Privacy Policy
This Privacy Policy explains how OneRoad collects, uses, stores, and protects your personal information. We comply with the Privacy Act 1988 (Cth) and NHVR regulations.
Privacy Snapshot (Plain English)
Key points about your data privacy and rights.
What We Collect
Name, contact details, driver licence info, location data (GPS), and work diary entries required for NHVR compliance.
How We Use It
To provide the OneRoad service, generate compliance reports, improve safety features, and meet legal obligations.
Data Retention
Compliance records (EWD, fatigue) are retained for 3 years as required by Heavy Vehicle National Law (s341).
Your Rights
You can request access, correction, or deletion of your personal data at any time (subject to legal retention laws).
1. What Information We Collect
Personal Information
- Name and contact details (email, phone)
- Driver licence details and NHVR credentials
- Employment or fleet affiliation
Usage & Compliance Data
- Work/rest hours and fatigue logs
- Location and movement data (GPS)
- Vehicle assignment and maintenance records
2. Why We Collect Your Information
- Support compliance with NHVR laws and fatigue management rules
- Enable features such as EWD, mass, and maintenance logs
- Provide customer support and respond to requests
- Generate audit-ready reports for you or your fleet
- Meet legal and regulatory requirements
3. How We Collect Your Information
- Directly from you when you sign up or input data
- Automatically from your device when using the Platform (GPS, timestamps)
- From your fleet administrator (if your account is linked to a fleet)
4. Who Can Access Your Information
We may share your information with:
- Your Fleet Manager: If you are part of a managed fleet account.
- Trusted Third Parties: Payment processors (Stripe), cloud hosting (AWS), and support tools.
- Regulators: NHVR or other authorities if strictly required by law.
Note: We never sell your personal data to advertisers or third parties.
5. Where and How Your Data Is Stored
All data is hosted on Amazon Web Services (AWS) infrastructure located in Australia. AWS supports ISO 27001 security standards. Your data is encrypted at rest (AES-256) and in transit (TLS).
6. Data Retention and Legal Compliance
As an NHVR-approved EWD provider, we are legally required to retain certain records under the Heavy Vehicle National Law (HVNL).
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Personal Contact Info | Until Account Deletion | Business Purpose |
| Work/Rest Records | 3 Years (De-identified) | HVNL Section 341 |
| Maintenance Records | 3 Years | Fleet Laws |
| Fatigue Compliance | 3 Years (De-identified) | Road Safety Regs |
Note: Compliance records retained for 3 years are de-identified where possible.
7. Account Deletion and Your Rights
You can request account deletion via the app settings or by contacting support. Upon deletion:
- Deleted Immediately: Profile photos, payment info, app settings, login credentials.
- Retained (Legally Required): Compliance logs (EWD, Mass, Maintenance) for 3 years as mandated by HVNL.
8. Regulatory Transparency
OneRoad operates as an approved EWD provider, subject to HVNL, NHVR certification requirements, and Australian transport safety regulations.
9. Data Breaches
If we suspect a data breach, we will investigate immediately, contain it, and notify affected individuals and the OAIC under the Notifiable Data Breaches scheme.
10. International Users
Our services are designed for Australia. If you use OneRoad from outside Australia, you acknowledge your data will be transferred to and stored in Australia.
11. Contact and Support
For privacy inquiries or to exercise your rights:
Email: support@oneroad.io
Address: OneRoad Pty Ltd, 14 Greville Street, Prahran VIC 3181, Australia
Questions about privacy?
Contact our team for clarification on any of these policies.