Privacy Policy

1. Introduction

SitRep Reporting ("we", "us", "our") is committed to protecting the privacy of all users of our incident reporting platform. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

We collect the following types of personal information through our platform:

• Officer full names and security licence numbers
• Incident details including date, time, location, and descriptions
• Photographs related to incidents
• Digital signatures
• Organisation contact information (email addresses)
• Site names and locations

This information is collected when officers submit incident reports through the public reporting form, and when organisations configure their accounts.

3. How We Store Your Data

We take data security seriously and implement industry-standard measures to protect your information:

• Primary data storage: All incident reports, photos, signatures, and organisation data are stored in Supabase, hosted on Amazon Web Services (AWS) in the ap-southeast-2 region (Sydney, Australia). Your data never leaves Australian soil except as noted below.
• Encryption: All data is encrypted at rest and in transit using industry-standard TLS/SSL encryption.
• Access controls: Strict row-level security policies ensure that organisations can only access their own data.

4. Email Data Sovereignty

5. Who Has Access to Your Data

Access to incident report data is strictly limited:

• The organisation that created the report form has full access to all submissions made through their forms
• Additional email recipients designated by the organisation receive copies of submitted reports
• SitRep Reporting staff do not access your data except as required for technical support or legal compliance
• We do not sell, rent, or share your data with third parties for marketing purposes

6. Data Retention

We retain your data for as long as your organisation maintains an active account. Organisations have full control over their data and can permanently delete individual reports at any time through the dashboard. When a report is deleted, all associated photos and signatures are also permanently removed from our systems.

If an organisation account is deactivated, submissions are moved to an archived state and can be permanently deleted by the organisation before final account closure.

7. Your Rights

Under the Australian Privacy Act 1988 and APPs, you have the right to:

• Access your personal information held by us
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information (subject to legal retention requirements)
• Complain about a breach of privacy

If you are a field officer, please contact your organisation directly to exercise these rights, as they are the data controller for reports submitted through their forms.

8. Cookies and Tracking

We use essential cookies to maintain user sessions for authenticated organisation accounts. We do not use third-party tracking or analytics cookies. The public report form does not require cookies and can be used anonymously.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify organisations of material changes via email. Continued use of the service after such changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au