This Privacy Policy explains how Emergency Response Alliance Pty Ltd (“ERA”, “we”, “us”, “our”) collects, uses, stores and discloses personal information when you use our mobile application (iOS and Android) and related services (together, the “Services”).
By using the Services, you consent to the practices described in this Privacy Policy.
The Services are commonly used through an organisation (e.g., your employer, building owner/manager, contractor host). If your account is provisioned or managed by an organisation, that organisation may control your access, roles and what data it can view or export. We handle data to provide the Services to that organisation and its users, and some requests (e.g., deletion of workplace records) may need to be made via your organisation’s administrator.
We collect information in three ways: (a) you provide it, (b) we collect it automatically when you use the app, and (c) your organisation/admin may provide it to set up your account and roles.
Name, email address, phone number, display name and profile/avatar image.
Content you submit in the Services, including incident/emergency reports, hazard reports, tasks, checklists, notes, attachments and acknowledgements.
Photos, audio recordings/voice notes and uploaded documents you choose to capture/upload.
Device information (device model, OS name/version, app version), IP address, permission status flags, and diagnostic information.
App interaction/usage telemetry, such as screen views, actions taken, timestamps and related incident IDs.
Push notification identifiers/tokens used to deliver notifications.
Because the Services are designed for safety and emergency coordination, we may collect:
Real-time GPS coordinates (when permitted).
Geofence events (enter/exit/dwell), location history and online/offline presence status (when enabled).
Assembly point proximity and incident participation context to support evacuation workflows.
You can control location permissions in your device settings. Some safety features may not function without location.
Message content, sender details and timestamps for in-app chat and coordination features.
Weather data associated with emergency events (for situational awareness and reporting).
The app requests permissions to enable core safety functions. You can grant/deny permissions at any time in device settings, however some features may not work if you deny a permission.
Common iOS permissions may include: camera, microphone, photo library, location “When In Use” and “Always”, Face ID, Bluetooth, motion, Critical Alerts, and background modes (e.g., location/audio/Bluetooth) where enabled for safety workflows.
Common Android permissions may include: camera, microphone/record audio, fine/coarse/background location, Bluetooth connect/scan, foreground services, post notifications, storage access (as applicable), wake/lock screen behaviour for urgent alerts, boot completed, exact alarms, vibration, and network state.
Note: Android devices may expose an “Advertising ID” through Google Play Services dependencies; ERA does not use this for advertising or ad targeting.
We use information to:
1. Provide the Services and keep them working (authentication, account management, storage, syncing, availability).
2. Support emergency response and WHS workflows, including incident coordination, communications, notifications, warden/task assignment, and safety status tracking.
3. Deliver notifications, including emergency alerts and operational messages.
4. Improve reliability and performance using diagnostics and telemetry.
5. Meet legal, regulatory and safety obligations, and protect users and the public.
We do not sell your personal information. We do not use your personal information for third-party targeted advertising.
If you use ERA through an organisation, your organisation’s authorised administrators may access information necessary to manage safety, compliance and emergency response, including incident participation, tasks, acknowledgements, and associated content, subject to role-based access.
We use trusted service providers to operate the Services (hosting, storage, notifications, real-time communications, mapping, app update delivery). They are contractually required to protect information and use it only to provide services to us.
Key providers may include (and the type of data involved):
AWS (Amplify/Cognito/AppSync/S3) for authentication, database and file storage.
OneSignal for push notifications (including iOS Critical Alerts where enabled).
Pusher for real-time WebSocket communication.
Google APIs (e.g., Maps) for map tiles/geocoding and related requests.
Firebase/FCM (Android) for push delivery and related services.
Expo for over-the-air updates and app metadata handling.
Datadog is currently disabled; if enabled in future, it may process error/performance telemetry.
In an emergency, we may share relevant information (which may include location and incident details) with emergency responders and authorities to provide assistance and support, or where required/authorised by law.
We may disclose information to comply with law, regulation, court order, enforceable request, or to investigate and prevent fraud, security incidents, or harm.
Primary hosting: Our backend infrastructure is hosted on AWS in Sydney, Australia (ap-southeast-2).
Overseas processing: Some third-party SDKs transmit limited data to servers in the United States, for example push notification delivery, real-time messaging, mapping requests, and OTA update services.
Where we disclose information overseas, we take reasonable steps to ensure recipients handle information in a manner consistent with this policy and applicable privacy laws.
If we offer AI-assisted analysis features, a third-party LLM provider may process user-uploaded content “offshore” (outside Australia) only when you explicitly consent to that processing. If you do not consent, that content will not be sent for LLM analysis.
To support operations during connectivity loss, the app may store certain data locally on your device (e.g., cached records and queued events) and synchronise when you reconnect.
We take reasonable steps to protect personal information from misuse, interference and loss, and unauthorised access, modification or disclosure, including access controls and secure transmission. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Operational retention: We keep personal information for as long as needed to provide the Services, support safety/compliance workflows, and meet legal and security obligations.
Archiving: Some data is “soft deleted” (archived) rather than immediately hard-deleted. This supports auditability and organisational record-keeping.
Account deletion: You can request account deletion via the Settings screen (current flow: Google Form submission) and/or by contacting us.
When we action deletion requests, we will take reasonable steps to delete or de-identify personal information unless we must retain it for legal, security, safety, or legitimate business purposes (e.g., incident records retained by an organisation).
Backups and logs: Some information may remain in backups for a limited period until overwritten in ordinary course.
You may:
Access and correct personal information we hold about you.
Request deletion (subject to the retention notes above and organisational controls).
Control device permissions (location, camera, microphone, Bluetooth, notifications).
Opt out of non-essential communications (we may still send critical service and emergency messages).
To exercise these rights, contact us using the details below.
If you have a complaint about how we handle personal information:
1. Contact us with details of your complaint.
2. We will acknowledge your complaint and aim to respond within 30 days.
3. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).
We may update this Privacy Policy from time to time. If changes are material, we will update the “Last Updated” date and may provide additional notice in-app or via the Services. We encourage you to review it periodically.
For questions, access/correction requests, deletion requests, or complaints:
Email: help@erasafety.net
Emergency Response Alliance Pty Ltd
C/- SUPERIOR BUSINESS & TAX
SUITE 1
37A BRANDON STREET
SOUTH PERTH, WA 6151