Hemma is a quiet, connected surface for the buildings we live in. To do that, we handle personal information about residents, owners, committees and managers. This policy explains what we collect, why, and the choices you have — written for Australia first.
Hemma is operated by Hojae Jung (ABN 52 404 425 649) from Sydney, New South Wales, Australia. In this policy, “Hemma”, “we”, “us” and “our” mean Hojae Jung trading as Hemma, the operator of the myhemma.app service. We treat personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and we apply those standards even where a small-business exemption might otherwise be available.
This policy applies to everyone who uses Hemma — residents and owners, committee members, on-site building managers, and anyone whose details are added to a building’s directory. It covers the Hemma website, the web app at myhemma.app, and the things we do behind the scenes to run the service.
Your building (and any strata or management firm that runs it) may have its own privacy policy covering how they handle your information. This policy only covers what Hemma does.
We don’t go looking for sensitive information (such as health, religion or political views) and ask that you don’t post it. If you choose to include it in content you create, you consent to us handling it to provide the service.
We use personal information to:
We do not sell your personal information. We disclose it only:
Hemma is built on a small number of reputable infrastructure providers, including Supabase (database, authentication and file storage) and Vercel(application hosting). These providers process information on our behalf so we can run the service.
Some of these providers, or their data centres, may be located outside Australia (for example in the United States or other countries). This means your personal information may be stored or processed overseas. We take reasonable steps to ensure our providers handle your information consistently with the Australian Privacy Principles, but the laws of those countries may differ from Australian law.
We use cookies and similar technologies that are necessary to sign you in, keep you signed in, and remember basic preferences. We keep tracking to the minimum needed to run and improve the service, and we do not use Hemma to build advertising profiles about you. You can control cookies through your browser, though turning off necessary cookies may stop you from signing in.
Most messages we send are service messages — invitations, password resets, security notices and product updates relevant to your building. From time to time we may send you optional updates about Hemma. Where the Spam Act 2003 (Cth) applies, any such marketing will identify us and include an easy way to unsubscribe. You can opt out of optional messages at any time without affecting essential service communications.
We take reasonable steps to protect personal information from misuse, loss and unauthorised access, including encryption in transit and at rest, and access controls so people only see data for buildings they belong to. You can read more on our Security page. No online service can be guaranteed to be perfectly secure, so we also rely on you to keep your login details safe.
We keep personal information for as long as your account is active and as long as we need it to provide the service, then for a reasonable period afterwards to meet legal, accounting or dispute-resolution needs. When information is no longer needed, we take reasonable steps to delete it or de-identify it. If you ask us to delete your account, we will do so subject to any records we must keep by law.
Under the Australian Privacy Principles you can ask us for a copy of the personal information we hold about you, and ask us to correct it if it’s wrong or out of date. Much of this you can do yourself in your profile. For anything else, email us at privacy@myhemma.app and we’ll respond within a reasonable time, usually within 30 days.
If you have a privacy concern, please contact us first so we can try to fix it. If you’re not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
We have processes to detect and respond to data breaches. If a breach occurs that is likely to result in serious harm, we will notify affected individuals and the OAIC as required by the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).
Hemma is intended for adults who live in, own or help run a building. It is not directed at children, and we don’t knowingly collect information from anyone under 16 without the involvement of a parent, guardian or building manager.
Hemma is built for Australia first. If you use Hemma from outside Australia, your information will be handled under this policy and Australian law. As Hemma expands, we will add region-specific terms (for example for the GDPR in Europe) where they apply.
We may update this policy as Hemma grows or the law changes. If we make a material change, we’ll update the date at the top and, where appropriate, let you know in the app. Continuing to use Hemma after a change means you accept the updated policy.
For any privacy question or request, email privacy@myhemma.app. For anything else, you can reach us at hello@myhemma.app.