Privacy Policy
Last updated: 7 June 2026
1. About this policy
FreightVIS ("we", "us", "our") provides a freight and logistics management platform, website, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, hold, use, and disclose personal information, and how we comply with our obligations under the Privacy Act 1988(Cth) (the "Privacy Act"), including the Australian Privacy Principles ("APPs").
The Service is a business-to-business product. We provide it to organisations (our "Customers") under a subscription agreement. Individuals interact with the Service in various capacities — for example as a Customer's employee, contractor, driver, dispatcher, or fleet manager, or as an end-customer or recipient of a Customer's services.
This policy applies to:
- personal information we collect about visitors to our website, prospective customers, and individuals who contact us;
- personal information we collect about the personnel and authorised users of our Customers in operating the Service; and
- our handling of the data our Customers upload to or generate within the Service ("Customer Data"), to the extent that data contains personal information.
This policy does not change the terms of any agreement between us and a Customer. Where we handle Customer Data on a Customer's behalf, that Customer is responsible for its own privacy practices and notices to the individuals concerned, and our handling is governed by our agreement with that Customer (including any applicable data processing terms).
2. The two roles we play with personal information
The Privacy Act regulates us as an APP entity. To help individuals understand our responsibilities, we describe our handling in two roles:
- As principal (we decide how and why information is handled) — this covers information about website visitors, prospective customers, our Customers' administrators and authorised users, billing contacts, and our own marketing and account management. For this information, we are responsible under this policy.
- As service provider (we handle information on a Customer's instructions) — this covers Customer Data that a Customer uploads to or generates in the Service. The Customer determines what is collected and why. For this information, the Customer is primarily responsible for compliance and for informing the relevant individuals; we handle it in accordance with our agreement with that Customer and applicable law. Individuals with questions about Customer Data should contact the relevant Customer.
3. What personal information we collect and hold
Depending on how you interact with us and the Service, we may collect and hold the following categories of personal information:
3.1 Identity and contact information
Name, job title, employer or organisation, business email address, business phone number, business postal address, and login credentials.
3.2 Account and authentication information
Username, hashed passwords, multi-factor authentication details, role and permission settings, and audit and activity logs associated with an account.
3.3 Payment and billing information
Billing contact details, billing address, and purchase history. Card payment data is processed directly by our PCI DSS-compliant payment provider (Stripe); we do not store full card numbers on our own systems.
3.4 Operational and logistics information
Data you and your team enter to operate the Service, including job details (pickup and delivery addresses, cargo information, statuses), client records, vehicle and fleet information, driver profiles, timesheet entries, invoices and job charges, compliance documents, equipment records, and depot locations. This may include the names and contact details of senders, recipients, and other individuals.
3.5 Location and telematics information
Where location-dependent features are used: GPS coordinates, vehicle and asset location, route and trip history, estimated and actual times of arrival, and proof-of-delivery location data. This information can relate to identifiable individuals (for example, a driver associated with a vehicle) and is only collected when location-dependent features are active.
3.6 Device and technical information
IP address, device and browser type, operating system, device identifiers, and diagnostic and crash data.
3.7 Usage information
Pages and features accessed, actions taken, timestamps, and other analytics about how the Service and website are used (collected via Vercel Analytics).
3.8 Communications
Correspondence with our support and other teams, including emails, contact-form submissions, and support tickets — typically your name, email, company, and message content.
We generally do not collect sensitive information (as defined in the Privacy Act, such as health, racial, or biometric information) and ask that Customers and users do not submit sensitive information through the Service except where expressly agreed and lawfully collected.
4. How we collect personal information
We collect personal information:
- Directly from you — when you register, set up or administer an account, make a purchase, complete a form, request support, subscribe to communications, or otherwise interact with us or the Service.
- Automatically — through cookies and similar technologies, server and application logs, and location features active in the Service (see section 10).
- From our Customers — when a Customer provides information about its authorised users, or uploads or generates Customer Data.
- From third parties — such as payment and fraud-prevention providers, identity and authentication providers, and mapping providers, where it is reasonable and lawful to do so.
Where it is reasonable and practicable, we collect personal information directly from the individual concerned. If we receive personal information we did not solicit, we handle it in accordance with APP 4.
5. Anonymity and pseudonymity (APP 2)
Where lawful and practicable, you have the option of dealing with us anonymously or by using a pseudonym — for example, when making a general enquiry. However, for most Service functions (which require an authenticated account) and for billing, we cannot provide the Service without identifying information.
6. Why we collect, hold, use, and disclose your information (APPs 3 and 6)
We use the information we collect to:
- create, administer, and secure user accounts and authenticate users;
- provide, operate, and maintain the Service (including job management, dispatch, routing, tracking, proof of delivery, invoicing, and reporting);
- process payments, issue invoices, and manage subscriptions, billing, and collections;
- send transactional notifications (job updates, invoice receipts, compliance alerts);
- provide customer support and respond to enquiries and requests;
- monitor, secure, and troubleshoot the Service, prevent and investigate fraud, misuse, and security incidents, and maintain audit logs;
- develop and improve features and performance, including analytics and aggregated insights;
- with consent or as otherwise permitted by law, send marketing communications about our products and services (see section 8);
- comply with our legal obligations, respond to lawful requests, and establish, exercise, or defend legal claims; and
- fulfil any other purpose disclosed to you at the time of collection or to which you consent.
We will only use or disclose personal information for the purpose we collected it (the primary purpose), for a related secondary purpose you would reasonably expect, with your consent, or where otherwise permitted or required by law.
We do not sell your personal information. We do not use your operational data (jobs, clients, invoices, and similar) for advertising or marketing purposes.
7. To whom we disclose personal information
We share data with the following third-party service providers, solely to operate the Service:
- Supabase — database hosting, authentication, and file storage
- Stripe — payment processing for subscriptions and client invoice payments. Stripe receives billing details directly; we do not store credit card numbers.
- Xero — accounting integration (only when you explicitly connect your Xero account). Invoice and timesheet data is synced at your direction.
- Google Maps Platform — address autocomplete, geocoding, route visualisation, and distance calculations. Address data is sent to Google for processing.
- Vercel — application hosting and anonymous usage analytics
- Resend — delivery of transactional and notification email
- Upstash — rate limiting to protect the Service against abuse
We may also disclose personal information to:
- Our Customers, where you are an authorised user or where the information forms part of that Customer's data;
- Professional advisers such as lawyers, accountants, auditors, and insurers;
- Acquirers or successors in connection with a merger, acquisition, financing, reorganisation, or sale of assets (subject to appropriate confidentiality and this policy); and
- Government, regulatory, and law-enforcement bodies, courts, and other third parties where required or authorised by law, or to protect our rights, property, or safety, or that of others.
Each third party is bound by its own privacy policy and data-processing obligations. We require our service providers to protect personal information consistently with the Privacy Act, to use it only for the purposes for which we engage them, and we share only the minimum data necessary for each service to function. We do not sell personal information.
8. Direct marketing (APP 7 and the Spam Act)
We may use your business contact details to send you marketing about products and services we think may interest you, where permitted by law. Every commercial electronic message we send will identify us and include a functional unsubscribe facility, consistent with the Spam Act 2003 (Cth). You can opt out at any time by using the unsubscribe link or by contacting us at support@freightvis.com. We will action opt-out requests promptly. We do not use sensitive information for direct marketing without consent.
9. Cross-border disclosure (APP 8)
We use service providers and infrastructure that may be located outside Australia. As a result, personal information may be disclosed to, stored in, or accessed from overseas — including in the United States, where several of our service providers operate, and in other countries in which our service providers maintain infrastructure.
Before disclosing personal information overseas, we take steps that are reasonable in the circumstances to ensure overseas recipients handle it consistently with the APPs, including through contractual data-protection commitments.
10. Cookies and similar technologies
FreightVIS uses essential cookies required for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled.
We use Vercel Analytics for anonymous, aggregated usage statistics. Vercel Analytics does not use cookies and does not track individual users across sites. No advertising or third-party tracking cookies are used.
11. How we keep personal information secure (APP 11)
Your data is stored on Supabase's cloud infrastructure backed by PostgreSQL. We take reasonable technical and organisational steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure, including:
- encryption of data in transit (TLS 1.3) and at rest;
- row-level security (RLS) policies enforced at the database level, so users can only access data they are authorised to see;
- bcrypt password hashing with timing-attack mitigation;
- multi-factor authentication (MFA), enforced for administrative roles;
- role-based access controls and least-privilege permissions;
- rate limiting on authentication and public endpoints;
- input sanitisation and Content Security Policy (CSP) headers to mitigate injection and cross-site scripting;
- logging, monitoring, and audit trails of significant account actions; and
- regular security audits, vulnerability assessments, and secure development practices.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Data breach notification
We maintain a data breach response plan. If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will assess it and, where the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act applies, notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law. Where we handle Customer Data, we will also notify the relevant Customer in accordance with our agreement so they can meet their own obligations.
13. How long we keep personal information
We retain personal information only for as long as necessary for the purposes for which it was collected, to provide the Service, to comply with our legal, tax, accounting, and regulatory obligations, and to resolve disputes and enforce our agreements. Indicative retention periods are:
- Account and identity data — for the life of the account. When you cancel your subscription, your account enters read-only mode and data is preserved in case you reactivate.
- Billing and financial records — up to 7 years, as required by Australian tax and accounting law.
- Location and telematics (GPS) data — 365 days by default, configurable by the Customer organisation.
- Security audit logs — approximately 3 years.
- Routine audit and activity logs — up to 2 years.
- Support and contact-form communications — 12 months, then automatically deleted.
- Error and diagnostic logs — approximately 90 days.
You may request permanent deletion of your account and all associated data by contacting support@freightvis.com. Upon receiving a verified deletion request, we will permanently remove your data within 30 days, except where retention is required by law (for example, tax invoices, which must be retained for the period required by Australian tax law). When personal information is no longer needed and we are not required to retain it, we take reasonable steps to destroy or de-identify it (APP 11.2). For Customer Data, retention and deletion are also governed by our agreement with the relevant Customer.
14. Accessing and correcting your personal information (APPs 12 and 13)
In accordance with the Privacy Act and the APPs, you have the right to:
- Access — request a copy of the personal information we hold about you;
- Correction — request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information;
- Deletion — request deletion of your personal information (subject to legal retention requirements);
- Data portability — export your data in standard formats (CSV, PDF);
- Withdraw consent — disconnect third-party integrations at any time from Settings; and
- Complain — lodge a complaint with us or the OAIC (see section 16).
To exercise any of these rights, contact us at support@freightvis.com. We will respond within a reasonable period (generally within 30 days). We may need to verify your identity before acting. If we refuse access or correction, we will give you written reasons and tell you how to complain. If your request relates to Customer Data, we will refer you to, or work with, the relevant Customer.
15. Government-related identifiers (APP 9)
We do not adopt, use, or disclose government-related identifiers (such as tax file numbers or driver licence numbers) as our own identifiers, except where permitted by law (for example, where reasonably necessary to verify identity or to fulfil obligations to a government agency).
16. Complaints
If you have a concern or complaint about how we have handled your personal information, please contact us at support@freightvis.com. We will acknowledge your complaint, investigate, and respond within a reasonable time (generally within 30 days).
If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5288, Sydney NSW 2001
17. Children
The Service is a business tool and is not directed to, or intended for use by, individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
18. How to contact us
If you have questions about this Privacy Policy or our data practices, contact us at:
- Email: support@freightvis.com
- Post: FreightVIS, Australia
19. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy, to the extent permitted by law.