Steady
Get started
Privacy notice

Privacy at Steady

Steady is built around minimising what people need to share. Browse first, enquire with lightweight details, then choose exactly which sensitive information is shared with a provider or worker.

Last updated 27 May 2026

What we collect

We collect account details, contact details, role information, authentication records, directory searches, enquiries, provider workspace activity, consent decisions, document metadata, and security logs needed to run the service.

If you choose to use participant, provider, or worker workflows, we may also handle sensitive information such as disability support needs, NDIS plan details, health-related documents, worker screening status, qualification records, and document-share decisions.

How we use it

  • To operate accounts, sign-in links, provider invitations, and workspace access.
  • To show provider directory results, capacity freshness, enquiries, and service-readiness status.
  • To record consent grants, revocations, document shares, audit events, and worker applications.
  • To send service emails and maintain security, abuse prevention, diagnostics, and availability.
  • To improve the product using aggregated or de-identified operational data where possible.

Sharing and consent

Providers, workers, participants, nominees, and support coordinators see information only where their account role, relationship, or your consent allows it. Sensitive information is shared scope by scope; revoking one scope does not automatically revoke every other scope.

We do not sell personal information. We may use trusted service providers for hosting, authentication, email delivery, storage, diagnostics, and security, and we may disclose information where required by law or to respond to safety, fraud, or security issues.

Documents and audit history

Uploaded documents are stored separately from public directory data. Document access is mediated by account authority, consent, share state, and audit logging. Providers should not treat a shared document as permission to use it outside the purpose for which it was shared.

Audit records are kept to explain who accessed or changed important account, consent, document, provider, worker, and enquiry records. Some audit records must be retained even if visible access is later revoked.

Your choices

  • You can browse the public directory without creating an account.
  • You can update account, profile, provider, worker, and notification details from your workspace.
  • You can revoke consent scopes and document shares where the product exposes that control.
  • You can ask us to help access, correct, export, or delete information by contacting team@getsteady.com.au.