Privacy Policy

This notice applies to the Reo web app, the Reo iOS app, and the public induction sign-in pages that link to it. It doesn’t cover other companies’ websites or services that may be linked from Reo — those have their own privacy practices.

Reo is a platform used by construction businesses to run their projects. For information that a business and its team enter into Reo — including site inductions, diaries, defects, photos and contractor records — that business decides why the information is collected and how it is used, and we host and process it on their behalf. For your own account details, we are the ones responsible. If your question is about site or induction records, the business operating that site is the best first point of contact; we can help put you in touch.

We collect the categories of personal information in the table below. We don’t collect more than we need, and we only collect sensitive information (such as a signature) where the site induction requires it and you provide it.

Directly from you — when you create or use an account, and when you complete a site induction sign-in; from the business that gave you access to Reo; and automatically (your login session and basic technical logs). We do not buy personal information or collect it from data brokers to build profiles.

We use personal information to:

• provide and operate Reo, and store and display your project records;
• authenticate logins and keep accounts and data secure;
• maintain induction and safety (WHS) records for the site operator;
• provide the AI features (see below);
• support you and respond to your requests;
• debug, fix errors, and improve the service;
• detect and prevent fraud, misuse, and security threats; and
• meet our legal obligations.

We do not use your information for advertising, and we do not sell it.

Some features (such as the daily briefing, document scanning and dashboard insights) send the relevant text or images to Anthropic’s API to generate a result. This processing happens only to provide the feature, the data is not used to train AI models, and this processing occurs in the United States.

We share personal information only with:

• The business you’re affiliated with — if a Reo customer gave you access, we may share your information with them to verify accounts and activity, investigate suspicious activity, or enforce our terms.
• Service providers who run Reo for us — our database (Neon, Sydney), app hosting (Vercel, Sydney), file storage (Cloudflare R2), AI processing (Anthropic, US), and account email (Resend, US, once enabled). They may only use your information to provide their service to us.
• Legal and government bodies — courts, law enforcement, and regulators, where we are required or permitted by law.
• Professional advisers — such as lawyers, accountants, auditors, or insurers, where reasonably needed.
• A successor — a buyer in connection with a sale, merger, or reorganisation of the business.

We don’t share your information with advertising networks, and we don’t sell it.

We host the core database and apps in Australia. Some service providers above — in particular AI processing and email — operate in the United States, so some information may be processed overseas.

Reo uses a secure session cookie to keep you signed in — this is essential to the service working. We don’t use advertising, targeting, or cross-site tracking cookies, and we don’t embed third-party social media or ad widgets. The iOS app keeps your login securely on your device (in the iOS keychain) rather than using cookies.

We don’t use your personal information to make automated decisions that have legal or similarly significant effects on you. The AI features produce summaries and suggestions to assist you — a person stays in control.

Passwords are stored hashed (never in plain text). Access requires a login, and each business’s data is separated (multi-tenant isolation). Connections use HTTPS, files are kept in private storage, and sessions expire. No system is perfectly secure, but we take reasonable steps to protect your information.

If a data breach occurs that is likely to result in serious harm, we will notify the affected individuals and the Office of the Australian Information Commissioner, in line with Australia’s Notifiable Data Breaches scheme.

We keep project and induction records for as long as the business using Reo needs them — induction and safety records are often kept for several years to meet WHS obligations. We keep account details while your account is active. We delete or de-identify information when it is no longer needed, subject to any legal retention requirements. When you delete information, residual copies may remain in our routine backups for a period before they are removed.

You can view, edit or delete much of your data directly in the app. You may also ask us to access or correct your personal information, or request deletion of your account, by emailing us. Deleting your account removes your login; records your company shares remain with the company unless they are deleted. If you are a worker who signed an induction, contact the business operating that site, or us, and we will help. You can also decline to provide certain information, though some features may not work without it.

If you have a privacy concern, email us first and we will work to resolve it. If you are not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Reo may link to other websites (for example, the OAIC). We aren’t responsible for their content or privacy practices — please review their own privacy statements.

Reo is a workplace tool and is not directed at children. We do not knowingly collect information from anyone under 16.

We may update this policy from time to time. We will change the “last updated” date above, and significant changes will be made clear in the app.

Questions or requests about your information? Email privacy@reoapp.com.au (Reo).