PlanMaxx
Back to home

Privacy Policy

Last updated: 12 March 2026

1. Who We Are

PlanMaxx (“we”, “us”, “our”) operates the website planmaxx.app and provides AI-powered NDIS plan analysis and submission tools. We are committed to protecting the privacy and security of your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

We collect the following types of information:

  • Account information: Name, email address, password (hashed), state/territory, and disability type when you create an account.
  • Plan documents: NDIS plan PDFs and supporting evidence documents you upload for analysis.
  • Analysis data: The results of our AI analysis of your plan, including funding categories, identified gaps, and generated submission documents.
  • Payment information: Payment details are processed securely by Stripe. We do not store your credit card number, CVV, or full card details on our servers.
  • Usage data: Pages visited, features used, and general interaction patterns to improve our service.

3. How We Use Your Information

We use your information to:

  • Analyse your NDIS plan and identify underfunded or missing support categories.
  • Generate personalised plan review submissions, practitioner letters, and evidence checklists.
  • Provide budget tracking and evidence storage features.
  • Process payments and manage your account.
  • Send important service communications (e.g., account verification, payment confirmations).
  • Improve our analysis accuracy and service features.

4. How We Protect Your Information

We take the security of your data seriously, particularly given the sensitive nature of NDIS plan information:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using 256-bit TLS/SSL encryption.
  • Encryption at rest: Your uploaded documents and personal data are encrypted at rest using AES-256 encryption.
  • Secure hosting: Our infrastructure is hosted on SOC 2 Type II certified cloud providers with data centres in Australia.
  • Malware scanning: All uploaded files are scanned for malware before processing.
  • Access controls: Only you can access your plan data. Our team cannot view your uploaded documents without your explicit consent.
  • PCI DSS compliance: Payment processing is handled by Stripe, which is PCI DSS Level 1 certified — the highest level of certification.

5. Sharing Your Information

We do not sell, trade, or rent your personal information. We share your data only with:

  • Stripe: For secure payment processing.
  • Supabase: For secure data storage and authentication (Australian-region hosting).
  • AI processing providers: Your plan data is sent to AI models for analysis. This data is not retained by the AI provider beyond the processing session and is not used to train AI models.

We will never share your information with the NDIA, government agencies, insurance companies, or any third party without your explicit written consent, unless required by law.

6. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your account and all associated data.
  • Download a copy of your data.
  • Withdraw consent for data processing at any time.

To exercise any of these rights, contact us at privacy@planmaxx.app.

7. Data Retention

We retain your account data and plan analysis for as long as your account is active. You can delete your account and all associated data at any time from your dashboard settings. Upon account deletion, all personal data, uploaded documents, and analysis results are permanently removed within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. Analytics data is collected in aggregate form and cannot be used to identify individual users.

9. Children's Privacy

While NDIS participants may be of any age, accounts must be created by individuals aged 18 or over, or by a parent/guardian/nominee acting on behalf of a participant. We do not knowingly collect information directly from children under 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to make a complaint, contact us at:

Email: privacy@planmaxx.app
Website: planmaxx.app

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.