Privacy Policy

Effective Date: 10 January 2025

Version 2.0

1. Introduction

Fulcrum Solutions Pty Ltd (ABN 12 693 958 539, ACN 693 958 539) ("Company", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the DigiDiary mobile application ("App").

This Privacy Policy complies with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the App, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, display name (optional), password (hashed and encrypted)
• Diary Content: Voice recordings (audio files), transcribed text entries, photos and images, timestamps and dates, entry metadata
• Location Data: GPS coordinates (when enabled), location accuracy data, location timestamps
• Professional Information: Railway network selection (Sydney Trains, ARTC, MTS), form preferences, worksite information (ARTC format), WPP ID and similar identifiers

2.2 Information Collected Automatically

• Device Information: Device type and model, operating system version, unique device identifiers, App version
• Usage Data: Feature usage statistics, recording duration, error logs and crash reports, performance metrics
• Technical Data: IP address, connection type, time zone, language settings

3. How We Use Your Information

3.1 Primary Purposes

We use your information to:

• Provide, operate, and maintain the App
• Process and store your diary entries
• Convert voice recordings to text using speech-to-text services
• Generate PDF documents from your entries
• Synchronise your data across devices
• Provide customer support

3.2 Secondary Purposes

We may also use your information to:

• Improve and optimise the App
• Analyse usage patterns and trends
• Detect and prevent fraud or abuse
• Comply with legal obligations
• Enforce our Terms of Service

4. Data Storage and Security

4.1 Data Storage Location

• Your data is stored on secure cloud servers located in the Australia/Sydney region
• Local data is stored on your device in encrypted form

4.2 Encryption

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS). API communications use industry-standard encryption protocols.
• Encryption at Rest: Data stored on our servers is encrypted using AES-256 encryption. Local device storage uses iOS Keychain and secure storage mechanisms. Audio files and photos are stored in encrypted containers.

4.3 Security Measures

We implement appropriate technical and organisational measures including:

• Access controls and authentication
• Regular security audits
• Intrusion detection systems
• Employee training on data protection
• Secure development practices

4.4 Data Breach Response

In the event of a data breach that is likely to result in serious harm, we will:

• Notify the Office of the Australian Information Commissioner (OAIC)
• Notify affected individuals as soon as practicable
• Take remedial action to contain the breach

5. Data Retention

5.1 Retention Period

• Active Account Data: Retained while your account is active
• Deleted Entries: Soft-deleted entries are permanently removed after 90 days
• Audio Recordings: May be automatically deleted after transcription processing, or retained for the duration specified in your settings
• Account Deletion: Upon account deletion, data is removed within 30 days, subject to backup cycles and legal requirements

5.2 Retention Period Changes

• The 90-day retention period is subject to change
• Changes will be notified through the App and updated in this Privacy Policy
• We will provide reasonable notice before reducing retention periods

5.3 Legal Retention

We may retain certain data beyond these periods where required by law, including for compliance with legal obligations, resolution of disputes, and enforcement of agreements.

6. Third-Party Services

6.1 Speech-to-Text Processing

• Voice transcription uses AI-powered speech recognition services
• Audio data may be transmitted to global AI service providers for processing
• We cannot guarantee whether your audio is processed locally on-device or transmitted externally - this depends on Apple's processing decisions and the transcription method selected
• When using Apple Dictation, processing is governed by Apple's privacy policy
• We do not use your audio for training AI models

6.2 Cloud Services

• Cloud Infrastructure: Authentication, database, and storage services hosted in Australia
• Apple App Store: App distribution and in-app purchases

6.3 Analytics

• We use analytics to understand App usage and improve the service
• Analytics data is aggregated and anonymised where possible
• You can opt out of analytics in App settings

7. Disclosure of Information

7.1 We May Disclose Your Information To:

• Service Providers: Third parties who assist in operating the App
• Legal Authorities: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: Where you have given explicit permission

7.2 We Will NOT:

• Sell your personal information to third parties
• Share your diary content with advertisers
• Use your data for targeted advertising
• Provide your data to your employer without your consent or legal requirement

8. Your Rights

Under Australian privacy law, you have the right to:

• Access: Request access to personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Data Portability: Request a copy of your data in a portable format (PDF export)
• Opt-Out: Opt out of analytics and tracking, marketing communications, and location services
• Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

9. Children's Privacy

• The App is not intended for use by individuals under 18 years of age
• We do not knowingly collect personal information from children
• If we become aware of such collection, we will take steps to delete the information

10. International Data Transfers

• Your data may be transferred to and processed in countries outside Australia
• We ensure appropriate safeguards are in place for international transfers
• By using the App, you consent to the transfer of your data to these jurisdictions

11. Cookies and Tracking

• The App does not use cookies in the traditional sense
• We may use device identifiers for analytics and functionality
• You can reset your device identifier through your device settings

12. Changes to This Policy

• We may update this Privacy Policy from time to time
• Material changes will be notified through the App
• The "Effective Date" at the top indicates when changes were last made
• Continued use after notification constitutes acceptance of the updated policy

13. Contact Us

For privacy-related inquiries or to exercise your rights, please contact:

14. Consent

By using DigiDiary, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.