Privacy policy

This privacy policy describes how ChillSense (operating at chillsense.com.au) collects, uses, stores, and discloses personal information and customer telemetry. It is written for Australian customers and aligned with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). Where relevant, equivalent rights for visitors from other jurisdictions (such as GDPR) are also accommodated.

This is the public summary. For the formal contract-grade terms that govern your use of the platform, see the terms of service.

Who we are

ChillSense is an Australian-hosted cold chain monitoring platform. The "we", "us", and "our" in this document refer to the ChillSense legal entity operating the platform. For contact details see the About page and the Contact us page.

What we collect

ChillSense collects two broad categories of information.

1. Customer telemetry and operational data

Generated by your hardware and your team's use of the platform:

• Sensor readings — temperature, humidity, radio signal strength, battery level, timestamps — per ChillSense Sensor at your sites.
• Hub heartbeats and status events — per ChillSense Hub at your sites.
• Asset and site configuration — the names, descriptions, threshold ranges, alert contacts, and friendly names you assign to your assets, areas, and sites.
• Incident and corrective-action records — what alerts fired, who acknowledged them, what corrective action was selected, what notes were attached.
• Dashboard usage metadata — which dashboards were viewed by which user accounts at what times, for support and troubleshooting purposes.
• Generated reports — the monthly HACCP PDFs and their underlying JSON snapshots.

2. Personal information

About users and contacts of the platform:

• Account information — name, email, role, password hash (we never store plaintext passwords).
• Notification contacts — email addresses and (where SMS is configured) mobile numbers for incident alerts.
• Communications with us — emails, contact form submissions, support tickets.
• Billing information — business name, billing address, payment method (held by our payment processor; we do not store full card numbers).
• Technical metadata — IP address, browser user agent, and similar information automatically collected when you use the platform, for security and abuse prevention.

How we use it

We use the information above to:

• Provide the monitoring, alerting, reporting, and dashboard features of the platform.
• Authenticate users and authorise access to the right customer's data.
• Detect and respond to security incidents and abuse.
• Communicate with customers about service status, billing, and product changes.
• Improve the platform — in aggregate, anonymised form — including training the AI models behind drift detection and energy insights.
• Comply with our legal obligations (tax, accounting, lawful requests).

We do not sell personal information. We do not share customer telemetry with other ChillSense customers.

Per-customer data isolation

Customer telemetry is isolated per customer:

• Per-customer telemetry buckets in the time-series store.
• Per-customer dashboard org with its own datasource scope.
• Per-customer auth domain inside the identity provider.
• Per-customer report storage on the operational backups volume.

Authorised ChillSense support staff can access your data when assisting with operations and troubleshooting. No other customer can. Access by ChillSense staff is logged for audit purposes.

Where it lives

• Customer telemetry, dashboards, reports, and incident records are stored on infrastructure inside Australia.
• Personal account information for users is also stored in Australia.
• Payment information is held by a regulated payment processor; we do not store full card details ourselves.
• System logs used for security and troubleshooting are stored alongside the platform in Australia.

We do not transfer customer telemetry or personal information outside Australia in routine operations. If a particular feature ever requires cross-border processing, we will update this policy and notify customers in advance.

How long we keep it

Data category	Retention
Raw sensor readings	2 years
Hourly aggregates	Indefinite (while you are a customer)
Daily aggregates	5 years
Incident records and corrective actions	While you are a customer; archived for the period required by audit
Generated HACCP reports	While you are a customer; copies you have downloaded are yours
Account information	While the account is active, plus a short period after deactivation
Communications with us (support)	While needed to resolve the matter, plus a reasonable retention
Billing records	As required by Australian tax and accounting law

When you cancel a subscription, the underlying sensor stops reporting. Historical readings remain associated with the asset record for a reasonable period in case you reactivate. When you cancel a customer account altogether, telemetry buckets, dashboards, alert rules, contact-point configurations, HACCP configuration, reports, and stored credentials are deleted from production systems in line with our customer off-boarding process. Backup snapshots may retain data for a short additional period before they roll off.

Your rights

Under the Australian Privacy Principles you have the right to:

• Access the personal information we hold about you.
• Correct personal information that is inaccurate or out of date.
• Complain to us about how we have handled your personal information.
• Escalate a complaint to the Office of the Australian Information Commissioner (OAIC) if we have not handled it satisfactorily.

If you are a visitor from a GDPR jurisdiction, you additionally have rights to erasure, portability, restriction of processing, and to object to certain processing. We will honour those rights for GDPR-jurisdiction visitors as far as is consistent with our other legal obligations.

To exercise any of these rights, contact us at sales@chillsense.com.au (the address routes both new business and existing-customer enquiries) or via the Contact us page.

How we secure it

A non-exhaustive summary of operational security practices:

• Transport encryption for all customer-facing traffic (HTTPS/TLS).
• At-rest encryption on the underlying storage volumes.
• Authentication via an identity provider with password hashing, optional multi-factor authentication, and session expiry.
• Authorisation that scopes every API call to the requesting customer's data.
• Audit logging of administrative access by ChillSense staff.
• Backups with a retention window appropriate to the data class, on infrastructure inside Australia.
• Patching of the underlying operating systems and managed services on a regular cadence.

No system is perfectly secure. If you become aware of a vulnerability or suspect a security incident, please report it immediately to sales@chillsense.com.au; we will respond promptly.

Cookies and similar technologies

The ChillSense website uses cookies and similar browser storage for:

• Session management so you stay logged in across pages.
• Security including CSRF protection.
• Anonymous analytics to understand how the website is used (no individual identification).

You can disable cookies at the browser level; the platform will still load, but some features (notably the dashboard's login state) will not work correctly.

Children

ChillSense is a business platform and is not intended for use by children under 16. We do not knowingly collect personal information from children.

Changes to this policy

We may update this policy from time to time. When we make a substantive change, we will publish a notice on this page and (for active customers) email the listed account contact. The "Last updated" date at the top of this page reflects the most recent change.