Privacy Notice

Last updated: March 2026

1. What Data We Collect

Flood Sentinel collects and stores the following data locally within your deployment:

  • User accounts: Username, role (admin/operator/viewer), and bcrypt-hashed password. We never store plaintext passwords.
  • Session data: Login timestamps, session tokens, and UI preferences (theme, dashboard layout).
  • Forecast preferences: Alert thresholds, notification settings, and watchlist stations configured by each user.
  • Audit logs: Login attempts, configuration changes, and forecast generation events for security and accountability.

2. Hydrological Data

Flood Sentinel is a forecasting engine that reads from your organisation's database. It does not independently collect hydrological data from external sources.

Data sourcing, licensing, and attribution for river levels, rainfall, and other environmental measurements are managed by your data pipeline (e.g., Flood Data Builder or your existing SCADA/telemetry systems).

Flood Sentinel does not transmit hydrological data to any external service.

3. Data Storage & Security

  • All data is stored locally within your deployment (on-premises server, desktop, or your cloud tenant).
  • Passwords are hashed using bcrypt via Werkzeug's security module.
  • API keys and session tokens are generated using Python's secrets module (cryptographically secure).
  • No data is sent to FloodTech or any third party unless you explicitly enable cloud sync.

4. Cloud Sync (Optional)

If you enable the Desktop ↔ Cloud sync feature:

  • Forecast data and model states are synchronised between your desktop and cloud instances over HTTPS.
  • Sync uses a shared API key that you configure. No data leaves your control.
  • You can disable sync at any time by removing the CLOUD_SYNC_URL environment variable.

5. Data Retention & Deletion

  • User accounts can be deleted by an administrator at any time.
  • Hydrological data retention is controlled by your organisation's data management policy.
  • Audit logs are retained for 90 days by default (configurable).
  • Uninstalling Flood Sentinel removes all application data from the local machine.

6. Your Rights

As the data controller, your organisation retains full control over all data within Flood Sentinel. You can:

  • Export all data at any time via the API or CSV export
  • Delete individual user accounts and their associated preferences
  • Purge all historical data via the administration interface
  • Audit all access via the security logs

7. Contact

For privacy-related enquiries, contact your Flood Sentinel system administrator or reach FloodTech at privacy@floodtech.com.au.