Privacy Policy

1. Introduction

At CourtesyBus.app, we are committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). This privacy policy explains how we collect, use, disclose, and protect your personal information when you use our fleet management platform.

CourtesyBus.app is a business-to-business (B2B) fleet management system that enables clubs and organizations to manage their courtesy bus operations. Our service is used by authorized staff members of clubs and businesses to manage their transportation fleet, bookings, and operations.

2. Personal Information We Collect

We collect the following types of personal information:

Staff User Information:

• Identity Information: Full name, email address, username
• Account Information: Username, employee ID (if provided by staff for operator identification), password (encrypted)
• System Activity: Login times, IP addresses, session data
• Technical Information: Browser type, device information, operating system, time zone settings (automatically collected)
• Usage Data: Information about how you use our platform, features accessed, and interaction patterns
• Communication Data: Records of correspondence with our support team and feedback provided

Customer Booking Information (entered by authorized staff):

• Customer Identity: Full names of booking customers
• Customer Contact: Phone numbers
• Location Data: Pickup/dropoff locations
• Booking Details: Travel dates and times, special requirements
• Service Records: Trip history, operational notes, and service feedback

Billing and Subscription Information:

• Transaction Data: Subscription details, payment history, billing records (processed through Polar.sh)
• Organization Data: Club/business name, billing address, contact person details

We also collect, use and share aggregated data such as statistical or demographic data for platform improvement purposes. Aggregated data is derived from your personal data but does not directly or indirectly reveal your identity.

3. How We Collect Personal Information

We collect personal information through the following methods:

• Direct registration when staff create accounts on our platform
• Manual entry by authorized personnel when creating customer booking records
• Automated collection during platform usage (login sessions, system interactions)
• Email and support ticket communications
• Platform analytics to monitor system performance and user engagement
• Third-party services for payment processing and infrastructure hosting

4. How We Use Your Personal Information

Your personal information is used exclusively to deliver our fleet management platform and maintain contact with you regarding your service. We process your data based on the following legal foundations:

• Fulfilling our service agreement with your organization
• Meeting legal and regulatory obligations
• Pursuing legitimate business interests while respecting your privacy rights
• With your explicit permission for optional features

Platform Operations:

• Account creation and user authentication
• Granting access to authorized staff members
• Storing and managing booking data entered by your team
• Processing payments via third-party billing services
• System monitoring and security protection
• Data backup and recovery through cloud providers

Essential Communications:

• Platform updates and system maintenance notices
• Support ticket responses and technical help
• Account and billing notifications
• Security alerts and important service changes

Third-Party Service Integration:

• Subscription billing managed through external payment processors
• Cloud hosting infrastructure for platform availability
• Email delivery services for notifications
• Technical monitoring tools for performance optimization

We never use your information for advertising, marketing campaigns, or commercial purposes beyond our core service delivery. Third-party providers are bound by strict agreements to protect your data and use it only for their designated functions.

5. Disclosure of Personal Information

We may disclose personal information to:

• Other authorized staff within your club or organization
• Cloud hosting and technical infrastructure providers
• Payment processing providers (Polar.sh, a USA-based company) for subscription billing
• Law enforcement or government agencies when legally required

We do not sell, trade, or rent personal information to third parties. Customer booking information is only accessible to authorized staff of the relevant club or organization that entered the data and our support team for technical assistance purposes.

6. Data Security

We have implemented appropriate technical and organizational security measures to prevent your personal information from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. These measures include:

• Encryption of data in transit
• Access controls
• Secure subscription billing through Polar.sh
• Regular backups and disaster recovery procedures
• Incident response procedures for data breaches
• Regular software updates and security patches

We limit access to your personal information to employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal information on our instructions and are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Data Retention

We maintain personal information only as long as required for business operations and legal compliance. Our retention schedule includes:

• User account data: Retained during active subscription period
• Payment and billing records: Kept in accordance with Australian taxation and financial regulations
• System logs and security data: Retained for 12 months for security monitoring purposes
• Communication records: Stored for 3 years for customer service quality and dispute resolution

When retention periods expire, we securely delete or anonymize personal information unless extended retention is required by law or ongoing legal proceedings.

8. Your Rights

Australian privacy legislation grants you specific rights regarding your personal information. These rights include:

• Access Rights: You may request details about what personal information we hold about you
• Correction Rights: You can ask us to update or fix incorrect personal information
• Deletion Rights: You may request removal of your personal information (where legally permissible)
• Processing Objection: You can object to certain types of data processing
• Processing Limitations: You may request we restrict how we process your information
• Data Portability: You can request your data in a machine-readable format
• Consent Withdrawal: You may revoke consent for optional data processing
• Complaint Rights: You can lodge complaints about our privacy practices

To exercise any of these rights, contact us through the channels listed below. We will process your request promptly and within timeframes required by Australian privacy law.

Some rights may have limitations based on legal obligations, security requirements, or our legitimate business interests in maintaining accurate operational records.

9. Cookies and Tracking

We use cookies and similar technologies that are essential for our platform to function. Our fleet management system requires cookies for user authentication, session management, and security purposes. The platform will not function without cookies enabled.

The types of cookies we use include:

• Essential Cookies: Required for login, authentication, and basic platform functionality
• Security Cookies: Used to maintain secure sessions and prevent unauthorized access
• Functional Cookies: Store user preferences and settings within the platform

By using our platform, you consent to our use of these cookies.

10. International Data Transfers

Some of our service providers are located overseas, including our payment processor Polar.sh which is based in the United States. We ensure that any international transfers of personal information comply with Australian privacy laws and provide adequate protection for your information through appropriate safeguards and contractual arrangements.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of our services after any changes indicates your acceptance of the updated policy.

12. Contact Us

If you have any questions about this privacy policy, wish to exercise your privacy rights, or have concerns about how we handle your personal information, please contact us:

We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response to your privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or call 1300 363 992.