Every agreement, policy, and statement that governs how we run roc.up and how we handle your data. Written to read clearly without losing the legal precision.
How we collect, store, use, and disclose personal information — including the sensitive health information of NDIS participants. Aligned with the Australian Privacy Act 1988, the Australian Privacy Principles (APPs), and the Notifiable Data Breaches scheme.
Read the Privacy Policy › SubscriptionThe terms under which roc.up is made available — trial, billing, your data and our service, support, termination, AI features, liability, and governing law (New South Wales, Australia).
Read the Terms › Data ProcessingFor customers who need a formal DPA — defines roc.up's role as data processor acting on the customer's behalf, the categories of data, sub-processors, security measures, data-subject request handling, and breach response.
Read the DPA › Acceptable UseWhat customers can — and can't — do with the service. Covers prohibited content, anti-abuse, account security, fair-use thresholds, and reverse engineering.
Read the AUP ›Where your data lives, how it's encrypted in transit and at rest, how we control access, what we audit, how we back up, and how we'd respond to an incident.
See our security posture › Sub-processorsThe third-party services we use to deliver roc.up — what each does, what data they touch, and where they're hosted. Updated whenever we add or change one.
See the live list › Service LevelOur uptime target, maintenance window policy, support response times, and the service credits available if we miss a commitment.
Read the SLA › AccessibilityOur commitment to WCAG 2.1 AA, the areas we're still working on, and how to give us feedback if you hit a barrier using roc.up.
Read the statement ›For privacy enquiries, data-subject requests, compliance questions, or anything legal:
Not satisfied with our response on a privacy matter? You can escalate to the Office of the Australian Information Commissioner (OAIC) — oaic.gov.au or 1300 363 992.