Skip to main content
Login
Book a demo

  1. the intel

    Go to The Intel

    trust center

    Explore Trust Center

    COmpany

    About us

    About us

    Stopping retail crime in its tracks, worldwide.

    Careers

    Careers

    Join us in making retail stores safer for everyone.

    Contact us

    Contact us

    Connect with our team for support or inquiries.

  2. Login
  3. Book a demo

Australia Privacy Statement

We take our responsibility for effective data handling and privacy seriously.

This public privacy statement explains how Auror’s Crime Intelligence Software (the “Software”) helps retailers to gather, use, and share information about retail crime incidents (“Events”) lawfully and respectfully, and how we at Auror work with those retailers to process personal information. It also sets out how we at Auror use personal information when you interact with us as a potential client and/or when you use our website.  

References to “Auror”, “we”, “us”, or “our” in this Privacy Statement relate to Auror Australia Pty Ltd and this Privacy Statement captures the processing of personal information by Auror Australia Pty Ltd in Australia (www.auror.co). We take information privacy and security extremely seriously, and we take steps to ensure that we, our Software and our customers adhere to all relevant privacy legislation. We want to create a safe society and enable retailers and law enforcement to protect themselves and their communities by bringing offenders and crime groups to justice. We believe that providing the right information to the right people at the right time will help to reduce crime.

The Software is designed to protect retailers, their customers and the community more broadly from harm by giving retailers, law enforcement agencies and their staff (our “Users”) a safe and secure way to gather and use personal information about incidents and risks occurring within retail environments. The Software then enables Users to access data in a controlled and responsible way.

If your personal information is on the Software, it is because a retailer you have interacted with, or a law enforcement agency, has chosen to upload your information.

  1. Auror’s privacy role
  2. Updates to this Privacy Statement
  3. Auror helps retailers to collect personal information responsibly: the use of the Software to report Events
  4. Personal information we may hold
  5. Where we obtain your personal information
  6. Sharing your personal information 
  7. International data transfers
  8. Keeping your personal information safe 
  9. Retaining your personal information 
  10. Your rights
  11. Contacting us or complaining about the processing of your personal information 

Auror’s privacy role

Auror has the following roles in relation to its Software: 

  • Intel: In providing the Software, Auror stores and processes certain personal information on behalf of Users and according to the instructions of those Users. Users can use the Software to create Event Profiles (i.e. a profile relating to a specific incident which has occurred in their store, for example alleged theft) and Person Profiles (i.e. a profile relating to an individual who may have been involved in an Event). Auror acts as a service provider (on behalf of our customers) for this personal information to the extent that Users upload it to the Software for the purposes of logging, reporting and/or investigating Events occurring in their stores. This means we do not use that information for our own purposes, and instead we only use it to the extent that doing so facilitates Users’ use of the Software. Retailers may only upload data relating to alleged offences that occur within their stores and the retailer must upload supporting evidence in relation to such offence (e.g. CCTV footage). Information about ordinary retail customers is not uploaded or stored in the Software.
  • Investigate: Auror provides Users with a case management module on an opt-in basis, which is a dedicated secure environment in which Users may collaborate on incident investigations and manage associated workflows. Auror acts as a service provider (on behalf of our customers) for any personal information input into the module by Users and facilitates Users’ use of the module.
  • Insights: Auror provides Users with a self-service data visualisation and reporting tool on an opt-in basis, which enables Users to create dashboards or highlight trends from the information they input into the Software, including personal information. Auror acts as a service provider (on behalf of our customers) in facilitating Users’ use of the module.
  • Automatic Number Plate Recognition (“ANPR”): Auror provides Users with an ANPR module on an opt-in basis, which allows Users to use the Software to store and process ANPR data collected by that User’s existing ANPR cameras, so that Users can review footage, receive alerts when specific ‘vehicles of interest’ enter their premises and act accordingly (including by notifying the police where required), and record number plates associated with Event and/or Person Profiles. Auror acts as a service provider (on behalf of our customers) with respect to ANPR data. Auror does not operate any ANPR cameras: it simply processes the data collected by its customers’ existing cameras. We would encourage you to read the signage and/or notices provided by retailers relating to their use of ANPR cameras. The ANPR module is used solely for the detection, investigation and prevention of crime, and not for any other purpose (e.g. parking enforcement).
  • Connect the Dots (“CTD”): Auror provides Users with an opt-in functionality that uses personal information to suggest high probabilistic ‘profile merges’ where an individual is potentially involved in more than one Event. This functionality helps Users to identify and investigate alleged repeat offending. Users may also further opt in to use retrospective facial recognition technology to assist with this purpose, which is limited to the facial images of alleged offenders and is processed post-Event. Facial images of ordinary retail customers are not collected by retailers or processed in CTD. Profile merge suggestions are always surfaced to Users for human review and confirmation.

Processing of personal information under data sharing arrangements with retail Users

Where Auror provides certain Software features to retail Users for crime detection, prevention and investigation purposes, Auror may receive personal information about individuals from those retail Users as part of delivering those contracted services under a data sharing arrangement. Auror’s collection of this information is reasonably necessary for its function of providing these services and is limited in scope to that purpose.

In these circumstances, Auror processes the received personal information to generate:

(a) high-level aggregated Software Insights, which provide retail Users with an overall picture of offending activity; and/or

(b) profile merge suggestions, which are presented to retail Users for human review and confirmation as part of the Connect the Dots module.

These outputs may themselves constitute personal information. Auror discloses them only to the relevant retail Users that provided the underlying information, for the same crime detection, prevention and investigation purposes for which that information was originally collected.

Retail Users who receive personal information through Auror’s Software are responsible for ensuring that individuals are notified of the collection and processing of their personal information in accordance with applicable privacy laws. Auror’s data sharing terms with retail Users require them to meet these obligations.

Auror otherwise collects personal information in business-as-usual processing where we process the personal information of our actual or potential Users for system administration purposes. This includes enabling Users to make use of the Software or contacting Users with important information relating to their use of the Software or their account. We also collect personal information when we anonymise data provided by Users to understand anonymised global trends and statistics in relation to Events recorded on the Software.

This privacy statement gives you detailed information on why and when personal information is collected as part of the Software, how we use your personal information in the limited circumstances when we collect it from Users, how we keep it secure, and how you can let us know if you would like us to change how we manage it. 

Updates to this Privacy Statement 

We regularly undertake Privacy Impact Assessments (even in our capacity as a service provider) to ensure privacy is built into our Software by design and by default, and so we may update this statement from time to time. These changes may reflect changes to privacy regulation or the Software, so we will inform you of any significant changes via our website where appropriate. This statement was last updated in June 2026.

Auror helps retailers to collect personal information responsibly: the use of the Software to report Events

We want to take the opportunity in the first instance to provide some information about how the Software works where Users upload personal information to report and/or investigate Events or suspected criminal activity. As noted above, Auror primarily acts as a service provider on behalf of our retail customers with respect to personal information collected in this context, but we wanted to provide some information to you about how Users might make use of the Software and the steps that we have taken to ensure that personal information is used by Users lawfully and responsibly, even when we act as a service provider. 

Our Users upload information to the Software using an online reporting form. Users may collect this information directly from an alleged offender involved in an Event, from a staff member or customer who has witnessed an alleged offence, or from CCTV footage they have captured using their own cameras. The Event reporting form is designed to ensure that Users upload and share only personal information that is relevant, accurate and up to date. Users rely on the Software to collate information about alleged retail crime to provide them with intelligence that assists with the prevention of crime and the protection of people and assets. The Software is designed to control the use and sharing of personal information, reducing the reliance on ad hoc and insecure information sharing.

Users, including law enforcement agencies, may also contribute personal information within the Software by commenting on Events, or by identifying links between Events and offenders. To the extent that we process personal information as a service provider on behalf of our Users, the Software allows its Users to process personal information to:

  • Prevent any incidents that may present a risk to a User, the User’s staff, or to the public.
  • Investigate an Event or alleged criminal offence.
  • Identify repeat offenders and organised crime groups.
  • Notify Law Enforcement that an Event has occurred.
  • Provide real-time alerts to other Users.
  • Prosecute or otherwise take legal action in respect of an Event or alleged criminal offence.

We require our Users to be open and transparent with the public about the personal information they may upload and process as part of the Software (including Auror’s role in that process). They do this by displaying signage on their premises and within their own privacy statements (or equivalent documents). We encourage you to read such statements and/or signage carefully. Our Terms of Use also require our Users to ensure that they have evidence of an alleged offence or Event before uploading details about it to the Software. 

We have also built safeguards into the Software that apply to the way information is processed by our Users. All our Users must agree to Terms of Use that limit access to the Software and the ways in which they can use the Software.

Here are some specific things the Software does not facilitate for Users:

  • Racial profiling
  • Predictive profiling or analytics
  • Solely automated decision-making about people
  • Biometric categorisation, behavioural detection or emotional recognition
  • On-selling personal information to third parties.

Auror has also developed a process to ensure that we always consider privacy when we innovate and improve the Software.

In particular, we will always do our best to make sure a change enables our Users to:

  • use data for good
  • collect only relevant and necessary personal information
  • keep data safe and secure
  • be transparent about data use and help data subjects embrace their privacy rights.

Personal information we may hold 

Personal information is any information that relates to an individual. It does not include information where the identity of the individual has been fully and effectively removed (anonymised data). The Software is designed to limit the personal information Users can upload, to ensure that they only retain and use relevant, accurate and necessary information that will assist with public safety and crime prevention. The Software also enables Users to crop and redact any images of innocent bystanders to ensure that they are not identifiable in the information captured and shared by the Users on the Software.

Personal information in relation to alleged criminal offending

As noted above, we act as a service provider on behalf of Users to the extent that those Users upload, or otherwise use personal information to investigate a particular Event or alleged criminal offence. In limited circumstances under a data sharing arrangement, Auror uses personal information to provide certain Software features to Users, including: (i) Software Insights, and (ii) profile merge suggestions as part of the Connect the Dots module. Personal information is not used for any purpose beyond delivering the relevant service to those Users.

We may collect the following “Event Information” from our Users as part of the Software: 

  • Any available image and video (NB we would encourage you to read any notices and signage provided by retailers in relation to the use of image/video surveillance technology, including CCTV)
  • Names
  • Age, Height, Gender, Build
  • Distinguishing features and behavioural characteristics
  • Details of the Event, including date, time, location, and any products involved
  • Details of any vehicles involved in the Event.

The nature of the Software means that Users may upload personal information that is considered more ‘sensitive’ including data relating to actual or alleged criminal offences and some forms of sensitive personal information that may be incidental information to a reported Event (Auror does not enable Users to collect information concerning health, skin colour or ethnicity). If opted into by a retail User, the Connect the Dots module may also use retrospective facial recognition technology to generate facial biometric information captured from the User’s existing CCTV cameras. This feature is used by retail Users to look for high probability match suggestions between Events previously uploaded to the Auror Software that may have involved the same individual. Any match suggestions must always be verified by an appropriate person at the relevant User.

Personal information of Users

In respect of Users who access the Software, we may also collect the following “Business-as-usual Information” as part of our general, day-to-day interactions with you when you use the Software as an employee of a retailer or a law enforcement agency that has subscribed to (or is considering subscribing to) the Software: 

  • Names, 
  • Contact Details (including email address and phone number); 
  • Job title.

When you are a User who accesses the Software or our website, we also collect “Technical Information” about your computer, including, where available, your IP address, operating system and browser type.

Where we obtain your personal information

As noted above, we may collect or hold personal information about you from different sources, including from: 

  • You directly, if you: 
    • provide information about an Event that you have witnessed via the Software, or you are providing your details as part of signing up to use the Software as an employee of a User; 
    • contact us via email, phone, in person or by post; 
  • If you are a User (whether retailers or law enforcement), when you report an Event, or provide a comment about an Event that you were involved in via the Software; and/or 
  • Retail and law enforcement Users, if they provide information about an Event that may involve your personal information into the Software.

Sharing your personal information

Where we process personal information on behalf of, or for, Users, we do not share that information with third parties except where a User instructs us to do so or where we have engaged contractors to assist in delivering our services (such as to host the Software). This applies in two circumstances:

  • where we act as a service provider and process personal information on behalf of retail Users solely on their instructions and for their purposes; and
  • where we operate under a data sharing arrangement and receive personal information from a retail User to generate specific outputs (such as Software Insights or profile merge suggestions) and disclose those outputs back to the relevant User(s) for the same purposes for which they originally collected the information.

Where Auror otherwise collects your personal information, we may share your personal information with third parties. This includes: 

  • With contractors or other third parties that provide services on our behalf;
  • Pursuant to a subpoena, court order or other legal process or as otherwise required or requested by law or regulation, or to protect our rights or the rights or safety of third parties; 
  • In the event of a business reorganisation, merger, sale, or other corporate transaction;
  • With your consent or as otherwise disclosed to you at the time of data collection or sharing. 

International data transfers

All personal information is stored in data centres located in Australia. 

If we do intend to send your personal information outside of Australia (such as to service providers or third parties who operate or store data outside Australia), we will take steps to ensure that your personal information is protected in accordance with applicable laws and appropriate safeguards.

Keeping your personal information safe 

We take all reasonable steps to keep all data uploaded by Users, including personal information, safe and secure.

We encrypt all information in transit to and from Auror using SSL 256-bit encryption. Transport Layer Security (TLS/SSL) is used to protect the transfer of information to our hosted servers. The Software is also securely encrypted and our data centres comply with industry leading security policies and standards, including SOC 1/SSAE 16/ISAE 3402, and SOC 2 Type 2. 

We also have policies, procedures, and contracts that ensure the people who use the Software play their part in keeping data secure. The Software limits the information a particular User can view on the basis of that User’s role, selected preferences, and the preferences of other Users in their community. All use of the Software is logged and can be audited by Users to ensure that the personal information it contains is not misused.

While we seek to use appropriate organisational, technical and administrative measures to protect personal information within our organisation, unfortunately no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact us” section below.

Retaining your personal information

The Software is configured to help Users ensure that personal information is retained only for as long as they have a lawful purpose to use it. When a User no longer needs to retain personal information in an identifiable form, they can either delete it (manually or via automated deletion when a preconfigured retention period expires) or ask us to anonymise it so it can be used for statistical analysis only. Please see the privacy statements (or similar) of our relevant Users to understand their retention periods. 

Where personal information is used to create Software Insights, those insights are updated automatically as and when the underlying personal information is deleted or updated by the relevant User, and Auror does not retain any historical insights. 

Similarly, when a User has opted into the CTD or ANPR modules and then deletes their data from the Software, that data will no longer be part of CTD or ANPR (in other words, the personal information will not be processed by Auror after the User has deleted it). 

When a User terminates their agreement with Auror, we delete all personal information they uploaded to the Software. We do not retain User personal information for our own purposes, though, as noted, we may retain anonymised data in order to continuously improve our Software, products and services.

Your rights 

You have important privacy rights with respect to your personal information.

You have the right to:

  • Request access to the personal information about you on the Software;
  • Request that your personal information held on the Software is corrected if it is wrong or requires updating.  

If you believe your personal information has been uploaded to the Software by a User: Our agreements with each User make clear that the User is your contact point for any rights requests you make (and you can find those contact details in the privacy statement or equivalent of the relevant User). However, we’re committed to making sure you can exercise your rights easily, and so we’ve created pathways for you to make requests to the Users that have uploaded personal information to the Software. To exercise any of the rights set out above, please email us at privacy@auror.co.

If your request relates to an Event which you believe may have been added to the Software, to assist the relevant User with processing your request please provide your full name and the time and location of the possible Event. In certain cases it may be necessary to ask for additional information if there is a reasonable doubt as to your identity. We will notify the relevant User of your request and help them process your request as soon as possible, and no later than 20 working days (one calendar month) after it has been received, unless the User needs to extend the deadline for responding to your request and is permitted to do so under applicable data protection laws (for example if your request is sufficiently complex).

Please note that if you make a request where we are acting as a service provider in relation to your personal information, or our processing otherwise depends on the information provided by and controlled by a User (such as where we receive personal information from the User to provide certain Software services under a data sharing arrangement), Auror cannot make a decision on your request but we will redirect it to the relevant User and assist them to respond in a timely manner. 

Contacting us or complaining about the processing of your personal information

If you have any concerns about the way we or a User have collected or processed your personal information on the Software, you have the right to complain to the Office of the Australian Information Commissioner (“OAIC”). We would always appreciate the opportunity to resolve your concerns directly, so would suggest that you contact the relevant User and/or us (at privacy@auror.co) directly in the first instance before contacting the OAIC.

If you do decide to make a complaint to the OAIC, you can do so here.