Privacy Policy

Last updated: 5 January 2026

This Privacy Policy explains how Tesaroche Pty Ltd trading as “TetraSense” (“TetraSense”, “we”, “us”, “our”) collects, uses, discloses and protects personal information when you use our websites (including tetrasense.au), mobile applications, and related services (collectively, the “Services”). This policy applies to all users of our Services.

Who we are

Tesaroche Pty Ltd (trading as TetraSense) provides workforce safety and journey monitoring tools for organisations (“tenants”). TetraSense is invitation‑only; your access is provisioned by your employer or organisation.

Contact: team@tetrasense.au

Scope

• Our landing and web apps (e.g., tetrasense.au, app.tetrasense.au)
• Our iOS mobile app
• Our APIs and infrastructure used to deliver the Services

Personal information we collect

• Identity and contact: name, business email, phone (optional), organisation/tenant domain.
• Account details: user ID, roles/groups (e.g., user, manager), status (e.g., invited, confirmed).
• Employment context: position title, business unit (if provided by your organisation).
• Journey and activity data: check‑ins, status changes, timestamps, notifications.
• Location‑related data: place search queries and route calculation inputs/outputs when you use features powered by Amazon Location Services (we do not continuously track your device; collection is feature‑driven and controlled by your organisation’s settings).
• Device and usage: app version, device model/OS, basic diagnostic and error logs.
• Authentication and security: tenant configuration, sign‑in events, session identifiers, push tokens.

How we collect

• From you: when you sign in, update your profile, check in, or use app features.
• From your organisation (tenant): when your administrator invites you or assigns roles.
• Automatically: limited analytics, diagnostics, and security logs when you use the Services.
• From service providers: identity and notification platforms supporting the Services.

Why we collect (purposes)

• Provide and secure the Services: authentication, authorisation, tenant routing, audit logs.
• Safety workflows: check‑ins, SOS alerts, manager notifications.
• Feature operation: address search and route calculations when invoked by you.
• Support and diagnostics: troubleshooting, performance, and service reliability.
• Compliance and legal: to meet legal obligations and enforce terms.

Legal bases

Depending on your region, our processing is based on:

• Contract (providing the Services to your organisation and to you)
• Legitimate interests (service security, diagnostics, and improvements)
• Consent (where required by law, e.g., certain notifications, device permissions)
• Legal obligations (records retention, safety compliance where applicable)

How we share your information

• Your organisation (tenant): administrators and authorised managers may see relevant data to support safety workflows.
• Service providers (processors): cloud hosting (AWS), notifications, analytics, error reporting—only as needed to deliver the Services, under data protection terms.
• Legal and safety: to comply with law, enforce terms, or protect users and the public.

We do not sell personal information.

International transfers

We primarily host in the Asia Pacific (Sydney) region (ap‑southeast‑2). Certain platform components (e.g., certificate management, global CDN, push notifications) may involve secure processing in other regions as needed. We implement safeguards for cross‑border transfers where required.

Retention

We retain personal information only as long as necessary for the purposes above, your organisation’s policies, or as required by law. Your organisation may request de‑identification or deletion subject to legal and operational constraints.

Security

We use industry‑standard safeguards: encryption in transit and at rest, role‑based access, least privilege, monitoring and alerting. No method of transmission or storage is 100% secure; we continuously improve our controls.

Your rights

Subject to applicable law, you may have rights to access, correct, update, or delete your personal information; to object or restrict processing; and to portability. For requests, contact team@tetrasense.au or your organisation’s administrator.

• Australia: rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
• EU/UK: GDPR/UK GDPR rights (e.g., access, rectification, erasure, restriction, portability, objection).
• California: CCPA/CPRA rights; we do not sell personal information.

Children

The Services are not directed to children under 16. If we learn we processed such data without appropriate authorisation, we will delete it.

Cookies and tracking

Our websites may use essential cookies and limited analytics to operate and improve the Services. You can manage cookies via your browser settings. The mobile apps do not use third‑party advertising SDKs.

Organisation (tenant) responsibilities

Your employer/organisation configures access, roles, and safety workflows, and is responsible for the accuracy of user provisioning and lawful use of the Services. They may be a controller (or joint controller) of your personal information.

Changes to this policy

We may update this policy to reflect changes in laws, technologies, or our Services. We will post updates here with a revised “Last updated” date.

Contact

Email: team@tetrasense.au