Privacy Policy
Effective 27 March 2026
1. Who we are
Everyday Resilience (“we”, “us”, “our”) operates the emergency preparedness assessment service at everydayresilience.app. We are based in Western Australia, Australia. This Privacy Policy explains how we collect, use, and protect your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Questions or concerns? Contact us at hello@everydayresilience.app.
2. What information we collect
Account information
When you create an account we collect your email address and a hashed password. We do not store your password in plain text.
Household profile
To personalise your assessment we collect information about your household including its approximate size, whether children or elderly members are present, pets, your suburb and state, property type, location type (urban/rural/etc.), primary hazards relevant to your area, physical limitations, and preparedness budget range. None of this information identifies you personally on its own.
Assessment responses
We store your answers to the preparedness assessment questions, domain scores, and the overall resilience score. This allows your progress to be saved and for you to return to your assessment across devices.
Action plan and tasks
If you create action plan tasks or notes, we store those associated with your household account.
Location contacts
If you enter your suburb to find local emergency contacts (SES unit, ABC Radio station, police non-emergency), we store that suburb name alongside AI-resolved contact information in your household record. We use Anthropic’s Claude AI to resolve local contacts from the suburb you provide — see section 5.
Payment information
If you purchase an upgrade, payments are processed entirely by Lemon Squeezy. We do not receive or store your credit card details. We do receive a customer ID and purchase record from Lemon Squeezy to activate your upgraded account.
Usage data
Our hosting infrastructure (Vercel) automatically records standard web server logs including IP addresses, browser type, pages visited, and timestamps. This data is used for security and performance monitoring and is not sold.
3. How we use your information
We use your information to:
- Create and manage your account and authenticate your sessions.
- Generate your personalised resilience score and action plan.
- Save and sync your assessment progress across devices.
- Resolve local emergency contacts for your suburb using AI.
- Process and record paid upgrades.
- Send essential account emails (email confirmation, password reset).
- Investigate security incidents and monitor for abuse.
- Improve the Service based on aggregate, anonymised usage patterns.
We will not sell your personal information to third parties. We will not use your personal information to send you marketing communications without your separate consent.
4. Data storage and security
Your account data and assessment responses are stored in a Supabase PostgreSQL database hosted on AWS infrastructure in the Asia Pacific (Sydney) region. Assessment responses may also be cached in your browser’s local storage to allow offline access — this data is stored only on your own device.
We implement industry-standard security measures including row-level security on our database so that users can only access their own data, TLS/HTTPS encryption in transit, and bcrypt-hashed passwords. However, no method of transmission or storage is 100% secure and we cannot guarantee absolute security.
5. Third-party services
We share limited data with these third parties to operate the Service:
Supabase
Hosts our database and authentication system. Supabase stores your email, hashed password, and all assessment data. Data is held in the AWS Sydney region. Supabase’s privacy policy: supabase.com/privacy
Vercel
Hosts and serves the web application. Vercel processes standard HTTP request logs. Vercel’s privacy policy: vercel.com/legal/privacy-policy
Anthropic (Claude AI)
When you request local emergency contacts we send your suburb name and state to Anthropic’s Claude API to resolve the SES unit, ABC Radio station, and police non-emergency number for your area. We do not send your email address or other personal information to Anthropic. Anthropic’s privacy policy: anthropic.com/legal/privacy
Lemon Squeezy
Processes payments for upgrades. Lemon Squeezy is the merchant of record and handles all payment card data. We receive a customer ID and purchase confirmation. Lemon Squeezy’s privacy policy: lemonsqueezy.com/privacy
OpenStreetMap / Nominatim
When you search for your suburb during account setup, your search query is proxied through our servers to the Nominatim geocoding API (OpenStreetMap data). Your email address is not sent. Nominatim’s usage policy: operations.osmfoundation.org
6. Cookies and local storage
We use cookies only for authentication session management (a secure, HTTP-only session cookie provided by Supabase). We do not use advertising cookies or third-party tracking cookies.
We use your browser’s localStorage to cache your assessment progress, scores, and emergency checklist completions so the app works offline and loads quickly. This data is stored only on your device and is cleared when you sign out or delete your account.
7. Data retention
We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data from our active systems within 30 days. Anonymised, aggregate data derived from your usage may be retained indefinitely for product improvement purposes.
Note that Supabase and Vercel may retain infrastructure-level logs for security purposes in accordance with their own retention policies.
8. Your rights
Under the Australian Privacy Act and the APPs you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete personal information.
- Delete your account and associated personal data via Account Settings → Delete account, or by contacting us.
- Complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have handled your information in breach of the Privacy Act.
To exercise any of these rights, email us at hello@everydayresilience.app. We will respond within 30 days.
9. Children
The Service is intended for users aged 18 and over. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
10. International transfers
Your data is primarily stored in AWS Sydney (Australia). Some processing may occur on Anthropic’s US-based infrastructure when resolving local emergency contacts. We take reasonable steps to ensure overseas recipients handle your information in a way that is consistent with the Australian Privacy Principles.
11. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or by a prominent notice in the Service. The effective date at the top of this page will always reflect the most recent version.
12. Contact us
For privacy enquiries, access or correction requests, or complaints, please contact: