WakataWakataSign In

Privacy Policy

Last updated: 1 December 2025

In this Privacy Policy, "Wakata", "we", "us" or "our" means Emmy-Clare Pty Ltd (ABN 65 609 572 054) trading as Wakata.ai.

We respect your privacy and are committed to protecting your personal information. This policy explains how we collect, use, disclose, and protect personal information when you use our website, mobile apps, and connected services. It also outlines your rights and how you can contact us about your information.

1. What this policy covers

This policy applies to personal information we collect when you:

  • visit wakata.ai or related subdomains (e.g. dev.wakata.ai, uat.wakata.ai);
  • use our software platform or mobile apps;
  • communicate with us by email, chat, phone, or forms; or
  • otherwise interact with Wakata as a customer, user, or supplier.

By using our services, you agree to the collection and use of your personal information in line with this policy. This Privacy Policy should be read together with our Terms and Conditions available at wakata.ai/terms. If there is any inconsistency between this Privacy Policy and the Terms and Conditions regarding data handling, the Terms and Conditions prevail to the extent of the inconsistency.

Our services are not intended for children under 16, and we do not knowingly collect their personal information.

Our role in processing personal information

Wakata provides software to business customers ("Customers") who use our platform to manage their operations and workforce. In this context:

  • When we collect and use personal information for our own purposes (such as managing customer accounts, billing, and marketing), we are the entity responsible for that information.
  • When our Customers use the platform to collect and store information about their employees, contractors, or operations ("Customer Data"), the Customer determines what data is collected and how it is used. We process this data on the Customer's behalf and in accordance with their instructions and our Terms and Conditions.

If you are an end user whose organisation uses Wakata, your employer or principal is responsible for their use of your information within the platform. Please direct any questions about how your organisation uses your data to your organisation's administrator. For questions about how Wakata handles data as a platform provider, contact us at support@wakata.ai.

2. What information we collect

We collect personal information that is reasonably necessary to operate our business, including:

  • Identity and contact data – name, job title, company, phone, email, address.
  • Account and profile data – username, password, preferences, roles, permissions.
  • Usage and technical data – device type, browser, IP address, session details, log data, and actions taken in the system.
  • Inspection and content data – photos, notes, files, location metadata, and comments recorded in the platform. This data is Customer Data as described in Section 1A — it is collected and controlled by your organisation, and we process it on their behalf.
  • Transactional data – payment information (processed securely by our payment provider; we do not store card details).
  • Support and communications – messages, feedback, or requests you send to us.
  • Marketing preferences – subscription and opt-in details.
  • Professional information – employment or business relationship details if you are a contractor or job applicant.
  • Location data – If your organisation enables location features, the Wakata mobile app may collect precise location data (GPS coordinates) when you use certain functions such as completing inspections, logging time on site, or submitting photos. Location data may be collected in the foreground (while using the app) or, if enabled by your organisation, in the background. Location data is Customer Data controlled by your organisation. We process it on their behalf to provide the Services. Your organisation determines whether location features are enabled and how location data is used. Please refer to your organisation's policies for more information. You may be able to disable location permissions in your device settings, but this may limit the functionality of the app.

We do not actively collect sensitive information (such as health or political opinions) for our own purposes. If we ever need to, we will request your consent first and only use it as allowed by law.

However, Customers may configure forms, checklists, or workflows within Wakata that collect sensitive information from End Users, such as health and safety data, injury reports, or medical clearances. Where this occurs, such data is Customer Data and the Customer is responsible for ensuring they have appropriate legal authority or consent to collect it. Wakata processes this data on the Customer's behalf and in accordance with our Terms and Conditions.

If we receive unsolicited personal information that we do not need, we will delete or de-identify it where lawful.

3. How we collect information

We collect personal information in several ways:

  • Directly from you, when you register, complete forms, upload data, or contact us.
  • Automatically, when you use our website or apps (through cookies, analytics, and system logs).
  • From your organisation, if they create or manage your account.
  • From third parties, such as service providers, partners, or publicly available sources.

4. Why we collect and use information

We collect and process personal information where it is necessary to:

  • perform a contract with you (or your organisation);
  • comply with our legal obligations; or
  • pursue legitimate business interests or with your consent.

Where we process Customer Data (including location data) on behalf of your organisation, we do so under our contract with the Customer. Your organisation is responsible for ensuring they have a lawful basis to collect and use your information, such as through your employment contract, workplace policies, or consent.

We use personal information to:

  • provide, operate, and support our products and services;
  • create and manage user accounts and authentication;
  • process payments, subscriptions, and billing;
  • communicate with you, including support and service notices;
  • improve and develop our products through analytics and feedback;
  • send marketing or updates (only if you've opted in – you can unsubscribe at any time);
  • comply with legal, tax, or regulatory requirements; and
  • protect our systems, users, and business from fraud or misuse.

We may also use aggregated or anonymised data (that cannot identify you) to understand product performance and trends.

5. Disclosure to third parties

We only share personal information with trusted providers who help us deliver our services. These may include:

  • Hosting and infrastructure: Amazon Web Services (AWS) for storage, email (SES), and authentication (Cognito).
  • Analytics: Google Analytics and related tools for understanding usage.
  • Payments: secure payment processors for billing transactions.
  • Email and communications: providers that send service or marketing emails.
  • Professional advisers: accountants, auditors, insurers, and legal advisers.
  • Authorities or law enforcement: when required by law, regulation, or court order.

We require all third parties to handle personal information securely and only for the purpose we've engaged them. If we begin using new subprocessors or third-party services, we will ensure they meet equivalent privacy and security standards.

Access by your organisation

If your Wakata account is managed by an organisation (your employer or principal), that organisation's administrators may access, monitor, and control the data in your account, including inspection records, location data, and activity logs. This access is controlled by your organisation, not by Wakata.

Wakata provides tools that Customers may choose to enable or configure. Customers are solely responsible for ensuring their use of monitoring and location-tracking features complies with applicable workplace surveillance laws, privacy laws, and their own policies. Wakata does not control how Customers use these features and is not liable for any Customer's use of monitoring capabilities.

Please refer to your organisation's own privacy policies for information about how they use your data.

6. Overseas storage and transfers

We store most personal information in Australia (AWS ap-southeast-2). Some of our service providers may access or store information outside Australia, including in the United States (for analytics, payment processing, and certain infrastructure services). Where this happens, we take reasonable steps to ensure equivalent privacy protections are in place, such as encryption, access controls, and contractual obligations.

A current list of subprocessors and their locations is available on request by contacting support@wakata.ai.

7. How we use Artificial Intelligence (AI)

Some parts of the Wakata platform use artificial intelligence (AI) and machine learning to assist with data analysis, automate routine actions, or provide insights to users. Our AI is designed to support human decision-making, not replace it.

We aim for accuracy and reliability, but AI systems can make mistakes or produce incomplete results. All outputs should be reviewed and verified by an appropriately qualified person before being relied upon. AI outputs should not be considered professional advice and are provided on an "as-is" basis. We do not sell or share your identifiable information to train public AI models. Data processed by our AI features is handled securely and, where possible, is anonymised or aggregated before analysis. Feedback from users may be used to improve system accuracy and performance over time.

Wakata's AI features are continually monitored and refined to minimise bias and improve reliability, and we welcome feedback on unexpected or inaccurate results. Human oversight remains central to all actions taken within Wakata.

AI and machine learning capabilities are integral to the Wakata platform and cannot be disabled for individual accounts. If your organisation has concerns about the use of AI features in a regulated or sensitive context, please contact us at support@wakata.ai to discuss how these features operate and whether Wakata is suitable for your use case.

8. How we protect your information

We use industry-standard security measures to protect personal information, including:

  • encryption in transit and at rest,
  • multi-factor authentication and role-based access,
  • regular security monitoring and audits, and
  • secure data backups and recovery procedures.

Despite these safeguards, no system is 100% secure. Transmission of information over the internet is at your own risk.

8A. Data breaches

If we become aware of a data breach that is likely to result in serious harm, we will promptly notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme.

9. Data Retention

9.1 General principle

We retain personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

9.2 Retention periods

The following retention periods apply unless a longer period is required by law or agreed with your organisation:

Data typeRetention period
Account and profile dataDuration of the account, plus 60 days after termination to allow data export
Customer Data (inspections, photos, checklists, reports, files uploaded by users)Duration of the customer's subscription, plus 60 days after termination. Thereafter deleted or archived unless otherwise agreed.
Usage and technical logs12 months from collection, then aggregated or deleted
Support correspondence3 years from last contact, or longer if related to an ongoing dispute
Billing and transaction records7 years (to meet Australian tax and accounting requirements)
Marketing preferencesUntil you unsubscribe, plus a suppression record retained indefinitely to honour opt-outs
Job applicant data12 months after the recruitment process concludes, unless you consent to longer retention

9.3 Customer Data on termination

When a customer's subscription ends (whether by cancellation, expiry, or termination), the customer may export their Customer Data for 60 days following termination (the "Export Period"). After the Export Period, we may permanently delete or archive Customer Data in accordance with this policy. We are not obliged to retain Customer Data beyond the Export Period unless required by law.

"Archive" means data is moved to secure offline or cold storage, is not accessible through the Services, and is retained only for legal, regulatory, or dispute resolution purposes. Archived data is permanently deleted within 2 years of archival unless retention is required by law or ongoing legal proceedings.

9.4 Backup and disaster recovery

Deleted data may persist in encrypted backups for up to 90 days before being permanently removed. Backups are used solely for disaster recovery and are not accessed for other purposes.

9.5 Anonymised and aggregated data

We may retain anonymised or aggregated data indefinitely for statistical analysis, product improvement, and research purposes. Anonymisation is performed using industry-accepted techniques to ensure data cannot reasonably be re-identified, either directly or in combination with other information available to us.

9.6 Legal holds

We may retain personal information beyond the periods above if required to comply with a legal obligation, court order, regulatory investigation, or to establish, exercise, or defend legal claims.

10. Cookies and analytics

We use cookies and similar technologies to:

  • remember your settings,
  • improve site performance, and
  • understand how visitors use our website.

You can control cookies through your browser settings, though some features may not function properly if you disable them. We use Google Analytics to collect aggregated usage data. You can opt out using the Google Analytics Opt-Out Add-on.

11. Your rights and choices

You may request to:

  • access personal information we hold about you;
  • correct inaccurate or outdated information;
  • delete your account or personal information (subject to legal obligations);
  • receive a copy of your data in a commonly used, machine-readable format (where technically feasible);
  • withdraw consent to marketing communications; or
  • restrict or object to certain processing activities.

Deletion requests will be actioned in live systems within 30 days. However, as described in Section 9.4, deleted data may persist in encrypted backups for up to 90 days before being permanently removed. Backups are used solely for disaster recovery and are not accessed for other purposes during this period.

To make a request, contact support@wakata.ai.

We may need to verify your identity and will respond within a reasonable timeframe (typically within 30 days).

If you are an employee or contractor of a Wakata customer

Your organisation controls the Customer Data held in their Wakata account. To access, correct, or delete information held by your organisation, please contact your organisation's administrator in the first instance. We will assist where required by law, but we generally cannot modify Customer Data without the Customer's authorisation.

12. Complaints

If you have a privacy concern, please contact us at support@wakata.ai and provide details of your complaint. We'll investigate and respond in writing.

If you're not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):

www.oaic.gov.au | 1300 363 992 | enquiries@oaic.gov.au

13. Updates to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, showing the "last updated" date above. If we make significant changes, we may notify you by email or in-app message.

14. Contact us

Wakata.ai
Emmy-Clare Pty Ltd (ABN 65 609 572 054)
Email: support@wakata.ai
Website: www.wakata.ai

Additional notes

  • Personal information relating to our employees and job applicants is handled under internal privacy procedures consistent with this policy.
  • If we begin processing data of individuals located in the EU, UK, or other jurisdictions, we will update this policy to include their additional privacy rights.