Privacy Policy
Diversity Arrays Technology Pty Ltd (“DArT”, “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how KDSmart (“the app”) collects, uses, and shares information about you when you use our mobile application independently and in conjunction with the KDDart platform.
The following sections are separated into the following sub-sections where relevant:
User Data: For this policy, “user data” refers to any scoring data or multimedia collected by users with KDSmart.
Third-Party Data: Device data collected and used by third-party libraries.
1. Data Collection
1.1 Types of Data Collected
Device Information: Device-related information such as hardware model, operating system version, and unique device identifiers.
Location Information: - General Location: Country-level location data gathered from your IP address. - Precise Location: We collect precise location data for required features if location services are enabled.
Crash Data: Diagnostic and crash data is collected via Firebase Crashlytics to improve app performance.
Analytics Data: Firebase Analytics collects anonymised app usage data to track engagement.
Scoring Data: Data collected by users with the app. Scoring data includes (but is not limited to): - Trials, including trial information, layouts, and associated traits and tags with scored values - Traits and trait values (including phenotypic data) associated with plots or sub-plots. - Tags and their application to plots or sub-plots. - Plot information. - Device information, including the device identifier, is recorded when the user scores data. The device identifier is available to identify the device used to capture the phenotypic data when exporting it. However, this is only used to initialise the data item, and you can change it to whatever value you decide if you do not wish to make the device identifier public. - Time and date of scoring activities
Multimedia: Audio and images captured by users in conjunction with scoring data. The app saves multimedia in relation to plots or sub-plots.
1.2 User Data Collection by DArT
We only collect user data if you decide to upload your scored data to a database that is, by formal agreement, managed and located on DArT servers.
KDXchange collects device data from connected KDSmart devices to uniquely identify devices. The KDXchange server does not permanently record device data.
1.3 Third-Party Data Collection
The app uses third-party APIs such as Google Play Services and Firebase, which may collect additional device information. Please refer to their respective privacy policies for more details.
The list of third-party libraries that may collect data or could impact data collection are listed here:
Firebase Libraries (Firebase Messaging, Firebase Analytics, Firebase Crashlytics, Firebase Config, Firebase BOM)
Google Play Services Vision
RxJava/RxAndroid
NanoHTTPD
2. Data Usage
Data usage varies depending on the type of data collected.
2.1 User Data Usage
DArT does not use any user data collected through KDSmart unless:
You choose to upload your collected data to a database managed by DArT under a formal agreement.
You share data with DArT to receive technical support.
2.2 Third-Party Data Usage
Third-party services, including Firebase and Google Play Services, may collect device information for analytics and performance improvement. Their data collection is governed by their privacy policies.
3. Data Sharing
3.1 User Data Sharing
The data users collect is shared only at a location where you decide to perform this operation and only when you choose to perform it.
Share destinations include:
CSV, ZIP or KDX file on your KDSmart device.
KDXchange server (DArT service provided with KDXplore to create a local server on a laptop or desktop to transfer data via Wi-Fi between KDSmart devices).
The KDDart server, when enabled, is only for your chosen server destination.
Third-party sharing services such as Google Drive or Dropbox. Note that these are external sharing services and are distinct from third-party libraries used within the app.
3.2 Third-Party Data Sharing
If you choose to use a third-party data-sharing application, your data is subject to that application’s data security and privacy provisions.
Data collected by third parties is subject to that application’s data security and privacy provisions. This includes third-party sharing applications and third-party libraries used for the reasons described in section 2.2.
4. User Consent and Control
We respect your rights to access, manage, and control your personal data. Depending on your location, you may have certain rights under applicable privacy laws such as the GDPR (for users in the European Economic Area), the CCPA (for California residents), and APP (for Australian users). These rights may vary slightly by jurisdiction, but generally include:
4.1 Right to Access
You have the right to request access to the personal data we hold about you. Upon request, we will provide you with:
Confirmation of whether we process your personal data.
Details about the categories of personal data we collect, the purposes for which we collect and process your data, and the parties with whom we have shared your data.
A copy of the personal data that we process, free of charge (we may charge a reasonable fee for subsequent requests).
4.2 Right to Rectification
If our personal data about you is inaccurate or incomplete, you can request that we correct or update it. We will address and resolve your request as soon as possible and inform you of the action taken. In certain cases, we may need to verify the accuracy of the data you provide.
4.3 Right to Erasure (“Right to be Forgotten”)
You can request that we delete your personal data, subject to certain exceptions. We will remove your data if:
The data is no longer necessary in relation to the purposes for which it was collected.
You withdraw your consent to our processing of your data (if applicable).
You object to the processing, and there are no overriding legitimate grounds for continuing the processing.
The data was unlawfully processed.
Please be aware that in some cases, we may not be able to comply with your deletion request if there are legal or regulatory obligations requiring us to retain your data (e.g., for audit or legal compliance purposes).
4.4 Permissions
The app requires your consent to access location data and storage on your device. The app will prompt you to allow these permissions during app setup.
Storage access is _required_ to save user data on your device.
Location services are _optional_ but needed for GPS-related features.
Camera and microphone access are _optional_ but required for image capture and voice recording features.
You can disable location services, camera access, and microphone access at any time through your device settings, though some features may not work without these permissions.
5. Data Security
We take the following measures to protect your data:
Data Encryption: We use Android’s File-Based Encryption (FBE) to safeguard stored data and encrypted shared preferences for key pairs using AES encryption.
Secure Communication: All data transmitted over the network is encrypted using SSL/TLS protocols.
Secure Storage: We use SQLite with encrypted Room functionality (via Android SDK) for secure local data storage.
The Lockdown feature allows you to protect scoring data with a four-digit PIN code.
6. Data Retention
We only store user data if you decide to upload your scored data to a database that is, by formal agreement, managed and located on DArT servers.
Data collected by third-party services like Firebase or Google Play Services is retained according to their respective privacy policies. DArT does not retain any data collected by these third-party services.
7. Children’s Data
In compliance with the Children’s Online Privacy Protection Act (COPPA):
We do not knowingly collect, use, or disclose personal information from children under 13.
If a parent or guardian becomes aware that their child has provided us with personal information without their consent, they should contact us at [privacy@diversityarrays.com](mailto:privacy@diversityarrays.com). We will delete such information from our files within a reasonable time.
We do not condition a child’s participation in any activity on the disclosure of more personal information than is reasonably necessary to participate in that activity.
Parents can review, delete, manage or refuse with whom their child’s information is shared by contacting us directly.
8. User Contact
If you have any questions about this Privacy Policy or would like to request the deletion of your data, please get in touch with us at privacy@diversityarrays.com
9. Changes to this Policy
We may update this Privacy Policy periodically. We will post changes here; the “last updated” date will reflect the most recent changes. We encourage you to review the policy regularly.
Last updated: 2024-09-18