Gobbill Privacy Policy

Last Updated: 3 February 2026

1. About This Policy

Gobbill Australia Pty Ltd (ABN 16 622 628 666) (“Gobbill”, “we”, “us”, “our”) operates www.gobbill.com and associated payment, invoice automation and financial technology services.

We are committed to protecting personal information and sensitive information entrusted to us, particularly where our services support:

Regulated financial and payment transactions
Sensitive billing and service delivery data
NDIS participants and providers

We manage personal information in accordance with:

Privacy Act 1988 (Cth)
Australian Privacy Principles (APPs)
National Disability Insurance Scheme Act 2013 (Cth)
NDIS Code of Conduct
Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (where applicable)
Other applicable Australian financial services, payment and data security obligations

We implement privacy-by-design practices and maintain governance frameworks to ensure compliance with applicable privacy, financial services and disability sector regulatory obligations.

2. Scope

This policy applies to personal information collected, used, stored or disclosed by Gobbill through:

Our website and applications
Payment processing and bill automation services
NDIS plan management and sector services where applicable
Customer onboarding and identity verification processes
Communications and support services

3. Types of Information We Collect

Depending on services used, we may collect:

Identity and Contact Information

Name
Address
Email
Phone number
Date of birth (where required)

Financial and Payment Information

Bank account details
Card payment details processed via secure payment providers
Transaction history
Billing and invoice data

NDIS and Service-Related Information (Where Applicable)

Participant identifiers
Provider identifiers
Invoice and claim data
Support service billing information

This may constitute sensitive information under the Privacy Act where it relates to disability service delivery.

Technical and Usage Information

Device and browser data
IP address
Website usage analytics
Cookie identifiers

We only collect information reasonably necessary for our functions, activities or legal obligations.

4. How We Collect Information

We collect personal information:

Directly from you
From invoices and bills you authorise us to process
From service providers or partners with consent
From identity verification or payment providers
From publicly available sources where lawful

Where reasonable and practicable, we collect personal information directly from you or your authorised representative.

5. Why We Collect, Hold, Use and Disclose Personal Information

Service Delivery

Process invoices and payments
Provide financial automation services
Support NDIS billing and payment workflows
Manage customer accounts

Compliance and Legal Obligations

Financial services regulatory compliance
Anti-fraud and AML / CTF compliance
NDIS regulatory and reporting obligations

Security and Fraud Prevention

Detect suspicious or fraudulent activity
Protect participants, providers and financial systems

Communications

Service notifications
Customer support
Product updates and marketing (with consent)

6. Disclosure of Personal Information

We may disclose personal information to:

Payment processors and banking partners
Identity verification providers
Cloud and technology service providers
Professional advisers (legal, audit, compliance)
Government regulators and law enforcement where required
NDIS agencies where authorised or required

We require service providers to maintain appropriate privacy, confidentiality and data security safeguards.

7. Overseas Disclosure

All our key systems and data are hosted in Australia. Some service providers or cloud systems may store or process personal information outside Australia.

Where practicable, these locations may include countries such as:

United States
United Kingdom
European Union member states
Singapore or other Asia-Pacific data processing locations

Actual processing locations may change based on vendor infrastructure.

Where personal information is disclosed overseas, it may be subject to foreign laws, including laws requiring disclosure to government authorities.

We take reasonable steps to ensure overseas recipients implement safeguards consistent with Australian privacy standards.

8. Cookies and Tracking Technologies

We use cookies and analytics to:

Improve platform performance
Understand service usage
Maintain login sessions
Provide personalised experiences

You may disable cookies, but some services may not function fully.

9. Data Security

We implement technical, administrative and physical safeguards including:

Encryption of data in transit and at rest (where applicable)
Access controls and multi-factor authentication
Security monitoring and logging
Secure cloud hosting
Vendor security due diligence
Staff confidentiality and least-privilege access

We retain personal information only as long as required for legal, regulatory or business purposes.

10. Data Breaches

If an eligible data breach occurs, we will:

Assess and contain the breach
Notify affected individuals where required
Notify the Office of the Australian Information Commissioner where required

11. Access and Correction

You may request access to or correction of personal information.

Contact: gobbill@gobbill.com.au

We respond within reasonable timeframes in accordance with APP 12 and APP 13.

12. Complaints

If you have a privacy complaint:

Director — Gobbill
Email: gobbill@gobbill.com.au

We will:

Acknowledge complaints promptly
Investigate and respond within a reasonable timeframe

If unresolved, you may contact:

Office of the Australian Information Commissioner
www.oaic.gov.au

13. Third Party Websites

We are not responsible for third-party privacy practices.

14. Changes to This Policy

We may update this policy periodically. Updates will be published on our website.

15. Contact Us

Gobbill Australia Pty Ltd
ABN 16 622 628 666
www.gobbill.com
Email: gobbill@gobbill.com.au