Legal
Privacy Policy
Krytek Pty Ltd · Effective date: 4 June 2026 · Last reviewed: June 2026
Krytek Pty Ltd (“Krytek”, “we”, “us”, “our”) is an IoT platform company based in Hobart, Tasmania, Australia. We provide hardware, software, and data services that enable organisations to deploy and manage wireless sensor networks.
This Privacy Policy explains how we collect, use, store, disclose, and otherwise handle personal information in connection with:
- our marketing website at krytek.com.au
- our platform dashboard at dashboard.krytek.com.au
- our mobile application (Krytek App)
- our API and developer platform
- any other services we provide (collectively, the “Services”)
We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). We have drafted this policy to meet the current APP requirements and to reflect the forthcoming obligations under the Privacy and Other Legislation Amendment Act 2024.
1. What Personal Information We Collect
1.1 Website and contact
When you use our marketing website or contact us directly, we may collect:
- Your name and email address (via contact or enquiry forms)
- Your organisation name and role
- The content of messages you send us
- Technical data such as IP address, browser type, and pages visited (via analytics tools)
1.2 Platform accounts
When you create an account on the Krytek platform or dashboard, we collect:
- Name and email address
- Password (stored as a cryptographic hash — we never store passwords in plain text)
- Organisation and role information you provide
- Account preferences and settings
1.3 Device and sensor data
When you deploy Krytek hardware or connect sensors to the platform, we collect:
- Device identifiers and hardware metadata (e.g. bridge ID, firmware version)
- Sensor telemetry (e.g. temperature, humidity readings) with associated timestamps and location metadata
- Network and connectivity data (e.g. signal strength, packet metadata)
Sensor telemetry is not ordinarily personal information. However, where telemetry is associated with a named account or a specific individual's environment, we treat it with the same care as personal information.
1.4 Usage and platform activity
We automatically collect information about how you interact with the Services, including:
- Login events and session metadata
- Dashboard interactions and feature usage
- API requests and integration activity
- Error logs and diagnostic data
1.5 Billing and payment
When you subscribe to a paid plan, billing information (such as company name, billing address, and payment card details) is collected and processed by our third-party payment provider. Krytek does not store full card numbers or payment credentials.
1.6 Information from third parties
We may receive information about you from third parties, such as referral partners, or where you sign in using a third-party identity provider (e.g. Google OAuth). We handle such information in accordance with this policy.
2. How We Collect Personal Information
We collect personal information:
- Directly from you — when you fill in a form, create an account, contact us, or use the Services
- Automatically — through analytics tools, server logs, and platform instrumentation as you interact with the Services
- From your devices — through Krytek hardware you have deployed and connected to your account
- From third parties — as described in section 1.6 above
We collect personal information only by lawful and fair means, and only where it is reasonably necessary for our functions and activities.
3. Why We Collect and Use Personal Information
We use personal information for the following purposes:
- To provide, operate, and improve the Services
- To create and manage your account
- To process payments and manage subscriptions
- To send transactional communications (e.g. account confirmations, alerts, invoices)
- To send service updates and product announcements (you may opt out at any time)
- To respond to enquiries, support requests, and complaints
- To monitor platform performance, diagnose errors, and improve reliability
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
- To conduct analytics and improve our products and services
Where we use personal information for purposes other than those for which it was collected, we will do so only where permitted by the APPs, or with your consent.
4. Automated Decision-Making
Certain features of the Krytek platform use automated processing to analyse sensor data, detect anomalies, and generate insights or alerts. These processes operate on telemetry data and are designed to assist users in monitoring their environments.
Where automated processes are used to make decisions that may significantly affect an individual, we will provide meaningful disclosure of that fact, in compliance with the transparency requirements of the Privacy and Other Legislation Amendment Act 2024 (commencing December 2026).
5. How We Store and Protect Personal Information
5.1 Storage
Personal information and platform data are stored on infrastructure operated by our cloud service providers:
- Supabase Inc. (database and authentication) — data stored in AWS ap-southeast-2 (Sydney, Australia)
- Fly.io Inc. (API and application hosting) — deployed in the Sydney region
- Vercel Inc. (web hosting) — edge infrastructure globally
5.2 Security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:
- Encryption of data in transit (TLS) and at rest
- Password hashing using industry-standard algorithms
- Access controls and authentication requirements
- Regular review of security practices
No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.
5.3 Retention
We retain personal information for as long as necessary to provide the Services and fulfil the purposes described in this policy, or as required by law. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it securely.
6. Disclosure of Personal Information
6.1 Service providers
We share personal information with third-party service providers who assist us in operating the Services, including:
- Cloud infrastructure providers (Supabase, Fly.io, Vercel — see section 5.1)
- Payment processors
- Email and communication services
- Analytics providers
These providers are engaged under contractual arrangements that require them to handle personal information in a manner consistent with this policy.
6.2 Overseas recipients
Some of our third-party service providers are located overseas or process data on infrastructure outside Australia. Specifically:
- Supabase Inc. is a US-incorporated entity; data is stored in AWS Sydney but processed by a US company
- Fly.io Inc. is a US-incorporated entity; application infrastructure is deployed in Sydney
- Vercel Inc. is a US-incorporated entity; web requests may be processed via global edge nodes
Before disclosing personal information to overseas recipients, we take reasonable steps to ensure those recipients handle the information in a manner consistent with the APPs (APP 8). By using the Services, you acknowledge that personal information may be disclosed to these overseas recipients.
6.3 Other disclosures
We may also disclose personal information:
- Where required or authorised by Australian law (e.g. in response to a court order or regulatory request)
- To protect the rights, property, or safety of Krytek, our users, or others
- In connection with a business transaction such as a merger, acquisition, or sale of assets, subject to confidentiality obligations
- With your consent
We do not sell personal information to third parties.
7. Cookies and Analytics
Our website and dashboard may use cookies and similar tracking technologies to improve user experience and analyse usage patterns. Types of cookies we may use include:
- Strictly necessary cookies — required for the Services to function (e.g. session management)
- Analytics cookies — to understand how visitors interact with our Services (e.g. Vercel Analytics)
You may configure your browser to refuse cookies, though this may affect the functionality of the Services. Where required by law, we will seek your consent before placing non-essential cookies.
8. Your Rights
Subject to the APPs and applicable law, you have the right to:
- Access the personal information we hold about you (APP 12)
- Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13)
- Know whether we hold personal information about you and how it is managed
- Opt out of receiving direct marketing communications at any time
To exercise any of these rights, please contact us using the details in section 11. We will respond within a reasonable time and in accordance with our obligations under the APPs. We do not charge a fee for access requests, though in some circumstances a reasonable fee may apply for the cost of processing.
9. Notifiable Data Breaches
Krytek is committed to complying with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach — being a breach that is likely to result in serious harm to any individual whose personal information is involved — we will:
- Assess the breach as soon as practicable
- Notify the Office of the Australian Information Commissioner (OAIC)
- Notify the affected individuals, or publish a public notification where direct notification is not practicable
We maintain internal procedures for detecting, assessing, and responding to data breaches. If you suspect a data breach involving your personal information, please contact us immediately.
10. Complaints
If you believe we have handled your personal information in a way that does not comply with the Privacy Act 1988 or this policy, we encourage you to contact us in the first instance so we can attempt to resolve your concern.
Please submit your complaint in writing to the contact details in section 11. We will acknowledge receipt within 5 business days and aim to respond substantively within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
11. Contact Us
For privacy-related enquiries, access requests, correction requests, or complaints, please contact:
Privacy Officer, Krytek Pty Ltd
Hobart, Tasmania, Australia
Email: privacy@krytek.com.au
Website: krytek.com.au
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes, we will update the effective date at the top of this policy and, where appropriate, notify you by email or via the platform.
Your continued use of the Services after any change constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
© 2026 Krytek Pty Ltd. All rights reserved.