Privacy Policy - Fielddynamix

Effective Date: 11 March 2026
Last Updated: 11 March 2026

1. Introduction

This Privacy Policy describes how Fielddynamix ("we", "us", "our") collects, uses, stores, shares, and protects personal information through the Fielddynamix mobile and web application ("the App").

Fielddynamix is a digital field operations platform designed for the mining and construction industries. The App enables companies to manage equipment, complete safety forms, track maintenance, and streamline daily field operations.

We are committed to protecting your privacy and handling your personal information in compliance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Google Play Store Developer Program Policies.

2. Information We Collect

2.1 Personal Information You Provide

Data Type	When Collected	Purpose
Email address	Account creation (by your company administrator)	Authentication and account identification
Full name	Account creation (optional)	Display in the App and on submitted forms
Password	Account setup and login	Authentication (hashed, never stored in plain text)
Role and supervisor status	Account creation	Access control and permissions

2.2 Form Submission Data

When you complete forms in the App, we collect the data you enter. The App supports the following form types:

Heavy Vehicle Prestart Checklist
Light Vehicle Prestart Checklist
Equipment Prestart Checklist
Take 5 Risk Assessment
Job Hazard Analysis (JHA)
Hazard Report
Maintenance Form
End of Shift Report
Parts Request
Contractor Timesheet

Form submissions may include:

Safety checklist responses (pass/fail items, fault categories)
Equipment readings (hour meters, odometer, tonnage)
Shift and crew information
Hazard descriptions and risk assessments
Work descriptions and maintenance actions
Time entries and work logs
Comments, notes, and action items

2.3 Photos and Signatures

Data Type	How Collected	Purpose
Photos	Device camera or photo gallery	Documenting equipment condition, hazards, and completed work
Digital signatures	On-screen signature drawing	Operator and technician sign-off on forms

2.4 Equipment and Operational Data

Machine details (name, asset code, type, make, model, serial number, status)
Machine parts catalogue (part numbers, specifications, brands)
Site information (site name, site code)
Company information (company name, company code)

2.5 Technical and Device Data

Data Type	Collected?	Details
Network connectivity status	Yes	Used to determine online/offline mode. Not stored or transmitted.
Device type and OS version	No	Not collected by the App
IP address	No (by the App)	May be logged by our infrastructure provider (Supabase) as part of standard server operations
Location / GPS data	No	Not collected
Device identifiers (IMEI, MAC)	No	Not collected
Crash reports or analytics	No	No analytics or crash reporting tools are integrated

2.6 Data We Do NOT Collect

Location or GPS data
Biometric data (fingerprint, facial recognition)
Health or medical data
Financial or payment information
Device identifiers (IMEI, MAC address)
Browser history or app usage analytics
Advertising identifiers
Contact lists or call logs

3. How We Collect Information

Directly from you: When you fill in forms, upload photos, draw signatures, or update your profile within the App.
From your company administrator: Your account (email, name, role) is created by your company's administrator using the App's user management feature.
Automatically: Network connectivity status is checked to enable offline functionality. This data is not stored or transmitted.

4. Why We Collect Your Information

We collect and use personal information for the following purposes:

Purpose	Data Used
Account creation and authentication	Email, password, name, role
Providing the service (form submission, equipment management)	All form data, photos, signatures, equipment data
Safety compliance and regulatory record-keeping	Prestart checklists, hazard reports, JHAs, risk assessments
Maintenance tracking and parts management	Maintenance forms, parts requests, equipment data
Operational reporting (shift reports, timesheets)	End of shift reports, contractor timesheets
Email notifications to designated recipients	Form submissions routed via configured mail routes
Offline functionality	Cached company, site, machine, and submission data stored locally on your device
PDF report generation	Form data and photos compiled into downloadable reports

5. Data Sharing and Third Parties

5.1 Who Can Access Your Data

Recipient	What They Can Access	Why
Your company administrators	All data within your company (forms, machines, user profiles)	Company management and compliance
Other users in your company	Form submissions and equipment data for your company's sites	Operational collaboration
Configured email recipients	Form submission notifications	Mail routes configured by your company administrator

5.2 Service Providers

We use the following third-party service providers to operate the App:

Provider	Purpose	Data Processed	Location
Supabase	Backend database, authentication, file storage, and serverless functions	All application data (personal info, forms, photos, signatures)	Cloud-hosted infrastructure
Cloudflare	Web application hosting and content delivery	Web traffic data (standard HTTP request logs)	Global CDN
Google Fonts	Typography (Poppins font)	Standard HTTP request to load font files	Google servers

5.3 We Do NOT

Sell your personal information to any third party
Share your data with advertisers or marketing platforms
Use your data for profiling or targeted advertising
Transfer your data to any party not listed above

6. Data Storage and Security

6.1 Cloud Storage

All application data is stored on Supabase-managed PostgreSQL databases and cloud storage buckets.
All data in transit is encrypted using HTTPS/TLS.
Database access is protected by Row Level Security (RLS) policies, ensuring users can only access data belonging to their company.
Authentication is managed by Supabase Auth with secure password hashing.
Sensitive operations (user creation) are handled server-side via Edge Functions with role-based access control.

6.2 Local Device Storage

When using the App on iOS or Android, certain data is stored locally on your device to enable offline functionality:

Cached data: Company, site, machine, and recent form submission data (last 48 hours) for offline access.
Drafts: Incomplete form data (text and selections only, not photos) saved locally until you submit or delete them.
Offline queue: Form submissions created while offline, including locally stored photos and signatures, are queued and automatically synchronised when connectivity returns.
Preferences: Your theme mode (light/dark) and accent colour preference.

Local data is stored using platform-standard mechanisms (SharedPreferences and the app's private file directory). This data is only accessible to the Fielddynamix App and is removed when you uninstall the App.

6.3 Security Measures

HTTPS/TLS encryption for all data in transit
Supabase-managed encryption at rest for database and storage
Row Level Security (RLS) policies enforcing company-scoped data access
Role-based access control (super admin, admin, operator)
Server-side validation for sensitive operations (form submissions, user creation)
JWT-based authentication with automatic token refresh
No third-party analytics or tracking tools that could expose data

7. Data Retention

Data Type	Retention Period	Reason
User account (email, name, role)	Until account deletion is requested	Required for service operation
Form submissions	Retained indefinitely while company account is active	Safety compliance and regulatory record-keeping obligations in the mining and construction industries
Photos and signatures	Retained with their associated form submission	Part of the compliance record
Equipment data	Retained while company account is active	Operational continuity
Local cached data	48 hours (submissions) or until app cache is cleared	Offline functionality
Drafts	Until you submit or manually delete them	User convenience
Offline queue items	Until successfully synchronised (max 10 retry attempts)	Data integrity

Regulatory note: In the Australian mining and construction industries, safety records (including prestart checklists, hazard reports, and risk assessments) may be subject to mandatory retention periods under state and territory Work Health and Safety legislation. We retain form submissions to support our customers' compliance obligations.

8. Your Rights

Under the Australian Privacy Principles, you have the following rights regarding your personal information:

8.1 Right to Access

You can access your personal information at any time through the App (My Profile screen, form submission history). You may also request a copy of your personal information by contacting us.

8.2 Right to Correction

If your personal information is inaccurate, incomplete, or out of date, you may request correction by contacting your company administrator or by contacting us directly.

8.3 Right to Deletion

You can request deletion of your account and personal data:

In-app: Via the "Delete My Account" option in My Profile.
By email: Contact rico@fielddynamix.com with your deletion request.

See Section 9 for full details on account deletion.

8.4 Right to Complain

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us at rico@fielddynamix.com. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

9. Account Deletion

9.1 How to Request Deletion

You can request deletion of your account and all associated personal data through either of these methods:

In the App: Go to My Profile and select "Delete My Account".
By email: Send a request to rico@fielddynamix.com from the email address associated with your account.

9.2 What Happens When You Delete Your Account

When your account is deleted, the following data is permanently removed:

Your authentication credentials (email and password)
Your user profile (name, role, company association)
Your theme and display preferences
Any saved drafts
Any pending offline submissions

9.3 Data We May Retain After Deletion

The following data may be retained after account deletion for legitimate compliance and safety purposes:

Historical form submissions: Safety records such as prestart checklists, hazard reports, and risk assessments may be retained as required by Work Health and Safety legislation. Your name may appear on these records as the submitting operator.
Photos and signatures on submitted forms: Retained as part of the compliance record.

This retention is necessary to support our customers' legal obligations under Australian Work Health and Safety laws. Retained records are anonymised where possible.

9.4 Deletion Timeline

Account deletion requests are processed within 30 days. You will receive confirmation by email when deletion is complete.

10. International Data Transfers

Your data is processed and stored using Supabase's cloud infrastructure. This may involve your data being stored on servers located outside of Australia.

Where your data is transferred internationally, we ensure that appropriate safeguards are in place in accordance with Australian Privacy Principle 8, including:

Our service providers maintain security practices and contractual obligations that provide a comparable level of protection to the Australian Privacy Principles.
Data in transit is encrypted using industry-standard HTTPS/TLS protocols.

11. Children's Privacy

Fielddynamix is a business-to-business application designed for use by employees and contractors in the mining and construction industries. The App is not directed at, and is not intended for use by, individuals under the age of 18.

We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a person under 18, we will take steps to delete that information promptly.

12. Cookies and Tracking Technologies

The Fielddynamix App does not use:

Cookies for tracking or advertising purposes
Third-party analytics tools (such as Google Analytics, Firebase Analytics, or similar)
Advertising SDKs or tracking pixels
Fingerprinting or cross-device tracking technologies

The App uses authentication tokens (JWT) managed by Supabase for session management. These are functional tokens required for the App to operate and are not used for tracking.

When accessing the web version of the App, standard HTTP server logs may be recorded by our hosting provider (Cloudflare). These logs are managed by Cloudflare in accordance with their own privacy policy.

13. Automated Decision-Making

Fielddynamix does not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

The App applies rule-based logic within forms (for example, flagging a machine as unsafe to operate based on checklist responses), but these are deterministic safety rules configured by the customer and are always visible and overridable by the user.

14. Device Permissions

Permission	Platform	Purpose	When Used
Camera	iOS, Android	Capturing photos for form submissions and scanning QR codes on equipment	Only when you actively take a photo or scan a QR code
Internet	All platforms	Communicating with the backend (Supabase) for data synchronisation	Whenever the App is connected to the internet
File storage	iOS, Android	Storing offline form data, cached data, and queued photos/signatures	Offline mode and draft saving

The App does not request or use location, microphone, contacts, phone, or any other device permissions beyond those listed above.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

The "Last Updated" date at the top of this page will be revised.
Material changes will be communicated through the App or by email to registered users.
Continued use of the App after changes are posted constitutes your acknowledgement of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or want to lodge a complaint, please contact us:

Email: rico@fielddynamix.com
Business: Fielddynamix (operated by RS Software, ABN 99 159 631 004)
Location: Perth, Western Australia, Australia

For privacy complaints that are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.