Privacy Policy

This Privacy Policy describes how National Restoration Professionals Group Pty Ltd (ABN 85 151 794 142), trading as Disaster Recovery Australia ("we", "us", "our"), manages personal information collected through our website disasterrecovery.com.au and our claim intake and contractor matching services.

We are bound by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy sets out how we meet our obligations under APPs 1–13.

By using our website or submitting a claim through our platform, you agree to the collection and use of your personal information as described in this policy.

We collect personal information that is reasonably necessary to match you with a certified restoration contractor and to support your insurance claim process. This includes:

• Identity information — full name
• Contact information — phone number, email address
• Property information — street address, suburb, state, postcode, property type
• Damage information — description of damage, affected areas, date of damage, photographs
• Insurance information — insurance company name, policy number, claim number, excess amount
• Payment information — payment card details processed by our payment provider (Stripe). We do not store card numbers.
• Communication records — records of your interactions with our platform and the assigned contractor

We collect this information directly from you when you submit a claim through our platform (APP 3). We do not collect sensitive information (as defined by the Privacy Act) unless it is necessary for your claim and you have consented to its collection.

Where it is lawful and practicable to do so, you may use our website anonymously or by pseudonym (APP 2). However, the claim intake process requires identification to enable contractor matching and insurance liaison.

We collect personal information for the following primary purposes:

• Matching your claim with a certified IICRC restoration contractor in our network
• Enabling the assigned contractor to contact you and schedule an inspection
• Enabling the contractor to liaise with your insurer on your behalf (where authorised)
• Processing the platform fee payment via Stripe
• Maintaining records of completed restoration work for warranty and compliance purposes
• Improving our platform and contractor matching processes
• Complying with our legal obligations

We will not collect personal information that is not reasonably necessary for one of these purposes (APP 3.3).

We use and disclose your personal information only for the primary purposes for which it was collected, or for related secondary purposes that you would reasonably expect.

Your personal information may be disclosed to:

• The assigned NRPG contractor — who receives your contact details, property address, damage description, and insurance details to perform the restoration work
• Your insurance company — where you have authorised the contractor to liaise with your insurer
• Stripe — our payment processor, which receives payment card data to process the platform fee. Stripe operates under its own privacy policy.
• Our technology providers — cloud hosting, database, and email delivery services that process data on our behalf under data processing agreements
• Regulatory and government bodies — where required by law, including the OAIC, AFCA, or courts

We do not sell, rent, or trade your personal information to third parties for marketing purposes (APP 7).

Some of the technology providers we use to operate our platform may store or process data outside Australia — including cloud infrastructure providers operating in the United States and other jurisdictions. Where we disclose personal information to overseas recipients, we take reasonable steps to ensure those recipients handle your information in a manner consistent with the Australian Privacy Principles, including through contractual data processing agreements.

By using our platform, you consent to the potential disclosure of your personal information to overseas recipients for the purpose of operating our services, where such disclosure is necessary.

Our platform includes a multilingual interface powered by an AI language model — specifically Gemma 4, developed by Google DeepMind and accessed via Google's generative AI services. This model is used solely to translate UI text, page headings, form labels, and informational content into 23 languages, enabling users across the Asia-Pacific region and beyond to access our services in their preferred language.

What the AI model does and does not process: The translation feature sends page content and interface strings to the AI model. It does not send your personal information — including your name, address, contact details, damage description, insurance information, or claim details — to the AI model. Personal information you submit through our claim intake form is handled entirely within our own systems and is not passed to any AI translation service.

Contractor matching and automated decisions: Matching your claim with an NRPG network contractor is performed by our internal contractor matching system based on location, damage category, and contractor availability. This process does not constitute automated decision-making that has a legal or similarly significant effect on you. A human contractor reviews your claim details and makes all decisions relating to the provision of restoration services. No automated system determines your entitlements, your insurance outcome, or the scope of work — those decisions rest with the contractor and your insurer.

Cross-border processing: Google's AI services process translation requests on servers that may be located outside Australia, including in the United States. This processing is limited to UI strings and informational content (not personal information), and is consistent with the cross-border disclosure above (APP 8). We rely on Google's data processing agreements and contractual safeguards to ensure appropriate handling of any data transmitted to these services.

This disclosure is made in accordance with APP 3 (transparency about collection practices) and APP 8 (cross-border disclosure), and reflects our commitment to transparency ahead of the Privacy Act amendments taking effect 1 July 2026.

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

• TLS encryption for all data transmitted through our website and API
• Access controls limiting personal information to authorised personnel and the assigned contractor
• Payment card data handled exclusively by Stripe — we do not store card numbers on our systems
• Database encryption at rest for stored personal information
• Regular security reviews of our platform infrastructure

Data retention: We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Claim records are typically retained for 7 years following completion of work to satisfy insurance and warranty obligations. You may request deletion of your personal information where we have no ongoing legal obligation to retain it (see "Your Rights" below).

Notifiable Data Breaches: We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act. If we become aware of an eligible data breach that is likely to result in serious harm to affected individuals, we will notify the OAIC and affected individuals as required.

You have the right to:

• Access the personal information we hold about you (APP 12)
• Correct personal information that is inaccurate, out of date, incomplete, or misleading (APP 13)
• Request deletion of your personal information where we have no ongoing legal obligation to retain it
• Make a complaint about how we handle your personal information

To exercise any of these rights, contact us through our contact form. We will respond to access and correction requests within 30 days. There is no charge for making a request, though we may charge a reasonable fee to cover the cost of providing access where permitted by law.

If we refuse an access or correction request, we will provide you with written reasons and information about how to complain to the OAIC.

If you believe we have handled your personal information in breach of the Australian Privacy Principles, you may lodge a complaint with us by using our contact form. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

Our website uses cookies and similar technologies to support site functionality and understand how visitors use the site. For detailed information about the cookies we use and how to manage them, see our Cookie Policy.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

This policy was last reviewed and updated on 8 April 2026 to reflect the removal of the Privacy Act small business exemption effective 1 July 2026, and in response to the OAIC's 2026 privacy compliance sweep targeting property-adjacent service sectors.