Privacy Policy

Titus CRM ("we", "us", "our") is committed to protecting the privacy of our customers, their staff, and the individuals whose data is managed through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using Titus CRM, you agree to the practices described in this policy.

1. Who We Are

Titus CRM is an AI-powered provider management platform built for Australian NDIS and human services organisations. The platform is operated by A4G Pty Ltd, trading as Titus CRM, based in Brisbane, Queensland, Australia.

Contact: hello@titus-crm.com

2. Information We Collect

We collect information in several ways depending on how you interact with us:

Account and Billing Information

• Organisation name, ABN, and contact details
• Account administrator name and email address
• Billing address and payment method (processed securely via Stripe)

Platform Usage Data

• User account details for staff added to your organisation
• Login activity and session data
• Feature usage, audit logs, and system events
• Support requests and communications

Participant and Client Data (entered by your organisation)

• NDIS participant names, contact details, NDIS numbers, and plan information
• Care notes, incident reports, and service delivery records
• Rostering and shift data linked to participants

Website Data

• IP address, browser type, and referring URLs via analytics
• Form submissions (e.g. demo requests, contact enquiries)

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Titus CRM platform
• Process payments and manage your subscription
• Send transactional emails (account alerts, invoices, security notifications)
• Respond to support requests and enquiries
• Monitor platform performance and diagnose technical issues
• Comply with legal obligations, including those under the NDIS framework

We do not sell your personal information to third parties. We do not use participant data entered into the platform for any purpose other than delivering the service to you.

4. Who We Share Information With

We share information only where necessary to deliver the platform:

• Supabase — database hosting and authentication infrastructure
• Vercel — platform hosting and deployment
• Stripe — payment processing (Stripe is PCI-DSS Level 1 certified)
• Anthropic / OpenAI — AI features (voice transcription, case note generation). Data sent to AI providers is subject to their enterprise data processing agreements and is not used to train models.
• Sentry — error monitoring and performance tracking
• Legal and regulatory bodies — only when required by law

All third-party providers are required to handle data in accordance with applicable privacy laws and our data processing requirements.

5. Data Storage and Security

Your data is stored on secure servers located in Australia and the United States (where our infrastructure providers operate). We implement industry-standard safeguards including:

• Encryption in transit (TLS 1.2+) and at rest
• Role-based access controls — staff only see data relevant to their role
• Audit logging for all data access and modification events
• Regular security assessments and dependency updates

No system is completely secure. In the event of a data breach affecting your personal information, we will notify you in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act.

6. NDIS Participant Data

Titus CRM processes sensitive personal information about NDIS participants on behalf of registered providers. We act as a data processor for this information — your organisation (the provider) remains the data controller and is responsible for:

• Obtaining appropriate consent from participants for data collection and storage
• Ensuring data entered into Titus CRM complies with NDIS Practice Standards
• Managing access rights for your staff

We treat participant health, disability, and care information as sensitive data under the Privacy Act and apply the highest level of care to its handling.

7. Cookies and Tracking

Our marketing website (titus-crm.com) uses cookies and analytics tools to understand how visitors interact with our content. The platform application (app.titus-crm.com) uses session cookies necessary for authentication and security.

You can disable cookies through your browser settings, though this may affect the functionality of the platform application.

8. Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or out-of-date information
• Request deletion of your personal information (subject to legal obligations)
• Opt out of marketing communications at any time
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, contact us at hello@titus-crm.com. We will respond within 30 days.

9. Data Retention

We retain your account data for as long as your subscription is active and for up to 7 years after account closure to meet legal and tax obligations. Participant data is retained for the duration of your subscription. Upon cancellation, you may request an export of your data within 30 days before it is permanently deleted from our systems.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify active subscribers by email when material changes are made. The date at the top of this page reflects the most recent update.

11. Contact Us