Privacy Policy

Last updated: November 2025

Attane Solutions ("we", "us", or "our") is committed to protecting the privacy of users of the DRIFT mobile application ("the App"). This Privacy Policy explains what information we collect, how we use it, and how we keep it secure. By using the App, you agree to the terms outlined below.

1. Information We Collect

The App may collect the following information:

  • Photos and images captured by the user
  • GPS location data (geotags)
  • Date and time metadata associated with captured images
  • User account information, including name and email address
  • Device details, such as device type and operating system
  • Usage analytics data
  • Crash reports and error logs

This information may include personal or sensitive data depending on the content captured.

2. How We Use Your Information

We collect and use data for the following purposes:

  • To allow users to capture and submit disaster damage evidence
  • To support creation of DRFA-compliant funding claims
  • To integrate captured evidence with the DRIFT web platform
  • To improve app performance, reliability, and user experience
  • To authenticate users and manage access permissions
  • To generate usage analytics for service improvements and billing
  • To produce training or promotional material (images used will never identify individuals unless consent is obtained)

3. Data Storage and Retention

  • All data is stored securely in AWS Cloud Storage within the Oceania region
  • Images and metadata are stored locally on the user's device only until successfully synced to the cloud
  • Once synced, large files are removed from the device to save storage space
  • We retain data only as required for operational, legal, or contractual purposes

4. Data Sharing

We may share information collected through the App with:

  • Government agencies involved in DRFA assessments or recovery processes
  • Analytics and operational service providers assisting in performance monitoring, support, or billing
  • Authorised partners where required to support DRFA-related workflows

We do not sell personal data to third parties.

5. User Accounts and Authentication

Access to the App requires a login provided by the user's organisation administrator. Authentication includes:

  • Email and password
  • Two-factor authentication (2FA)
  • Role-based access controls determining available features and permissions

6. Security Measures

We take reasonable precautions to safeguard your information, including:

  • Encryption of data in transit (HTTPS)
  • Encryption at rest within AWS
  • Role-based access controls
  • Audit logging for security and compliance
  • Regular review of systems for vulnerabilities

7. User Rights

Users may request:

  • Access to certain types of data
  • Correction of inaccurate information

Deletion or export of data is not available without express approval from Attane Solutions, and will be granted at our discretion, subject to operational and regulatory obligations.

8. Contact Us

For privacy-related enquiries or requests, please contact:

solutions@attane.com.au

9. Compliance

This Privacy Policy has been developed in accordance with the principles of the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also consider relevant state government contractual requirements relating to DRFA evidence and data handling.