1. Introduction & Acceptance

MyHazMate Pty Ltd (ABN to be registered) ("MyHazMate", "we", "us", or "our") operates the MyHazMate mobile application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

BY DOWNLOADING, INSTALLING, OR USING THE SERVICE, YOU EXPRESSLY CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE, DO NOT USE THE SERVICE.

Your continued use of the Service following the posting of changes to this Privacy Policy will constitute your acceptance of such changes. We reserve the right to modify this policy at any time without prior notice.

2. Information We Collect

We collect information that you provide directly and information collected automatically through your use of the Service.

2.1 Information You Provide

Company name, ABN/ACN, and business registration details
Full names and email addresses of all registered users
Site/location addresses including street address, suburb, state, and postcode
Password (stored as a cryptographic hash — we cannot retrieve your original password)
Hazardous materials data including product names, manufacturers, quantities, storage locations, and dangerous goods classifications
Photos of product labels submitted for AI analysis
Support tickets, feedback, and any communications with us

2.2 Automatically Collected Information

Device information (device type, operating system, unique device identifiers)
App usage data, activity logs, timestamps, and feature interactions
IP address and approximate geographic location
Crash reports and performance data
Subscription status and billing information (processed by third-party payment providers)

2.3 Information From Third Parties

Payment and subscription data from RevenueCat, Google Play, and Apple App Store
Safety Data Sheets retrieved from publicly available manufacturer sources
AI-processed data from Anthropic (Claude) and Perplexity AI services

3. How We Use Your Information

We use collected information for the following purposes:

To provide, operate, and maintain the Service
To process and manage your hazardous materials register
To automatically search for, retrieve, and manage Safety Data Sheets
To generate emergency QR codes that provide public access to your materials manifest
To send compliance reports, notifications, and service-related communications
To process subscription payments and manage billing
To provide customer support and respond to inquiries
To improve, personalize, and develop new features for the Service
To detect, investigate, and prevent fraudulent or unauthorized activity
To comply with legal obligations and enforce our terms
For any other purpose with your consent

4. AI Processing & Automated Decision-Making

IMPORTANT: MyHazMate uses artificial intelligence services including Claude (by Anthropic) and Perplexity AI to process product labels and search for Safety Data Sheets. By using the Service, you consent to this automated processing.

When you submit a photo for analysis:

The image is transmitted to third-party AI providers for processing
AI extracts text and product information from the image
We do not permanently store submitted images after processing
AI processing is automated — no human reviews your submitted images
AI results may contain errors, omissions, or inaccuracies

WE DO NOT GUARANTEE THE ACCURACY OF AI-PROCESSED DATA. YOU ARE SOLELY RESPONSIBLE FOR VERIFYING ALL INFORMATION BEFORE RELYING ON IT FOR SAFETY OR COMPLIANCE PURPOSES.

5. Data Storage, Security & International Transfers

Your data is stored and processed using the following infrastructure:

Supabase — Cloud database with row-level security policies
Supabase Storage — Encrypted cloud storage for SDS documents
HTTPS/TLS encryption — All data transmitted over encrypted connections
Cloudflare — DDoS protection, WAF, and security services

Passwords are hashed using SHA-256 cryptographic algorithm before transmission and storage. We never store or have access to plain-text passwords.

5.1 International Data Transfers

Your data may be transferred to, stored, and processed in countries other than Australia, including the United States, where our third-party service providers operate. These countries may have different data protection laws than Australia.

BY USING THE SERVICE, YOU CONSENT TO THE TRANSFER OF YOUR DATA TO COUNTRIES OUTSIDE AUSTRALIA, INCLUDING THE UNITED STATES AND OTHER JURISDICTIONS WHERE OUR SERVICE PROVIDERS OPERATE.

5.2 Security Limitations

While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You acknowledge and accept the inherent risks of providing information online.

6. Emergency Access & Public Disclosure

MyHazMate's core functionality includes generating QR codes that provide public, unauthenticated access to your hazardous materials manifest for emergency services.

CRITICAL: When you generate and display an emergency QR code, the following information becomes publicly accessible to ANYONE who scans the code — no login required:

Site name and address
All registered hazardous materials at that site
Material quantities and storage locations
Dangerous goods classifications and UN numbers
Links to Safety Data Sheets

This is an intentional design feature for emergency response. By using this feature, you consent to this public disclosure and accept full responsibility for:

The accuracy and completeness of disclosed information
Who has physical access to scan your QR codes
Any consequences arising from public access to this data

7. Third-Party Services & Data Sharing

We share your information with the following categories of third parties:

7.1 Service Providers

RevenueCat — Subscription and payment processing
Google Play Store / Apple App Store — App distribution and in-app purchases
Anthropic (Claude AI) — Document and label analysis
Perplexity AI — SDS document search
Supabase — Database and file storage
Cloudflare — Security and content delivery

7.2 Legal & Compliance Disclosures

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to:

Comply with applicable laws, regulations, or legal proceedings
Protect the rights, property, or safety of MyHazMate, our users, or the public
Detect, prevent, or address fraud, security, or technical issues
Respond to an emergency involving danger of death or serious physical injury

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

8. Data Retention & Deletion

We retain your data according to the following policies:

Active accounts: Data retained for the duration of your subscription plus 90 days
Cancelled accounts: Data retained for 90 days after cancellation, then permanently deleted
Activity logs: Retained for 2 years for compliance and audit purposes
SDS documents: May be retained indefinitely in our shared library to serve other users
Anonymized/aggregated data: May be retained indefinitely for analytics and service improvement

Upon account deletion request, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes as described above.

9. Your Rights & Choices

Subject to applicable law, you may have the following rights regarding your personal information:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data (subject to retention requirements)
Portability: Request export of your data in a machine-readable format
Objection: Object to certain processing of your personal data
Withdrawal of consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us via our contact form. We may require verification of your identity before processing requests. We will respond within 30 days, or as required by applicable law.

Note that exercising certain rights (such as deletion) may affect your ability to use the Service.

10. Cookies & Tracking Technologies

The MyHazMate mobile app does not use cookies. However, we may use:

Local storage (AsyncStorage) to store preferences and cached data on your device
Analytics SDKs that may collect usage data
Third-party services that may use their own tracking technologies

11. Children's Privacy

MyHazMate is a business application intended for use by adults in workplace settings. The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

12. Australian Privacy Principles

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). If you are an Australian resident and believe we have breached the APPs, you may lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

13. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time, for any reason, without prior notice. Changes are effective immediately upon posting the updated policy. The "Last updated" date at the top of this page indicates when the policy was last revised.

Your continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.

14. Contact Information

For privacy-related inquiries, complaints, or to exercise your rights, please use our contact form:

Contact Form: myhazmate.com.au/contact

We will acknowledge receipt of your inquiry within 5 business days and aim to respond substantively within 30 days.