Marshal Worker Safety — Privacy Policy
1. About this policy and who we are
Marshal Worker Safety (“Marshal”, “the app”) is a lone-worker safety application published by Zetifi Pty Ltd (“Zetifi”, “we”, “us”), ABN 98 621 129 244, C/- Navigate Advisors, 63 Baylis Street, Wagga Wagga NSW 2650, Australia.
Marshal is an enterprise app provided to you by your employer. You receive an invitation from your employer or safety manager and enrol against your employer’s own Microsoft 365 environment. There is no public sign-up, and the app is not sold to individual consumers.
This policy explains what personal information the app handles, why, who it is shared with, and the choices and rights you have. It is written for workers who use the app. If you are a customer organisation evaluating Marshal’s data handling for a security or procurement review, see our separate Privacy Strategy and Security Review materials, available on request.
2. Who controls your information (the important part)
Your personal information in Marshal is controlled by your employer, not by Zetifi.
- Your employer is the data controller. They decide that you use Marshal, what safety workflows run, who on their safety team can see your information, and how long it is kept. Your name, contact details, shift records, check-ins, and safety events are stored in your employer’s own Microsoft 365 tenant, which your employer owns and administers.
- Zetifi is a data processor. We provide the app and the safety gateway that carries safety signals into your employer’s Microsoft 365 tenant. We act on your employer’s instructions. We do not own your employer’s data and we do not use it for our own purposes.
What this means for you in practice: for most requests about your information (see your data, correct it, delete it), the answer starts with your employer, because they hold and control it. We help your employer respond, and we handle the narrow slice of processing that happens on our own systems (described in section 6).
3. What information the app handles, and why
Marshal only handles information needed to keep you safe at work. The table below is the authoritative list.
| Information | Do we collect it? | Linked to you? | Used to track you across apps/companies? | Why |
|---|---|---|---|---|
| Precise location (including in the background) | Yes | Yes, via your employer-issued worker ID | No | To include your location in duress alerts and scheduled check-ins so your safety team can find you, including when the app is closed or not in use |
| Device identifier | Yes | Yes | No | To pair your phone to your worker record and route your safety signals to the right place |
| Crash and performance diagnostics | Yes (via our error-reporting processor, Sentry) | No | No | To find and fix app crashes and performance problems |
| Your name and contact details | Entered by you or your manager at enrolment and stored in your employer’s Microsoft 365 tenant | Yes | No | To identify you to your own safety team; not stored on Zetifi’s own systems |
We do not collect: your contacts, your browsing history, health or fitness data, financial data, advertising identifiers, microphone audio, or your photo library. We do not sell your information, and we do not use it for advertising or share it with data brokers.
Background location
Marshal requests permission to use your location “Always” (in the background) because two safety functions need it to work when your phone is locked or the app is closed:
- Duress alerts. If you trigger an emergency, your alert must include your current location even if your phone is in your pocket.
- Scheduled check-ins. If you miss a check-in, the follow-up needs your most recent location so your safety team can respond.
Before the app asks for this permission, it shows you a clear screen explaining what is collected and why. You can decline, and you can change the permission at any time in your device settings. Some safety features will not work without it.
4. Who your information is shared with
- Your safety team, through your employer’s Microsoft 365 tenant. Your safety events, check-ins, and location during an active event are visible to the managers and operators your employer authorises. This is your employer surfacing their own data to their own staff, in their own environment.
- Zetifi’s safety gateway (transit only). Safety signals pass through Zetifi-operated infrastructure on their way into your employer’s Microsoft 365 tenant. We process identifiers and signals in transit and do not keep a durable copy of your name or a name-to-device mapping on our systems. This is our “transit, not store” design, described in section 6.
- Microsoft. Your data of record lives in your employer’s Microsoft 365 tenant. Microsoft processes it as your employer’s cloud provider.
- Sentry (Functional Software, Inc.), our crash and performance diagnostics processor. Sentry receives a device token and diagnostic data, never your name or username.
- A messaging carrier (for example Telstra), only if your employer enables out-of-band emergency alerts (such as SMS) and only during an active safety event, to reach you or your nominated contact.
We do not share your information with anyone else, except where required by law.
5. Where your information is stored, and international transfers
- Your data of record stays in your employer’s Microsoft 365 tenant, in the region your employer’s Microsoft 365 environment is hosted. We do not move it out of their tenant.
- Zetifi’s safety gateway runs in Amazon Web Services in Australia (Asia Pacific, Sydney). Safety signals transit this gateway; we do not keep a durable copy of your identity there.
- If you use the app outside Australia, your safety signals may transit our Australian gateway. Because the durable copy of your data stays in your employer’s own Microsoft 365 tenant and region, this design keeps your data resident with your employer rather than with us.
6. What Zetifi keeps, and for how long
Zetifi’s design keeps the amount of your personal information on our own systems deliberately small (“transit, not store”). On Zetifi-operated systems:
- We do not keep your name, your contact details, or a mapping from your device to your identity. Those live only in your employer’s Microsoft 365 tenant.
- We keep, briefly: operational logs (metadata such as timestamps and outcomes, around 30 days), crash diagnostics in Sentry (around 30 days), and, where your employer’s plan includes them, signed audit records of safety signals that passed through the gateway (retained for the period your employer’s plan and configuration specify).
- Full detail of what is retained and for how long is in our Data Retention Policy, available on request.
Information held in your employer’s Microsoft 365 tenant is kept and deleted according to your employer’s retention settings, not ours.
7. Your rights
Depending on where you live, you may have rights to access, correct, delete, or restrict the use of your personal information, or to object to certain processing. Because your employer is the controller of your information:
- Start with your employer. Most of your information is held in your employer’s Microsoft 365 tenant, and your employer can show it to you, correct it, or delete it directly.
- We will help. If your request involves the narrow slice of processing on Zetifi’s own systems, contact us at support@zetifi.com and we will assist your employer in responding, consistent with our agreement with them and applicable law.
Exercising these rights will not affect emergency safety functions, which remain available regardless.
8. How to request deletion of your data
You can ask to have your personal information deleted at any time. There is no charge, and you do not need an account or to be logged in to make the request.
- For the information held by your employer (your name and contact details, shift records, check-ins, and safety events in your employer’s Microsoft 365 tenant): contact your employer’s Marshal administrator or safety team. They can delete it directly, because they control and hold it. This is the bulk of your information.
- For the narrow slice held by Zetifi (the operational logs and crash diagnostics described in section 6): email support@zetifi.com with the subject “Data deletion request” and the worker ID or device your employer issued you. We will delete or de-identify the diagnostic and log data associated with that device on our systems and confirm when it is done.
What gets deleted: the diagnostic and operational records tied to your device on Zetifi’s systems. Because of our “transit, not store” design (section 6), Zetifi does not hold your name or a durable name-to-device mapping, so there is very little to delete on our side; the substantive record of you lives in your employer’s Microsoft 365 tenant and is deleted by your employer.
What may be kept: where your employer’s plan includes signed audit records of the safety signals that passed through the gateway, those are retained for the period your employer’s configuration and applicable safety or legal obligations require, and may be held after a deletion request for that period. They do not contain your name.
We respond to deletion requests within a reasonable time, and where a timeframe applies by law, within that timeframe.
9. How we protect your information
- Zetifi’s access into your employer’s Microsoft 365 environment is limited to a single safety site and nothing more. We have no access to your employer’s email, files, calendar, or directory.
- The app sends safety signals over encrypted (HTTPS) connections only.
- The app strips identifying fields before sending diagnostics, and masks sensitive values (such as PINs) before they reach our error-reporting processor.
- Your employer can cut Zetifi’s access to their environment at any time, unilaterally and immediately.
No system is perfectly secure, but the design above keeps the amount of your information exposed to Zetifi small by default.
10. Children
Marshal is a workplace safety app for adults in employment. It is not directed at children and we do not knowingly collect information from children.
11. Changes to this policy
We may update this policy as the app changes. We will post the updated version at the published URL above and update the date below. Material changes affecting how your information is handled will be communicated through your employer.
12. Contact us
Questions about this policy or your information:
Zetifi Pty Ltd Email: support@zetifi.com C/- Navigate Advisors, 63 Baylis Street, Wagga Wagga NSW 2650, Australia
If you are not satisfied with our response, you may have the right to complain to your local data protection authority (for example, the Office of the Australian Information Commissioner in Australia, or your supervisory authority in the EU/UK).
Last updated: 20 June 2026