Privacy Policy

Effective Date: May 13, 2025

Constructive Reality PTY LTD ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the KoaLocator mobile application ("App"). By using the App, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the App.

1. Information We Collect

We may collect the following types of information when you use the App:

a. Personal Information

  • Account Information: When you register or log in, we collect your username, email address, and password.

  • User ID: A unique identifier is assigned to your account for authentication and data association.

  • Location Data: With your consent, we collect precise location data (latitude and longitude) when you submit a koala sighting, rescue, or related event. Location data is privatised to a ~20-meter grid for privacy.

  • Media: You may upload photos, videos, or audio recordings related to koala sightings or rescues. These are stored securely and may be associated with your user account.

b. Non-Personal Information

  • Audit Logs: The App generates encrypted logs of actions (e.g., data saves, syncs, or errors) for security and debugging purposes. These logs do not contain personally identifiable information unless related to your account actions.

  • Device Information: We may collect information about your device, such as the operating system version, to ensure compatibility and improve performance.

  • Usage Data: We collect information about how you interact with the App, such as feature usage, to improve functionality.

c. Data Collected Automatically

  • The App uses Core Data to store information locally on your device, including sighting records, media files, and logs, which are encrypted to protect your data.

  • Network activity (e.g., sync attempts) may generate temporary data, such as IP addresses, during communication with our servers.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide and Operate the App:

    • Authenticate your account and manage user sessions.

    • Record and sync koala sightings, rescues, or deceased koala reports, including associated location and media data.

    • Display your submissions on a map and allow you to edit or export them.

  • To Enhance User Experience:

    • Provide geocoding services to convert addresses into coordinates.

    • Offer features like audio recording and media playback.

    • Display a "Koala Rewards" message to acknowledge your contributions.

  • To Ensure Security:

    • Encrypt sensitive data (e.g., media, logs) using AES-GCM encryption.

    • Maintain audit logs to monitor and troubleshoot app activity.

  • To Improve the App:

    • Analyse usage patterns to optimise performance and fix bugs.

    • Ensure compatibility with your device and iOS version.

  • To Communicate:

    • Send notifications about data syncs or errors (e.g., rate limit warnings).

    • Respond to support requests or account-related inquiries.

3. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

  • With Service Providers: We use third-party services (e.g., hosting providers for our API at api.koalocator.com.au) to store and process data. These providers are contractually obligated to protect your data and only process it on our behalf.

  • For Koala Conservation: Anonymised or aggregated data (e.g., sighting coordinates without user identifiers) may be shared with conservation organisations or researchers to support koala protection efforts. Personal information is not included in these datasets.

  • Legal Obligations: We may disclose your information if required by law, such as in response to a court order or government request.

  • With Your Consent: When you export data (e.g., as a CSV file with media), you control how the exported file is shared (e.g., via email or other apps). Exported data is no longer under our control.

4. Data Storage and Security

  • Local Storage: The App stores data (e.g., sighting records, media, logs) on your device using Core Data with complete file protection. Media files are archived as ZIP files and encrypted.

  • Server Storage: Data synced to our servers (via api.koalocator.com.au) is stored securely with access restricted to authorised personnel. Media files are stored as ZIP archives.

  • Encryption: Sensitive data, including media and audit logs, is encrypted using AES-GCM with 256-bit keys. Authentication tokens are stored securely in the iOS Keychain.

  • Retention Policy: Local data older than 30 days is automatically deleted unless marked for retention. You may request deletion of your account data, though anonymised sighting data may be retained for conservation purposes.

  • Security Measures: We implement industry-standard measures, including input sanitisation, file size limits (5MB for images/audio, 20MB for videos), and secure API communication (HTTPS).

5. Your Choices and Rights

  • Location Access: You can enable or disable location services in your device settings. The App requests "When In Use" location permission and does not use background location tracking.

  • Camera and Photo Library: You can grant or deny access to your camera and photo library. Media uploads are optional.

  • Account Deletion: You can request deletion of your personal data through the App’s Settings. This removes your account information, but anonymised sighting data may remain for conservation purposes.

  • Data Export: You can export your sighting data as a CSV file with associated media ZIPs. Exported files are stored temporarily and deleted after sharing.

  • Opt-Out: You can stop using the App and delete it from your device to cease data collection.

6. Children’s Privacy

The App is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly.

7. Third-Party Services

The App integrates with the following Apple frameworks, which may collect data as described in their respective privacy policies:

  • CoreLocation: Used for location data (with your consent).

  • Photos: Used for photo and video uploads (with your consent).

  • AVFoundation: Used for audio recording and playback (with your consent).

  • LocalAuthentication: Used for authentication.

  • CoreData: Used for local data storage.

  • MapKit: Used to display maps and annotations.

We also use Alamofire for secure network requests to our API. No third-party analytics or advertising services are used.

8. International Data Transfers

Our servers are located in Australia and the UK. If you use the App from outside Australia or the UK, your data may be transferred to and processed in Australia or the UK. By using the App, you consent to this transfer.

9. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via the App or by email. The updated policy will be effective as of the date posted.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Constructive Reality PTY LTD
Email: support@koalocator.com.au

The Wildlings Woodend Wildlife Shelter

www.thewildlingswoodendwildlifeshelter.com.au