Enrichly

Privacy Policy

Last updated: 20 May 2026

Enrichly (“Enrichly”, “we”, “us”, “our”) operates the Enrichly lifestyle activity platform for Australian aged care providers (the “Service”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. It is written to align with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy also serves as the privacy disclosure for our mobile, tablet, and TV applications listed in app marketplaces (including the Google Play Store).

1. Who this policy applies to

Enrichly is a business-to-business service. Our customers are aged care providers (facilities and home-care organisations) who use Enrichly to plan and run lifestyle activities for the people in their care. This policy covers:

  • Staff users — administrators, managers, lifestyle coordinators and other employees of our customers who hold an Enrichly account.
  • Residents and clients — people receiving care, whose information is entered into Enrichly by staff to support activity planning, participation tracking, and care documentation.
  • Website visitors — anyone visiting enrichly.com.au or related public pages.

2. Information we collect

2.1 Account information (staff users)

  • Name, email address, role, and the facility/company you belong to.
  • A securely hashed password (we never store passwords in plain text).
  • Profile preferences, permissions, and session activity within the app.

2.2 Resident information (entered by staff)

  • Identifying details: name, room number, date of birth, preferred name and pronouns.
  • Care-relevant information: care level (low/medium/high), interests, cultural and spiritual preferences, mobility or sensory considerations relevant to activity participation.
  • Participation records: activities attended, mood or engagement notes, dignity-of-risk decisions, and related lifestyle documentation.

Some of this information may be “sensitive information” under the Privacy Act (for example, health or cultural information). Enrichly only processes this information on behalf of the aged care provider, who is responsible for collecting it from residents or their representatives with appropriate consent.

2.3 Usage and device information

  • Log data: IP address, browser type, operating system, pages or screens viewed, actions taken, and timestamps.
  • Device data for paired TVs: a device identifier, pairing code, last-seen timestamp, and facility association. We do not collect microphone, camera, contacts, location, or call/SMS data from any device.
  • Cookies and similar technologies strictly necessary to keep you signed in and to remember your preferences.

2.4 Billing information

Subscriptions are processed by our payment provider (Stripe). We receive limited billing metadata (e.g. plan, status, last 4 digits of the card). Full card numbers are handled by Stripe and never stored on Enrichly systems.

3. How we use information

We use personal information to:

  • Provide and operate the Service, including activity planning, sessions, and reports.
  • Authenticate users and keep accounts secure.
  • Communicate with you about service changes, security alerts, and support requests.
  • Improve the Service by analysing aggregated, de-identified usage patterns.
  • Meet our legal, regulatory, and contractual obligations.

We do not sell personal information. We do not use resident information for advertising, profiling, or training third-party AI models.

4. How we share information

We share information only as needed to run the Service and only with parties that are bound by appropriate confidentiality and data-protection terms:

  • Supabase — database, authentication, and real-time infrastructure.
  • Vercel — application hosting and content delivery.
  • Cloudflare R2 — file and media storage.
  • Stripe — subscription billing and payments.
  • ElevenLabs — pre-generated audio assets used in games (no personal information is sent to ElevenLabs at runtime).
  • Email delivery providers — for transactional email such as invitations and password resets.

We may also disclose information when required by law, to enforce our terms, to protect the safety of users, or in connection with a corporate transaction (such as a merger or acquisition), in which case we will give you notice before your information becomes subject to a different privacy policy.

5. Where your information is stored

Enrichly primarily stores customer data in data centres located in Australia. Some sub-processors may process limited operational data in other regions (for example, the United States or European Union) to deliver their services. In all cases we use providers that offer contractual and technical protections consistent with the Privacy Act and the APPs, including APP 8 (cross-border disclosure).

6. How we protect information

  • All data is encrypted in transit (TLS) and at rest.
  • Database access is restricted by Row-Level Security so facilities cannot see each other’s data.
  • Access to production systems is limited to authorised personnel, protected by strong authentication, and logged.
  • We follow the principle of least privilege and review access regularly.

No method of transmission or storage is 100% secure. If we become aware of a data breach that is likely to result in serious harm, we will notify affected customers and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

7. How long we keep information

We retain personal information for as long as your organisation maintains an active Enrichly subscription, and for a reasonable period afterwards to meet legal, accounting, and audit obligations. Resident records are soft-deleted (archived) rather than hard-deleted by default, so providers can satisfy their own clinical and regulatory record-keeping requirements. On written request from the customer (data controller), we will permanently delete data within 30 days, subject to any legal obligation to retain it.

8. Your rights

Under the Privacy Act and the APPs, you have the right to:

  • Ask what personal information we hold about you.
  • Request correction of information that is inaccurate, out of date, or incomplete.
  • Request deletion of your account and associated personal information.
  • Withdraw consent for any optional processing.
  • Make a privacy complaint, including to the OAIC at oaic.gov.au.

If you are a resident or family member, please contact your aged care provider in the first instance — they are the data controller for resident records. We will support them in fulfilling your request.

9. Children

Enrichly is not intended for use by children. The Service is provided to adult staff members of aged care providers. We do not knowingly collect personal information from children under 15.

10. Mobile app permissions

Where Enrichly is distributed as a mobile or TV application, it may request the following permissions:

  • Network access — required to communicate with Enrichly servers.
  • Wake lock / screen-on — used by the TV display to prevent the screen from sleeping during an active session.

Enrichly does not request access to your camera, microphone, contacts, calendar, SMS, call logs, precise location, or device files. We do not collect advertising identifiers and we do not include third-party advertising SDKs.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify customers by email or via an in-app notice and update the “Last updated” date above. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact us

If you have questions about this policy or want to exercise any of your rights, please contact us:

Enrichly
Email: admin@enrichly.com.au
Australia