Privacy Policy

1. About Regovix

Regovix (ABN 19 735 810 326) is an Australian HSEQ compliance software platform operated by Madhu Pattarambil. Our platform comprises eleven purpose-built web applications designed to help Australian businesses manage workplace health and safety compliance obligations.

This Privacy Policy applies to all Regovix applications, the regovix.com.au website, and all communications between Regovix and its customers, users, and visitors.

2. What personal information we collect

Account and contact information

• Full name and job title
• Business email address and phone number
• Company name, ABN, and business address
• Username and encrypted password
• Billing and payment information (processed securely by Stripe — Regovix does not store card details)

Workplace compliance data

Depending on which Regovix apps your organisation uses, we may process:

• Risk assessments and SWMS — task descriptions, hazard details, control measures, worker sign-off records
• Incident records — incident descriptions, locations, dates, photos, corrective actions
• Chemical register data — product names, UN numbers, DG classifications, SDS documents
• Fleet inspection records — vehicle details, inspection results, defect reports
• Pre-shift wellness check-in data — fatigue ratings, sleep hours, wellness self-assessments, fitness for duty declarations. This constitutes sensitive health information under the Privacy Act.
• Training and induction records — completion status, sign-off dates, licence details
• Permit to work records — permit details, approvals, close-out records
• Audit and inspection records — findings, photos, NCR details, corrective actions
• DG stock and disposal records — chemical quantities, disposal dates, contractor details, manifest numbers

Technical and usage data

• IP address and browser type
• Pages visited and features used within Regovix applications
• Device type and operating system
• Login timestamps and session data

3. How we collect personal information

• Directly from you — when you register, complete a form, submit a report, or contact us
• From your organisation — when your employer or HSEQ consultant sets up your user account
• Automatically — through cookies and technical logs when you use our applications
• From third parties — payment processing information from Stripe upon subscription

4. Why we collect and use your information

We collect and use personal information for the following purposes:

• Providing, operating, and improving the Regovix platform and applications
• Creating and managing your user account and subscription
• Processing payments and managing billing
• Generating compliance reports, audit trails, and document exports on your behalf
• Sending service-related notifications — expiry alerts, review reminders, corrective action reminders
• Providing customer support and onboarding assistance
• Improving application features based on usage patterns (aggregated, not individually identified)
• Complying with legal obligations applicable to Regovix as a software service provider

5. Sensitive information — WellnessCheck

WellnessCheck collects pre-shift health and wellness data including fatigue ratings, hours slept, physical and mental wellness self-assessments, and fitness for duty declarations. This constitutes sensitive personal information under the Privacy Act 1988.

We handle this data with additional care:

• Consent — workers provide explicit informed consent before their first check-in, and consent can be withdrawn at any time
• Minimum collection — we do not collect medication names, diagnoses, or treatment details — only acknowledgement declarations
• Access controls — individual check-in records are visible only to the worker themselves and their direct supervisor in the context of a specific shift
• Aggregate reporting only — HSE Managers see workforce-level trends, not individual health records
• No third-party sharing — wellness check-in data is never shared with insurers, workers compensation bodies, or regulators without explicit written consent or a valid legal obligation
• Retention limits — configurable data retention periods per organisation, after which records are anonymised or deleted

6. Who we share your information with

We share personal information only in the following limited circumstances:

• Base44 (platform provider) — our applications are built on the Base44 platform, which hosts application data. Base44 acts as a data processor on our behalf.
• Stripe (payment processing) — subscription and payment information is processed by Stripe. Regovix does not store credit card numbers.
• Within your organisation — data entered by workers is accessible to authorised users within your organisation as defined by the role and permission settings configured by your administrator.
• Legal obligations — we may disclose information where required by Australian law, a court order, or a valid regulatory request.

We do not share your data with any other third parties without your express consent.

7. Data storage and security

• All data is stored on servers located in Australia or jurisdictions with adequate privacy protections
• Data is transmitted over encrypted HTTPS connections at all times
• Passwords are stored using industry-standard one-way hashing — Regovix staff cannot view your password
• Access to customer data is restricted to authorised Regovix personnel on a need-to-know basis
• We conduct regular reviews of our security practices and respond promptly to any identified vulnerabilities

8. How long we keep your information

• Active account data — retained for the duration of your subscription plus 30 days after cancellation
• Compliance records — retained for the period required by applicable Australian legislation. POEO Act waste records require 5-year retention. WHS incident records should be retained for the duration of any investigation or legal proceedings.
• Billing records — retained for 7 years to satisfy ATO requirements
• Wellness check-in data — configurable per organisation, default 12 months
• Deleted account data — securely purged within 90 days of account deletion request

9. Your privacy rights

Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to:

• Access — request a copy of the personal information Regovix holds about you
• Correction — request that inaccurate or incomplete information be corrected
• Deletion — request deletion of your personal information, subject to our legal retention obligations
• Complaint — lodge a complaint with Regovix, and if unresolved, with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au
• Opt out of marketing — unsubscribe from marketing communications at any time using the unsubscribe link in any email, or by contacting us directly

To exercise any of these rights, contact us at maddypat@regovix.com.au. We will respond within 30 days.

10. Cookies

Regovix uses essential cookies required for application functionality — session management, authentication, and security. We do not use advertising cookies or tracking pixels.

If we add analytics cookies in future (such as Google Analytics), we will update this policy and request your consent where required.

11. Third-party links

The Regovix website and applications may contain links to third-party websites, including regulatory bodies and industry resources. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users at least 14 days before taking effect. The current version is always available at regovix.com.au/privacy.html.

Continued use of Regovix after a policy update constitutes acceptance of the revised terms.

13. Contact us