updated Privacy Policy on our website, updating the “Last updated” date, providing in-app notice, or notifying your organisation.
We encourage users to review this Privacy Policy periodically to stay informed about how we collect, use, disclose, and protect personal information.
12. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have a complaint, please contact us:
• Email: info@hubshift.au
• Website: hubshift.com.au
We will respond to privacy enquiries and complaints within a reasonable timeframe and in accordance with applicable privacy laws.