Privacy Policy

PatrolX is a software-as-a-service platform operated by Asha Information Tech Pty Ltd(ABN 35 680 112 378) of 427 Maracana Avenue, Manor Lakes VIC 3024, Australia (“PatrolX”, “we”, “us”, or “our”). The Service helps companies in physical security, logistics, delivery, and related field-operations industries coordinate mobile workers and the end-user communities they serve, and is supplied on a business-to-business basis. Our contact address for privacy-related enquiries is info@patrolx.com.au.

This policy explains what personal information we collect through the PatrolX web admin application (at patrolx.vercel.app) and the PatrolX mobile applications (iOS and Android), how we use it, who we share it with, and your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

These are our privacy commitments. Our Terms of Use describe the wider agreement between you and us for your use of the Service.

We only collect information that is necessary to operate the PatrolX service:

• Account details — full name, email address, phone number, residential or work address, assigned suburb, and user role (subscriber, officer, security admin, or super admin). Account records are created by an authorised security admin; the service is not available for public self-registration.
• Subscription status (subscribers only) — whether your subscription is active and its expiry date.
• Incident reports— text content, category, timestamp, and any photos you choose to attach. Photos are taken with your device's camera or selected from your device's photo library only when you actively trigger the relevant action.
• Authentication data— encrypted credentials managed by our authentication provider (see section 5) and a session token stored in your device's secure storage (Apple Keychain on iOS, Android Keystore on Android).
• Basic request logs — API and database logs retained by our infrastructure providers for security monitoring and incident diagnosis. These do not include incident photo contents.

We do not collect your precise location or GPS coordinates, advertising identifiers, browsing history outside the PatrolX application, or any sensitive information (as defined by the Privacy Act) such as health, political, or religious information.

We use your personal information solely to:

• Create and administer your PatrolX account;
• Let you report and review incidents within your assigned suburb;
• Let authorised security personnel respond to and audit incidents;
• Send you service emails (account activation, password reset, daily reports);
• Keep the service secure, investigate abuse, and meet our legal obligations.

We do not use your personal information for advertising, profiling, or automated decision-making.

The PatrolX mobile application requests two device permissions, and only when you actively choose to attach a photo to an incident report:

• Camera — to take a new photo for an incident report.
• Photo library — to select an existing photo for an incident report.

We do not request location, microphone, contacts, calendar, or notification permissions in this release. You can revoke camera or photo-library access at any time from your device's system settings; the rest of the application will continue to function.

We only share your information with service providers who help us operate PatrolX, and only to the extent required for the service to function:

• Supabase (Supabase, Inc.) — hosts our database, authentication, and file storage. Data is processed in the Sydney (ap-southeast-2) region.
• Vercel (Vercel, Inc.) — hosts the PatrolX web admin application.
• Resend (Resend Inc.) — sends our transactional emails (account activation, password reset, daily incident reports).

We do not sell your personal information. We do not share your information with advertisers, data brokers, or analytics providers. We may disclose information if required by law, by court order, or to protect the rights and safety of users.

Account and incident records are retained while your PatrolX account is active. If your account is deactivated, your personal information is retained for up to 12 months for audit, dispute resolution, and regulatory compliance, after which it is deleted or anonymised unless a longer retention period is required by law.

You can request earlier deletion at any time (see section 8). Incident records referenced in an active investigation or legal matter may be retained longer where lawful.

We protect your information with measures including:

• TLS encryption for all data in transit;
• Encrypted storage for passwords (one-way hashed) and session tokens;
• Row-level security policies that restrict data access to your assigned suburb;
• Privileged administrative operations that require multiple role checks;
• Security patches applied regularly to our dependencies.

No system is perfectly secure. If we become aware of a data breach that is likely to cause serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

Under the Australian Privacy Principles, you have the right to:

• Ask what personal information we hold about you;
• Ask us to correct inaccurate information;
• Ask us to delete your account and associated personal information;
• Complain if you believe we have mishandled your information.

Delete your account — in the mobile app. Subscribers and patrol officers can permanently delete their PatrolX account from the PatrolX mobile app: Profile → Delete my account. You will receive a confirmation email and be signed out. Deletion is immediate and cannot be undone.

Delete your account — via the web, without signing in. If you cannot sign in, visit patrolx.vercel.app/account/delete, enter your email, and confirm using the 6-digit code we send you. Accounts for admin roles (security admin, super admin) cannot be deleted through the public page and must be managed by another super admin via the web dashboard.

What is deleted.Your profile, photos, and comments are removed immediately. Incident reports you posted as a patrol officer remain in the suburb record for audit, with your name removed (shown as “Deleted user”).

To exercise any other right, or for help with deletion, email info@patrolx.com.au. We will respond within 30 days. If you are not satisfied with our response, you can lodge a complaint with the OAIC at oaic.gov.au.

PatrolX is intended for use by adults aged 18 years or over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us and we will delete it.

Your personal information is stored in Australia (Sydney, ap-southeast-2). Our email provider (Resend) may process email delivery metadata in the United States. Where information is transferred overseas, we take reasonable steps to ensure it is handled in accordance with the Australian Privacy Principles.

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated in-app or by email. Continued use of PatrolX after a change constitutes acceptance of the updated policy.

PatrolX is a product of Asha Information Tech Pty Ltd. We may transfer the operation of the Service, and our obligations under this policy, to a related body corporate (including PatrolX Technologies Pty Ltd) or to any successor entity that continues to operate the Service, without changing the substance of your privacy protections. We will notify you of any such transfer by email or in-app notice. Your rights under the Privacy Act 1988 and the Australian Privacy Principles are unaffected.

For any privacy question, to exercise your rights under this policy, or to report a suspected privacy incident, email info@patrolx.com.au or write to us at:

Asha Information Tech Pty Ltd
427 Maracana Avenue
Manor Lakes VIC 3024
Australia