Privacy Policy

Last updated: March 2026

1. About This Policy

This Privacy Policy explains how EMCorp Group Pty Ltd (ABN 21 106 612 800) ("EMCorp", "we", "us", "our") collects, uses, discloses, and protects personal information through the EMAction emergency management platform ("Platform") and the emaction.io website. We are committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

2. Information We Collect

We collect the following types of personal information in the course of providing the Platform:

• Account information: name, email address, mobile phone number, role, and building/site assignment
• Emergency check-in data: check-in status, timestamps, GPS location (when voluntarily shared), and warden notes
• PEEP (Personal Emergency Evacuation Plan) data: mobility classifications, sensory/cognitive classifications, medical/equipment dependencies, and evacuation priority levels
• Communications: SMS messages, in-app chat messages, and email correspondence sent through the Platform during incidents
• Media: photos and videos uploaded during incidents
• Contact form submissions: name, email, phone, company, and any additional information provided via the demo request form on emaction.io
• Technical data: browser type, device information, and IP address collected automatically when you access the Platform

3. How We Use Your Information

We use personal information to:

• Operate the EMAction Platform and provide emergency evacuation management services to your organisation
• Send SMS notifications and alerts during emergency incidents
• Display your location on the incident map when you have voluntarily enabled GPS sharing
• Generate incident reports, audit trails, and compliance documentation
• Provide AI-powered situational analysis during incidents (using anonymised and aggregated data sent to Anthropic's API for processing)
• Respond to demo requests and enquiries
• Improve the Platform's functionality and reliability

4. GPS Location Data

GPS location sharing is entirely voluntary. When you check in during an incident, you may be prompted to share your device location. If you grant permission, your location is updated every 60 seconds and displayed on the incident map to assist wardens and incident controllers. You can revoke location access at any time by closing the browser tab or disabling location permissions in your device settings. GPS data is stored only for the duration of the active incident and in the subsequent incident report.

5. AI Processing

EMAction uses Anthropic's AI services to provide situational awareness analysis, warden message interpretation, notification drafting, and incident summary generation. Data sent to the AI service includes incident timeline entries, check-in statistics, and warden messages. This data is processed in real time and is not retained by Anthropic beyond the API request. No personal information is used to train AI models.

6. Disclosure of Information

We may share personal information with:

• Your organisation: EMAction is deployed on behalf of building owners, facility managers, and employers. Your organisation's administrators have access to incident data, check-in records, and audit logs
• Service providers: Twilio (SMS delivery), Anthropic (AI processing), and Aussie Web & IT Solutions (hosting) for the purpose of operating the Platform
• Emergency services: if required by law or in a genuine emergency where there is a serious threat to life or safety
• Regulatory authorities: where required under WHS legislation or other applicable laws

We do not sell personal information to third parties.

7. Data Security

We implement appropriate technical and organisational measures to protect personal information, including encrypted data transmission (HTTPS/SSL), two-factor authentication for warden and admin accounts, role-based access controls, and tamper-proof audit logging. However, no method of electronic transmission or storage is 100% secure.

8. Data Retention

Incident data and check-in records are retained for the period required by your organisation's compliance obligations and applicable WHS legislation. Account information is retained for the duration of your organisation's subscription. Contact form submissions are retained for a reasonable period to respond to your enquiry.

9. Your Rights

Under the Australian Privacy Principles, you have the right to access the personal information we hold about you and request correction of any inaccurate information. To make a request, contact your organisation's EMAction administrator or contact us directly using the details below.

10. Contact Us

If you have questions about this Privacy Policy or wish to make a privacy complaint, please contact:

EMCorp Group Pty Ltd
PO Box 748, Bondi Junction, NSW Australia 1355
Email: info@emcorp-group.com
Phone: 1300 855 812