This Privacy Policy ("Policy") explains how Genvis Pty Ltd ("Genvis," "we," "us," or "our") collects, uses, stores, and protects your personal information when you use the Milli service across all platforms (mobile app, web portal, and any future services provided). By using Milli, you agree to the terms of this Policy. This Policy is governed by and complies with the Australian Privacy Act 1988 (Cth), and to the extent applicable, the General Data Protection Regulation (GDPR) and other relevant privacy legislation in jurisdictions where we operate. While Milli is primarily designed for users in Australia and Canada, it may also be made available in other selected countries, subject to applicable local laws. It is not currently marketed for broad global use. For Milli's Terms of Service, please visit here.

1. Information We Collect

When you use Milli, we may collect the following types of information, along with the lawful basis under which each is processed:

• Personal Information (e.g., name, email address, phone number): Collected with your consent when you sign up or communicate with us.

• Account Information (e.g., username, password): Processed as part of contractual necessity to manage your account and enable secure access.

• Uploaded Content (e.g., documents, images): Stored and processed under contractual necessity to provide you with the service you request.

• Messages & Communication: Processed under legitimate interest and contractual necessity to facilitate your engagement with support services or other users you authorise.

• Usage Data (e.g., feature interactions, time spent, device type): Collected under legitimate interest to maintain security, diagnose issues, and improve our service.

• Location Data (optional): Collected only with your explicit consent when required for certain features (e.g., emergency functionality).

• Sensitive Data (e.g., information related to personal safety or well-being): If and when collected through user-uploaded content or authorised communications, this data is handled with enhanced safeguards, minimised collection, and strict access controls. We rely on your explicit consent or clear contractual necessity to process this information.

We may also use cookies or similar technologies for analytics, diagnostics, and service improvements. Analytics data is used in aggregated or anonymised form wherever possible to support service improvement and reduce the risk of re-identification. These may include tools such as Google Analytics, Google Firebase, and other third-party analytics or tracking tools as needed to support app functionality and user experience. These services may collect information about your device, usage patterns, or preferences, subject to their own privacy practices. Where applicable, consent for cookies or tracking will be requested, and you can manage your preferences via your device, browser settings, or in-app controls. For more information, see:

• Google Privacy & Terms

• Firebase Privacy and Security

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Milli service

• Facilitate messaging and content storage features

• Communicate updates, alerts, and support information

• Monitor usage for security and service integrity

• Comply with legal obligations or respond to lawful requests

• Use anonymised or aggregated data for analytics, service improvement, or reporting purposes, provided it cannot reasonably identify you

3. Data Storage and Security

Genvis is a trusted technology partner to governments and non-profits operating in public safety and community support. We apply industry best practices and are independently certified to SOC 2 Type II. Combined with our use of Amazon Web Services (AWS) we implement rigorous security frameworks to safeguard your data:

• Hosting and Data Residency: All personal data is securely hosted on Amazon Web Services (AWS) infrastructure located in Canada. AWS maintains a range of internationally recognised certifications and standards, including ISO 27001, ISO 27017, ISO 27018, and SOC 2 Type II, supporting the secure and compliant handling of data.

• Encryption: We use industry-standard encryption for data in transit and at rest to help prevent unauthorised access.

• Access Control: Only you and authorised parties you connect with can access your content. Access is managed through secure login credentials, in-app permissions, and role-based access protocols.

• Security Incident Response: In the event of a security breach or suspected unauthorised access, we follow a documented incident response plan. Where required by applicable law, affected users will be notified promptly and provided with relevant information.

You are responsible for maintaining the confidentiality of your login credentials and managing access to your account through your app settings.

4. Sharing Your Information

We only share your information when necessary and with appropriate safeguards:

• With Authorised Service Providers: We may engage third-party service providers to support Milli's operations (e.g. infrastructure hosting, support delivery, analytics, and system monitoring). These providers are subject to contractual data processing obligations, including confidentiality, data protection standards, and restrictions on secondary use of personal information.

• With Your Consent: When you opt to share data (e.g. with a trusted organisation or service provider within the app), we will honour those permissions and provide tools to manage or revoke access.

• With Todaybreak: Anonymised or aggregated data may be shared with Todaybreak, a non-profit program partner, for social impact evaluation, reporting, or research. No personally identifiable information will be shared without explicit consent.

• For Legal Compliance: We may disclose personal information when required to comply with laws, regulations, court orders, or enforceable government requests.

• In Business Transfers: Your information may be transferred as part of a merger, acquisition, restructuring, or other business transaction, provided equivalent protections remain in place.

We aim to ensure that third-party processors handling personal data meet high standards of security and privacy. While we do not have formal Data Processing Addendums (DPAs) in place with all vendors, we make reasonable efforts to work with service providers that implement sound data protection practices, apply access controls, and limit the use of personal data strictly to what is necessary for delivering their services to us.

You can revoke data sharing or service provider access at any time through the app settings.

5. Your Rights and Control Over Your Information

You have the right to:

• Access your data

• Update or correct your data

• Delete your account and associated data (subject to legal retention requirements)

• Object to or restrict the processing of your data, where permitted under applicable law (such as the GDPR)

• Manage your communication preferences

To exercise any of these rights, please contact us at support@genvis.co. We aim to respond to all privacy-related requests within 30 days, subject to verification of your identity and any applicable legal limitations.

6. Data Retention

We retain personal information only for as long as necessary to provide Milli services, meet legal obligations, resolve disputes, and enforce our agreements. When your data is no longer required for these purposes, we take steps to securely delete or anonymise it.

If you delete your account, your personal information will be removed from active systems within 30 days, except where retention is required by law or permitted for legitimate business or legal purposes (e.g. fraud prevention, compliance, or dispute resolution).

We may retain anonymised and aggregated analytics or insights data indefinitely for the purposes of improving the service, conducting research, or supporting program evaluation. This data does not identify you and is not linked to your personal information.

Please note that deleted data may continue to exist in encrypted backup archives for a limited time as part of our disaster recovery and business continuity procedures. Such backups are subject to automatic deletion in accordance with our backup cycle and are not restored or accessed except in the event of system failure or data loss.

7. Privacy for Children

Milli is not intended for children under the age of 13, and we do not knowingly collect personal information from children. We do not use the service to profile, track, or target advertising to underage users. If we become aware that we have collected personal information from a child under 13 without appropriate parental or guardian consent, we will delete it promptly. Where required under laws such as COPPA (U.S.), GDPR-K (EU), or Australia's Online Safety Act, additional safeguards are applied, including restrictions on collecting or using data from children without parental oversight. If you believe we have collected such information in error, please contact us immediately.

8. Changes to This Privacy Policy

We may update this Policy from time to time. If we make material changes, we will notify you via in-app message or by email and update the "Effective Date" shown above. Where required by law or if the changes significantly affect your rights, we may request your affirmative consent before they take effect. Otherwise, your continued use of Milli after the update constitutes acceptance of the revised Policy.

We recommend reviewing this Policy periodically to stay informed.

9. Contact Us

If you have questions or would like to exercise your privacy rights, contact us at:

Email: support@genvis.co

Mail: Genvis Pty Ltd, 144 Railway Parade, West Leederville 6007, Western Australia