Privacy Policy
Last updated: 9 June 2026
This Privacy Policy describes how Mosh Support Pty Ltd, trading as Apex Secure Tech (ABN 38 672 919 630) (“Apex“, “we“, “us“, or “our“) collects, uses, stores, and discloses personal information when you use the Apex Secure mobile application and associated cloud platform (the “Service“).
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Who We Are
Mosh Support Pty Ltd, trading as Apex Secure Tech is an Australian-owned company that provides privacy-first vape detection technology to schools, boarding houses, and commercial properties. Our contact details:
- Legal entity: Mosh Support Pty Ltd (trading as Apex Secure Tech)
- ABN: 38 672 919 630
- Email: contact@apexsecuretech.com
- Website: https://apexsecuretech.com
- Postal address: Available on request
2. What Information We Collect
2.1 Sensor data
Our ceiling-mounted sensors collect environmental air-quality measurements only, including particulate matter (PM2.5), total volatile organic compounds (TVOC), carbon dioxide (CO2), temperature, and relative humidity. The sensors do not capture, store, or transmit any imagery, audio, video, or personally identifiable information about individuals at any time.
2.2 Account information
When you create an Apex Secure account, we collect:
- Your name
- Email address
- Mobile phone number (optional)
- Organisation / school you are associated with
- Role within the organisation (administrator, staff, viewer)
- Password (stored only as a one-way cryptographic hash — we cannot read your password)
2.3 Usage and technical information
When you use the Service, we automatically collect:
- Device type and operating system (e.g., iOS 18, Android 14)
- App version
- IP address (used for security and region detection only)
- Login times and session duration
- Actions taken within the app (alert acknowledgements, dashboard views)
- Crash reports and diagnostic logs
2.4 Push notification tokens
If you enable notifications, we collect a device push notification token issued by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) so we can deliver real-time alerts to your device. This token does not personally identify you outside the Service.
3. What We Do NOT Collect
We do not collect, store, or process:
- Imagery or video from any source
- Audio recordings of any kind
- Personally identifiable information about students or other building occupants
- Biometric data
- Location data outside of the school site at which a sensor is installed
- Contact lists, photos, calendars, or other personal device data
- Financial information beyond what is required for billing
4. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Authenticate users and secure accounts
- Deliver real-time vape-detection alerts to nominated staff
- Generate trend reports and dashboards for authorised administrators
- Communicate with you about service updates, support requests, and account matters
- Comply with legal obligations under Australian law
- Investigate, prevent, or address fraud, security issues, or violations of our terms
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5. How We Store and Protect Your Information
5.1 Data residency
All personal information and sensor data are processed and stored within Australian-controlled cloud infrastructure. Data does not leave Australia in normal operation.
5.2 Security measures
We implement industry-standard security controls, including:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for data at rest
- Role-based access control with the principle of least privilege
- Multi-factor authentication for administrator accounts
- Regular security audits and penetration testing
- Logging and monitoring of access to personal information
5.3 Data retention
- Sensor air-quality readings: retained for 12 months for trend reporting, then aggregated and anonymised
- Account information: retained for the duration of your relationship with us, plus 7 years to comply with Australian record-keeping obligations
- Diagnostic and crash logs: retained for 90 days
- You may request earlier deletion of your data — see Section 8
6. Who We Share Information With
We share personal information only as follows:
6.1 Within your organisation
Authorised administrators and staff at your school or organisation can see information related to your account and the sensors installed at that site.
6.2 Service providers
We use trusted third-party service providers to operate the Service, including cloud hosting, push notification delivery, and email communications. These providers are contractually bound to handle data only for the purposes we specify and to maintain appropriate security.
6.3 Legal compliance
We may disclose personal information if required by Australian law, a valid court order, or to protect the rights, property, or safety of Apex, our users, or the public.
6.4 Business transfers
If Apex is involved in a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring party, subject to the protections in this policy.
7. Your Rights
Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Correct any information that is inaccurate, out of date, or incomplete
- Request deletion of your personal information, subject to legal retention requirements
- Withdraw consent to optional data processing at any time
- Lodge a complaint about how we handle your personal information
To exercise any of these rights, contact us at contact@apexsecuretech.com. We will respond within 30 days.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at https://www.oaic.gov.au or 1300 363 992.
8. Children’s Privacy
The Service is designed for use by authorised adult staff at schools and other organisations. We do not knowingly collect personal information from children under 18. The sensors deployed by Apex do not collect any identifiable information about individuals — including children — in the spaces they monitor.
If you believe a child has provided us with personal information through the Service, please contact us at contact@apexsecuretech.com and we will investigate and delete the information promptly.
9. International Users
The Service is primarily intended for use in Australia. If you access the Service from outside Australia, please be aware that your information may be processed and stored in Australia, which may have data protection laws different from those in your country.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to active users by email and posted on our website at least 30 days before they take effect. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, contact us at:
- Email: contact@apexsecuretech.com
- General contact: contact@apexsecuretech.com
- Website: https://apexsecuretech.com
- ABN: 38 672 919 630
This Privacy Policy is governed by the laws of Australia, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles.