Provider Nest Privacy Policy

Provider Nest provides automation, CRM, workflow, website, AI, systems, and operational setup services for service-based businesses.

In this Privacy Policy:

• Provider Nest, we, us, or our means Provider Nest.
• Client, you, or your means the person, business, staff member, contractor, customer, website visitor, or other individual whose personal information we handle.
• Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable.

We may collect personal information and business information depending on how you interact with us.

This may include:

• name;
• business name;
• role or job title;
• email address;
• phone number;
• billing details;
• account details;
• website and domain details;
• onboarding form responses;
• business process information;
• customer enquiry information;
• staff/user details required for system setup;
• meeting notes, call notes, project notes, support requests, and correspondence;
• payment status and transaction references;
• technical information such as IP address, device/browser information, analytics data, form submissions, logs, and usage information;
• platform, CRM, automation, workflow, communication, calendar, and integration data needed to deliver our services.

Sensitive information can include health information, genetic information, biometric information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, and other information treated as sensitive under Australian privacy law.

We do not intentionally collect sensitive information unless it is reasonably necessary for a project, service, legal requirement, or client-approved workflow.

If sensitive information is required, we will handle it with additional care and will generally seek consent or documented authority before collecting or processing it.

Clients must not provide sensitive information to Provider Nest unless it is required for the agreed services and the client has lawful authority to provide it.

We may collect information:

• through our website;
• through checkout or payment flows;
• through contact forms and onboarding forms;
• through email, phone, SMS, meetings, calls, messages, or support requests;
• through MyNestCRM/GHL, ClickUp, Google Workspace, n8n, Supabase, Stripe, Lovable, AI tools, and other connected systems;
• from clients, staff, contractors, partners, and authorised representatives;
• from third-party platforms connected to the client system;
• from publicly available sources where relevant to our services.

Where practical, we collect personal information directly from the individual or business providing it. In some cases, clients may provide information about their staff, customers, leads, or contacts so we can deliver agreed services.

We collect and use information to:

• respond to enquiries;
• provide quotes, proposals, and package information;
• process purchases and payments;
• create and manage client accounts;
• deliver onboarding, setup, support, training, and project work;
• configure websites, CRM systems, automations, workflows, AI tools, calendars, forms, pipelines, dashboards, payment flows, and integrations;
• manage MyNestCRM/GHL and other platform access;
• send service, support, onboarding, billing, and operational communications;
• improve our services, systems, documentation, and customer experience;
• monitor platform usage, security, quality, and reliability;
• manage legal, accounting, tax, insurance, audit, and compliance obligations;
• handle disputes, incidents, complaints, cancellation, offboarding, and data requests.

Our website may use cookies, pixels, analytics tools, tags, and similar technologies to understand website usage, improve user experience, measure performance, support marketing, and manage checkout or enquiry flows.

These technologies may collect information such as browser type, device type, pages visited, time spent, referring links, form activity, approximate location, and interaction data.

You can usually manage cookies through your browser settings. Some website features may not work correctly if cookies are disabled.

We use and disclose information for the purposes described in this Privacy Policy, the applicable Terms of Service, package service agreement, Statement of Work, or as otherwise permitted by law.

We may disclose information to:

• our staff, contractors, advisers, and authorised representatives;
• technology providers, hosting providers, automation providers, CRM providers, AI providers, payment providers, communication providers, analytics providers, and support tools;
• platforms used to deliver services, including MyNestCRM/GHL, n8n, Supabase, Stripe, ClickUp, Google Workspace, Lovable, AI providers, domain providers, email providers, phone/SMS providers, and related tools;
• accountants, lawyers, insurers, auditors, and professional advisers;
• government, regulatory, law enforcement, or dispute resolution bodies where required or permitted by law;
• other parties with consent or where reasonably necessary to deliver the agreed services.

We do not sell personal information.

Provider Nest services often depend on third-party platforms. These platforms may collect, process, store, or access information according to their own terms and privacy policies.

Third-party platforms may include:

• MyNestCRM / GoHighLevel;
• n8n;
• Supabase;
• Stripe;
• ClickUp;
• Google Workspace;
• Lovable;
• AI model and automation providers;
• phone, SMS, email, domain, hosting, verification, analytics, and communication providers.

Clients are responsible for ensuring their own customer-facing privacy notices, consent flows, and data handling practices are suitable for their business and industry.

Some third-party platforms, infrastructure providers, support providers, AI providers, and software tools may store or process information outside Australia.

Countries may include the United States, European Union member countries, the United Kingdom, New Zealand, Singapore, and other locations where our service providers operate.

By using our services, you acknowledge that information may be processed through these third-party systems where reasonably necessary to deliver the services.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure.

Security measures may include access controls, password management, multi-factor authentication where available, limited access permissions, system logging, secure storage practices, staff/contractor confidentiality obligations, and operational review processes.

No method of transmission or storage is completely secure. Clients must also take care with their own account access, passwords, users, permissions, devices, and connected systems.

We keep information for as long as reasonably needed to provide services, manage accounts, meet legal/accounting/tax obligations, resolve disputes, maintain records, support audit readiness, and protect our legitimate interests.

When information is no longer needed, we will take reasonable steps to delete, de-identify, archive, or securely restrict it where practical.

Clients may request deletion or export of agreed client-owned data, subject to legal obligations, technical limits, platform constraints, outstanding payments, and any applicable service agreement or Statement of Work.

You may request access to personal information we hold about you.

You may also request correction if you believe information is inaccurate, out of date, incomplete, irrelevant, or misleading.

We may need to verify your identity before responding. In some cases, we may refuse access or correction where allowed by law, but we will explain the reason where appropriate.

We may send service updates, onboarding information, support information, product updates, educational content, offers, or marketing communications where permitted by law.

You can unsubscribe from marketing emails using the unsubscribe link or by contacting us.

Service, billing, legal, security, support, or operational messages may still be sent where necessary.

If we become aware of a suspected data breach affecting personal information, we will assess the incident and take reasonable steps to contain, investigate, and respond.

Where the Notifiable Data Breaches scheme applies and a data breach is likely to result in serious harm, we will comply with applicable notification obligations.

Clients must promptly notify Provider Nest if they become aware of any suspected unauthorised access, misuse, disclosure, loss, or security issue involving Provider Nest-managed systems, connected platforms, or client data.

Many Provider Nest projects involve client customer data, leads, enquiries, staff details, bookings, payments, messages, automations, or operational workflows.

The client is responsible for:

• having lawful authority to provide that information to Provider Nest;
• giving required privacy notices to its customers, staff, and users;
• obtaining required consents;
• complying with industry-specific privacy, marketing, communications, payment, employment, health, NDIS, or other obligations;
• ensuring system use matches the client’s legal and operational responsibilities.

Provider Nest handles client data to deliver the agreed services and does not use client customer data for unrelated client projects except where de-identified, aggregated, authorised, or otherwise permitted by law.

Some services may involve AI tools, automated workflows, prompts, model outputs, transcription, summarisation, content generation, call handling, chat, lead qualification, routing, or decision-support workflows.

AI and automation outputs may be inaccurate, incomplete, delayed, or unsuitable without human review.

Clients are responsible for reviewing AI-generated or automated outputs before relying on them for legal, medical, financial, employment, compliance, customer-impacting, or high-risk decisions.

Where AI or automation involves personal information, additional data handling, disclosure, and consent considerations may apply.

If you have a privacy question, request, or complaint, contact Provider Nest using the details below.

We will aim to respond within a reasonable time.

If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner.

We may update this Privacy Policy from time to time to reflect changes in law, technology, tools, platforms, business operations, or services.

The version and last updated date will be shown on this page.

For privacy questions, access/correction requests, deletion requests, data handling questions, or complaints, contact Provider Nest.

Email: Support@providernest.com.au
Website: www.Providernest.com.au

This page is intended to be a clear working Privacy Policy for Provider Nest. It should be reviewed by an Australian privacy lawyer before being treated as final legal terms.