Legal

Privacy Policy

Effective date: 22 May 2026

FleetMan ("we", "us", or "our") operates the FleetMan platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Service.

FleetMan is an Australian business. This Privacy Policy is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By accessing or using the Service you agree to the practices described here. If you do not agree, please do not use the Service.

1. About us (APP 1)

FleetMan is committed to managing personal information openly and transparently in accordance with the APPs. We maintain this policy to explain our information handling practices and make it freely available on our website.

Privacy Officer
For any privacy-related enquiries, requests, or complaints, contact our Privacy Officer:

2. Information we collect (APPs 3 & 5)

We only collect personal information that is reasonably necessary for our functions. Where practicable, we collect personal information directly from you.

Information you provide

  • Account registration data (name, email address, password hash)
  • Organisation details (fleet name, ABN/ACN, address, billing information)
  • Driver and mechanic profiles (name, licence number, contact details, odometer readings)
  • Vehicle and maintenance records you enter into the platform
  • Payment transactions and security deposit records
  • Damage reports and inspection records
  • Communications you send to our support team

Information collected automatically

  • Log data: IP address, browser type, pages visited, timestamps
  • Device information: operating system, screen resolution
  • Usage data: features used, time spent, error events
  • Session cookies required for authentication (see Section 7)

Notice at collection (APP 5): At the time we collect personal information, or as soon as practicable afterwards, we will take reasonable steps to notify you of the matters set out in APP 5, including the purposes of collection, whether disclosure overseas is likely, and your rights of access and correction.

3. How we use your information (APP 6)

We use personal information only for the primary purpose for which it was collected, or for a directly related secondary purpose, or where you have otherwise consented. Specifically:

  • Provide, operate, and improve the Service
  • Process payments and enforce payment automation rules you configure
  • Send transactional communications (invoices, payment reminders, work-order notifications)
  • Detect and prevent fraud, abuse, and security incidents
  • Respond to support requests and provide customer success
  • Comply with applicable Australian laws and regulations
  • Analyse aggregate, de-identified usage patterns to guide product development

We do not sell your personal information to third parties, and we do not use it for purposes unrelated to providing the Service without your consent.

4. Direct marketing (APP 7)

We may send you product updates, feature announcements, or promotional materials relating to the Service where you have consented or where we reasonably believe you would expect to receive such communications. All commercial electronic messages comply with the Spam Act 2003 (Cth) — they will clearly identify us as the sender and include a functional unsubscribe mechanism.

You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at contact.fleetman@gmail.com. Opting out of marketing does not affect transactional notifications required to deliver the Service.

5. How we share your information (APP 6)

We may disclose personal information to:

  • Service providers — cloud infrastructure, email delivery, and error monitoring providers who process data on our behalf under data processing agreements that require them to protect your information and use it only to provide services to us.
  • Within your organisation — admin users of your FleetMan account can view data for all drivers and mechanics in that account.
  • Legal obligations — if required by Australian law, a court order, or a request from a government agency with lawful authority (e.g. the Australian Federal Police, an Australian court, or a regulatory body).
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with prior notice to you.

We do not disclose personal information beyond these purposes without your consent.

6. Cross-border disclosure (APP 8)

Some of our service providers are located outside Australia. By using the Service, you acknowledge that your personal information may be transferred to, stored, or processed in countries including the United States of America and the European Union.

Specific overseas recipients include:

  • Neon (database hosting) — servers located in AWS regions (US/EU). Neon complies with SOC 2 Type II and applies encryption at rest and in transit.
  • Resend (transactional email) — email delivery infrastructure located in the United States. Resend complies with applicable data protection laws.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs in relation to that information (APP 8.1). Where we are unable to ensure this, we will obtain your consent before disclosure or otherwise comply with our obligations under APP 8.

7. Cookies and tracking (APP 3)

We use strictly necessary cookies to maintain your authenticated session. These cookies are essential to operate the Service and cannot be disabled without preventing login. We use first-party analytics cookies to understand aggregate usage patterns; these do not identify you personally and you may disable them in your browser settings without affecting core functionality. We do not use third-party advertising cookies or behavioural tracking.

8. Data quality and security (APPs 10 & 11)

We take reasonable steps to ensure personal information we hold is accurate, up-to-date, complete, and relevant (APP 10). We implement industry-standard safeguards to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure (APP 11), including:

  • TLS encryption in transit (HTTPS)
  • AES-256 encryption at rest
  • bcrypt password hashing
  • Row-level security (RLS) policies enforced in the database
  • Role-based access controls (Admin, Driver, Mechanic)
  • Regular security audits and monitoring

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to continuous improvement and will act promptly if a security incident occurs.

9. Notifiable Data Breaches (NDB scheme)

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). If we become aware of an eligible data breach — one that is likely to result in serious harm to any individual whose information is involved — we will:

  • Contain the breach and assess whether it is likely to result in serious harm
  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable (and within 30 days of becoming aware)
  • Notify affected individuals directly, or publish a notification on our website if direct notification is not reasonably practicable
  • Provide recommendations on steps you can take to protect yourself

10. Data retention (APP 11)

We retain personal information for as long as your account is active and as required to fulfil the purposes described in this policy, or as required by Australian law (e.g. financial records under the Corporations Act 2001 (Cth) and taxation law). If you cancel your subscription, we retain data for 90 days to allow account recovery, after which it is deleted from production systems within 30 days. Backups are purged on a rolling 12-month cycle. You may request earlier deletion at any time (see Section 11).

11. Your rights (APPs 12 & 13)

Under the Privacy Act 1988 (Cth) and the APPs, you have the following rights:

  • Access (APP 12) — request access to the personal information we hold about you. We will respond within 30 days.
  • Correction (APP 13) — request that we correct personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading.
  • Deletion — request deletion of your personal information where we no longer need it to provide the Service and are not required to retain it by law.
  • Anonymity (APP 2) — where lawful and practicable, you may interact with us anonymously or using a pseudonym.
  • Opt out of direct marketing (APP 7) — as described in Section 4.

To exercise any of these rights, contact our Privacy Officer at contact.fleetman@gmail.com. We will respond within 30 days. We may ask you to verify your identity before processing a request. We do not charge a fee for access requests unless the request is complex or voluminous, in which case we will notify you of the estimated fee before proceeding.

12. Complaints

If you believe we have breached the APPs or otherwise mishandled your personal information, you may lodge a complaint with us first:

  • Email: contact.fleetman@gmail.com
  • We will acknowledge your complaint within 5 business days and provide a substantive response within 30 days.

If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • GPO Box 5218, Sydney NSW 2001

13. Children

The Service is intended for use by businesses and is not directed to individuals under 18. We do not knowingly collect personal information from persons under 18. If you believe a person under 18 has provided us personal information without appropriate authority, please contact us and we will delete it promptly.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the effective date at the top. For material changes, we will notify account administrators by email at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

15. Contact

Questions about this Privacy Policy or our privacy practices? Contact our Privacy Officer: