1. About This Policy
Cajon Outdoor Equipment Pty Ltd (ACN 673 204 558) trading as Nightshift Systems ("we", "us", "our") operates the FleetTrack Pro mobile application and website (collectively, the "Service"). Cajon Outdoor Equipment Pty Ltd trading as Nightshift Systems is an Australian company based in Perth, Western Australia. This Privacy Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs).
By using the Service, you consent to the collection, use and disclosure of your personal information as described in this Policy. If you do not agree, please do not use the Service.
The Service is currently available to Australian customers only. We do not knowingly accept users located in the European Economic Area or the United Kingdom. If our service availability changes in the future, this Policy will be updated to reflect the relevant data protection obligations applicable to international users.
2. Information We Collect
We collect the minimum personal information necessary to provide and improve the Service.
Account & Identity Information
- Full name
- Email address
- Password (stored as a one-way cryptographic hash — we never store plaintext passwords)
- Profile photo (optional)
- Business name and ABN (optional)
Vehicle & Fleet Data
- Vehicle make, model, year and colour
- Registration number and state of registration
- Vehicle Identification Number (VIN) (optional)
- Odometer readings and service history records
- Fuel logs and maintenance schedules
- Registration and licence expiry dates
- Driver assignments and notes
Receipt & Expense Images
- Photographs of fuel receipts, service invoices and other vehicle-related receipts
- Extracted data from those receipts (merchant name, amount, date, category) via our AI processing pipeline
Location & Trip Data
- GPS coordinates, route history and trip duration when the app's trip-tracking feature is active
- Location data is only collected while the app is in use and trip tracking is enabled — it is never collected in the background without your knowledge
Usage & Device Data
- Device type, operating system and app version
- IP address and general location (country/state level) at login
- Feature usage patterns and crash reports (anonymised where possible)
- Push notification tokens
Payment Information
Subscription payment processing for FleetTrack Pro is handled by Google Play Billing. We do not receive or store credit card details. Payment handling is managed entirely by Google through the Google Play Store.
3. How We Collect It
We collect personal information:
- Directly from you — when you create an account, add vehicles, log expenses or contact support
- Automatically — through the app when you use features such as GPS trip tracking, receipt scanning or push notifications
We will not collect sensitive information (as defined in the Privacy Act) without your explicit consent, and we do not collect government identifiers (such as tax file numbers) except where required by law.
4. How We Use It
We use your personal information to:
- Create and manage your account and provide the Service
- Process receipt images and extract expense data using AI (the images are not used to train third-party models without your consent)
- Generate trip logs, service records and PDF reports on your behalf
- Send service interval alerts, compliance reminders and account notifications
- Process subscription payments via Google Play Billing
- Respond to support requests and communicate about your account
- Detect, investigate and prevent fraud, security incidents and technical issues
- Improve the Service through aggregated, anonymised usage analytics
- Comply with legal obligations under Australian law
We will not use your personal information for direct marketing purposes without your explicit consent. If you have opted in to marketing communications, you may opt out at any time by clicking "unsubscribe" in any email or contacting us directly.
5. Disclosure to Third Parties
We do not sell, rent or trade your personal information. We may share it with the following categories of service providers who are contractually required to handle it securely and only for the purpose we specify:
Infrastructure & Storage
Supabase Inc. — We use Supabase as our primary backend infrastructure, providing managed PostgreSQL database hosting, authentication services, and secure object storage for receipt images and vehicle photos. Supabase operates from secure, enterprise-grade cloud data centres. Our default region is configured for Australian customers to minimise data transfer outside Australia where possible.
Payments
Google Play Billing — Subscription billing and payment processing for FleetTrack Pro at launch is handled exclusively by Google Play Billing through the Google Play Store. We do not receive or store credit card details. Google's privacy practices for Play Billing apply to all transactions and are available at policies.google.com.
Communications
- Resend — Transactional and account emails (invitations, password resets, service alerts) are delivered via Resend.
- Google FCM — Push notification delivery for Android devices via Google Firebase Cloud Messaging.
AI Services
Anthropic, PBC — Receipt images uploaded to the Service are processed by Anthropic's Claude API to automatically extract structured data (vendor, amount, date, line items). Image data is transmitted securely to Anthropic for processing and is governed by Anthropic's commercial terms, which prohibit the use of customer data for training Anthropic's models. We do not send personally identifying information beyond the receipt image itself.
Aggregated, anonymised product usage data may be collected to improve the Service. This data does not identify individual users and is not shared with third parties.
Legal Disclosure
We may disclose personal information to law enforcement or government authorities where required by Australian law, a court order, or to protect the rights, property or safety of the Service, our users or the public.
In the event of a merger, acquisition or sale of all or part of our business, personal information may be transferred to the acquiring entity, subject to equivalent privacy protections.
6. Overseas Transfers
Some of our third-party service providers operate infrastructure outside Australia (notably Anthropic in the United States for AI receipt processing, and Resend for email delivery). Before transferring personal information overseas, we take reasonable steps to ensure the recipient complies with the APPs or a substantially similar standard, in accordance with APP 8.
By using the Service, you acknowledge that your information may be transferred to and processed in countries outside Australia. Where we cannot guarantee an equivalent level of protection, we will seek your consent or rely on the relevant exception under APP 8.2.
7. Data Security
We implement industry-standard security measures to protect your personal information, including:
- AES-256 encryption of data at rest
- TLS 1.2+ encryption of all data in transit
- Bcrypt password hashing with a work factor of 12+
- Role-based access controls limiting staff access to personal data
- Automatic session expiry and device management
No method of transmission or storage is 100% secure. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act, within 30 days of becoming aware of the breach.
8. Data Retention
We retain personal information for as long as your account is active or as needed to provide the Service. Upon account deletion we will:
- Delete or anonymise personal account data within 30 days, with up to a further 30 days for removal from encrypted backups
- Retain transaction records (invoices, payment history) for 7 years as required by Australian tax law
- Retain anonymised, aggregated analytics data indefinitely
Receipt images and vehicle data are deleted within 30 days of account closure unless you request earlier deletion.
9. Access & Correction
Under APP 12 and APP 13, you have the right to:
- Access the personal information we hold about you
- Correct information that is inaccurate, out-of-date or incomplete
- Delete your account and associated personal data
To delete your account, open the FleetTrack Pro app, go to Profile, scroll to the bottom and tap Delete Account. If you cannot access the app, email support@fleettrackpro.com.au to request account deletion.
To exercise these rights, contact us at support@fleettrackpro.com.au. We will respond within 30 days. We may need to verify your identity before processing your request. In limited circumstances, we may decline access as permitted by the Privacy Act (e.g., if providing access would pose a serious threat to another person's life, health or safety).
11. Children's Privacy
The Service is intended for use by persons aged 18 years and over. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us immediately at support@fleettrackpro.com.au and we will promptly delete it.
12. Complaints
If you believe we have mishandled your personal information or breached the APPs, we encourage you to contact us first so we can resolve the matter directly.
Step 1 — Contact FleetTrack Pro
Email us at support@fleettrackpro.com.au with the subject line "Privacy Complaint". We will acknowledge receipt within 5 business days and aim to resolve all complaints within 30 days.
Step 2 — Office of the Australian Information Commissioner (OAIC)
If you are not satisfied with our response, you may lodge a complaint with the OAIC:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
13. Contact Us
For any privacy-related questions, requests or concerns:
Cajon Outdoor Equipment Pty Ltd trading as Nightshift Systems
Privacy Officer
Email: support@fleettrackpro.com.au
Perth, Western Australia, Australia
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or legal requirements. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Send a notification to your registered email address
- Display a prominent notice in the app for 30 days
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not agree to the updated Policy, you should discontinue use of the Service and may request deletion of your account.