Sigmark
Privacy Policy
Last updated: 3 May 2026

Sigmark ("we", "us") is a railway signalling Testing & Commissioning markup application. This Privacy Policy explains what personal information we collect when you use Sigmark, how we use and share it, and the choices you have. We handle your information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

1. What we collect

Sigmark is invitation-only and operates as part of a railway signalling Testing & Commissioning (T&C) workflow. We collect:

  • Account data — your email address, full name, profile photo (if you sign in with Google or Microsoft), and the role you've been assigned in Sigmark (tester, TIC, designer, view-only, super-admin).
  • Identity data for the audit trail — your professional identification (e.g. RIW card number), training / certification records linked from our companion application Sigtrace, and the organisation that invited you.
  • Work-product data — every drawing markup, stamp, signature (captured fresh per stamp event as vector strokes), comment, book-out, audit event, and other action you take in Sigmark.
  • Device + session data — browser type, IP address, device fingerprint elements, and (with your permission) device geolocation samples recorded against safety-critical actions you take.

2. How we use it

  • To provide the Sigmark service and let you collaborate within the projects you've been invited to.
  • To maintain a tamper-evident audit trail of who did what, where, and when — this is a regulatory and contractual requirement of the rail operators we work with, and is the core purpose of Sigmark.
  • To authenticate you, detect abuse, and keep accounts secure.
  • To communicate with you about your account, the service, and changes that affect you.

3. Who we share it with

  • Project members.Other invited members of the projects you work in can see the work you've done and your identity attached to it. This is essential for the audit trail and for collaborative T&C.
  • Sigtrace. Sigmark shares an identity layer with Sigtrace, our companion competency / training application. Your profile, role, and certifications are visible across both apps.
  • Service providers. Sigmark runs on Cloudflare Workers, and our database + authentication are provided by Supabase. These providers process data on our behalf under their own security and privacy commitments.
  • The rail operator. Project data — including the audit trail of your contributions to a project — is owned by the rail operator or principal contractor that licenses Sigmark for that project. They can access, export, and retain it for as long as their evidence-retention obligations require.
  • Legal and safety requests. We may disclose information when required by law, by a regulator, or where reasonably necessary to investigate a safety incident.

4. Where we store it and how long we keep it

Sigmark data is stored on infrastructure operated by Supabase and Cloudflare. Your account data is retained for as long as your account is active, and for a reasonable period afterwards as required by law.

Audit-trail entries are retained for the lifetime of the project's evidence requirements — typically the operational life of the signalling assets being commissioned. This means specific audit events you generated cannot be deleted on request even if your account is deleted, because they form part of the legally-required commissioning evidence chain. See Delete my account for details.

5. Your rights

  • You may request access to the personal information we hold about you.
  • You may request correction of inaccurate information.
  • You may request deletion of your account — see Delete my account. Audit-trail entries are subject to the retention obligation described above.
  • You may complain to us about our handling of your information, or to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

For users in the European Economic Area or United Kingdom, equivalent rights under the GDPR / UK GDPR apply, with the same audit-trail retention exception.

6. Cookies and local storage

Sigmark uses cookies and browser local storage for authentication (Supabase session cookies), to remember your interface preferences, and to maintain the offline-capable Progressive Web App shell. We do not use third-party advertising cookies or analytics trackers.

7. International transfers

Some of our service providers store or process data outside Australia. Where this happens, we take reasonable steps to ensure your information is protected to a standard comparable to the APPs.

8. Children

Sigmark is a professional tool for adult signalling engineers, technicians, and inspectors. It is not directed at and we do not knowingly collect personal information from anyone under 16.

9. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. Significant changes will be communicated to active users via Sigmark or by email.

10. Contact us

Questions about this policy or our handling of your information go to integrations@lineside.app.