About this Policy

ShiftCore is operated from Australia. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the ShiftCore app. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

What We Collect

We collect only the information needed to provide the app and the features you choose to use:

• Your email address and name (for your account)
• Roster configuration (work days, off days, start date, shift hours)
• Pay cycle settings (frequency, income, pay day)
• Expiry and certification tracking data
• Bill tracking information
• Documents you upload to the vault
• Checklist preferences
• Isolation tracking data: lock session start and end times, GPS coordinates of the equipment site captured at lock-on, off-site alarm events, water log entries, and peak temperature recorded during a session
• Mining operator you identify as your employer (optional)

We collect this information directly from you when you set it up in the app. We do not collect personal information about you from any other source.

Camera and Location Permissions

ShiftCore may request camera access to scan documents and receipts, and location access to support the isolation tracking feature, which uses GPS to warn you if you leave site with your personal isolation lock still on equipment. Both permissions are optional. You can decline either and continue to use the rest of the app. Location is used only when the isolation tracking feature is active and is not transmitted to us as a continuous track.

How We Use Your Data

Your information is used to provide the ShiftCore service to you. Specifically:

• Display your roster, expiries, bills, and documents
• Run the isolation tracking feature, including the off-site alarm
• Send you push notification reminders (if enabled)
• Sync your data across your devices when you sign in
• Respond to your support requests

We may also include de-identified, aggregated activity data in worker safety statistics if you give your express consent. This is described in the Aggregated Worker Safety Data section below and is opt-in only.

Disclosure to Third Parties

We do not sell or rent your personal information. We disclose your information only:

• To service providers we use to run the app (such as Appwrite Cloud for backend hosting and RevenueCat for subscription handling), strictly to provide their part of the service to you and bound by their own privacy commitments
• To authorities or other parties where required by law (for example, in response to a valid court order)
• As described in the Aggregated Worker Safety Data section below, only with your express consent and only after de-identification

We do not disclose your individual data to your employer, mining companies, or any other commercial party.

Aggregated Worker Safety Data

Optional. Requires express consent.

ShiftCore is built primarily as a personal organisation tool for FIFO workers, covering rosters, expiries, vault storage, and isolation tracking. Individual user data is private and is not disclosed to employers, mining companies, or any other party.

Separately, with your express consent, ShiftCore may include your anonymised activity in collective statistics drawn across our user base. These statistics may include the number of workers using the isolation feature, the number of off-site alerts surfaced across the user community, the rate at which those alerts were resolved by the worker returning to lock off, and average session lengths. We use these aggregates to inform conversations with mining companies, industry bodies, and regulators about FIFO worker safety practices.

What is aggregated

Counts, totals, averages, and percentages drawn across the entire opted-in user base, or subsets of it (such as workers who identify as employees of a particular mining operator).

What is never shared

Your name, email address, phone number, GPS coordinates, individual session timestamps, roster pattern, or any other information that could identify you personally. All identifying information is stripped before any aggregation is performed.

Your rights

Consent is opt-in only. By default, none of your data enters any aggregate. You can grant or revoke consent at any time through the app, in Settings under Privacy. Revoking consent stops all future aggregation immediately. You may also request deletion of your account and all associated data at any time by emailing support@myrnr.au.

Legal basis

This use of your information is based on your express consent under the Australian Privacy Principles, in particular APP 3 (collection of solicited personal information), APP 5 (notification of collection), and APP 6.1(a) (use or disclosure with consent for a secondary purpose). Once de-identified, the resulting aggregate data is no longer personal information as defined in section 6 of the Privacy Act 1988 (Cth). Each consent is recorded with a timestamp and version reference, so we can re-prompt you if our aggregation practices ever materially change.

Data Storage and Security

Your data is stored on Appwrite Cloud's Sydney, Australia infrastructure. Connections between your device and our infrastructure are encrypted in transit using HTTPS / TLS, and data is encrypted at rest. Passwords are hashed using industry-standard algorithms and are never stored in plain text. Document-level access controls are in place so that only you can read your roster, bills, expiries, vault files, and isolation tracking data through the app.

We do not access, view, or use your personal data except where you have explicitly consented (for example, to allow us to debug a support issue you have raised), or where required by law. We take reasonable steps to protect your information from misuse, interference, loss, and unauthorised access, modification, or disclosure, in line with APP 11.

International Transfers

A small number of supporting services we use (for example, RevenueCat for subscription handling, and email delivery providers for transactional messages) may process limited information outside Australia. Where this happens we take reasonable steps to ensure those recipients are bound by privacy obligations broadly equivalent to the Australian Privacy Principles, or that an exception under APP 8 applies. By creating an account, you consent to this limited cross-border processing where it is necessary to deliver the service to you.

Data Retention

We retain your personal information for as long as your account is active. If you delete your account, or request deletion via support@myrnr.au, we will delete or de-identify your personal information within 90 days, except where we are required by law to retain it (for example, certain financial records). De-identified aggregate statistics produced before deletion may continue to exist in our records, since they no longer identify you.

Use by Adults

ShiftCore is intended for use by individuals aged 18 and over. We do not knowingly collect information from individuals under 18. If you believe we have collected such information, please contact support@myrnr.au and we will delete it.

Your Rights

Under the Australian Privacy Principles you have the right to:

• Access the personal information we hold about you (APP 12)
• Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13)
• Request deletion of your account and all associated data
• Export your data at any time
• Opt out of push notifications
• Grant or revoke aggregated-data consent at any time via the app, in Settings under Privacy

To exercise any of these rights, contact us at support@myrnr.au.

Complaints

If you believe we have not handled your personal information properly, please contact us first at support@myrnr.au and we will work to resolve it. If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Online: www.oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

Updates to this Policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. If the changes are material (for example, a new use of your data), we will notify you in the app and, where required, ask for fresh consent.

Contact

For privacy questions, data requests, or any concerns about this Policy, please contact:

Email: support@myrnr.au