Privacy Policy
Novida is operated by Toradigm Pty Ltd (ABN 70 679 136 577). We handle personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). This is a summary — the full policy is on this page.
What we collect
Depending on how you use Novida: your name, email and SMS-verified mobile; your suburb and plan-management type; the support needs you describe in an enquiry (which may include disability-related “sensitive information”); provider, coordinator and worker profile details; referee contact details for reference checks; billing details (card payments are processed by Stripe, not stored by us); and usage, device and cookie data.
How we use and share it
We use your information to connect enquiries, run accounts and dashboards, verify identity by SMS, match and distribute leads, support hiring, process payments and improve the platform. When you enquire, your details are shared only with the matched provider(s) or coordinator(s) — a lead may reach more than one matching provider under fair round-robin rules, and free-tier providers must upgrade to view contact details. In the talent pool, a worker’s contact stays private until they accept an invitation. We use processors including Supabase (hosting, Australia), Resend (email), our SMS gateway, Stripe (payments) and, only with your consent, Google Analytics. We never sell your personal information.
Sensitive information and consent
Disability-related and health information is “sensitive information” under the Privacy Act; we collect it only where necessary and with your consent, and use it only to provide the service you asked for.
Your rights
You can access and correct your information (APP 12 and 13), withdraw consent, unsubscribe from marketing, and ask us to delete your account. Email hello@novida.com.au. You may also complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Security, retention and overseas disclosure
We store data on Australian infrastructure with encryption in transit and at rest (APP 11), retain it only as long as needed (billing records for 7 years), respond to eligible breaches under the Notifiable Data Breaches scheme, and disclose limited data overseas (Stripe, Google) consistently with APP 8.