Privacy Policy (Version 2.2)
This Privacy Policy explains how OneRoad Pty Ltd (“OneRoad”, “we”, “our”, “us”) collects, uses, stores, shares, and protects your personal information when you use the OneRoad mobile application and related services (“Platform”). We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and the GDPR where applicable.
1. What Information We Collect
1.1 Personal Information
- Name and contact details (email, phone)
- Driver licence details and NHVR-related credentials
- Employment or fleet affiliation (if applicable)
1.2 Usage & Compliance Data
- Work/rest hours and fatigue logs
- Location and movement data (via GPS)
- Vehicle assignment, maintenance, and mass entries
- Feedback or support messages you submit
1.3 Device & Technical Data
- Device model, OS version, and identifiers
- App usage logs, crash reports, and diagnostics
2. Why We Collect Your Information
- Support compliance with NHVR laws and fatigue management rules
- Enable features such as EWD, mass and maintenance logs
- Provide support and respond to user requests
- Generate audit-ready reports for you or your fleet
- Improve safety, accuracy, and functionality of the Platform
- Deliver job-matching, notification, or in-app reward features
- Meet legal and regulatory requirements
3. How We Collect Your Information
- Directly from you when you sign up or input data
- Automatically from your device when using the Platform
- From your fleet administrator (if your account is linked to a fleet)
4. Who Can Access Your Information
We may share your information:
- With your fleet manager or operator, if you are part of a managed fleet
- With trusted third parties such as:
- Payment processors (e.g., Stripe)
- Cloud service providers (secure data storage)
- Job matching or compliance partners (if you opt in)
- With government regulators (e.g., NHVR) if required by law
Note: We will never sell your personal data to third parties.
5. Where and How Your Data Is Stored
All data is hosted on Amazon Web Services (AWS) infrastructure located in Australia. AWS supports ISO 27001/27017/27018, SOC 1/2/3, encryption at rest (e.g., AES-256) and TLS in transit. Physical, logical, and environmental controls protect your data. Access is limited to authorised OneRoad personnel or partners with an operational need.
6. Data Retention and Legal Compliance
6.1 Personal Information Retention
We retain personal information only as long as necessary to provide our services and comply with legal obligations.
6.2 Regulatory Compliance Requirements
As an NHVR-approved EWD provider under Heavy Vehicle National Law (HVNL), certain work diary and driving event records must be retained.
6.3 Data Categories and Retention Periods
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Personal contact information | Until account deletion | Business purposes |
| Account credentials | Until account deletion | Security purposes |
| Work/rest diary records | 3 years (de-identified) | HVNL Section 341 |
| Driving event logs | 3 years (de-identified) | NHVR compliance |
| Vehicle maintenance records | 3 years | Fleet management laws |
| Fatigue compliance data | 3 years (de-identified) | Road safety regulations |
Important: Compliance records retained for 3 years are de-identified and contain no personally identifiable information, using anonymised driver identifiers.
7. Account Deletion and Your Rights
7.1 Account Deletion Process
You can request deletion through the OneRoad app (Settings → Profile → Delete Account) or by contacting support@oneroad.io.
7.2 What Happens When You Delete Your Account
Immediately Deleted
- Personal contact information (name, email, phone)
- Account credentials and login data
- App preferences and settings
- Profile photos and personal details
- Payment information
Retained for Legal Compliance
- Work/rest logs (3 years, de-identified)
- Driving event records (3 years, anonymised ID)
- Fatigue compliance data (3 years, de-identified)
- Vehicle maintenance audit trails (3 years)
Legal requirement: mandated under HVNL; retained data cannot identify you.
7.3 User Rights Under Privacy Laws
- Request access to your personal information
- Correct inaccurate or outdated information
- Request deletion (subject to legal retention)
- Withdraw consent to optional features
- Lodge a complaint with OAIC or relevant authority
To exercise these rights, email support@oneroad.io.
7.4 Fleet Data Considerations
If you are part of a managed fleet, some operational data may remain with your fleet operator under their retention policies and NHVR requirements.
8. Regulatory Transparency
8.1 NHVR Compliance Status
OneRoad operates as an approved EWD provider, subject to HVNL, NHVR certification requirements, and Australian transport safety regulations.
8.2 Data Protection During Retention
- De-identified records use anonymised, obfuscated driver identifiers
- Stored separately from personal data
- Subject to the same security standards as active data
- Automatically purged after the 3-year legal period
9. Data Breaches
If we suspect a breach, we will investigate, contain it, and notify affected individuals and regulators under the Notifiable Data Breaches scheme.
10. International Users
Our services are designed for Australia. If you are outside Australia, you acknowledge your data may be transferred to and stored in Australia.
11. Updates to This Policy
We may update this Privacy Policy. We’ll notify you via the Platform and update the “Last Updated” date. Continued use constitutes acceptance.
12. Contact and Support
Email: support@oneroad.io
Mailing Address:
OneRoad Pty Ltd
14 Greville Street
Prahran, VIC 3181
Australia
Privacy queries: Contact our Privacy Officer at the email above.
13. Legal References
- Heavy Vehicle National Law (HVNL) Section 341 — Record retention requirements
- NHVR Guidelines — Electronic Work Diary provider obligations
- Privacy Act 1988 (Cth) — Australian Privacy Principles
- GDPR — European data protection (where applicable)
14. Version Control and Effective Date
Version 2.2 — Last Updated: 12 June 2025
Supersedes: Version 2.1 • Next Scheduled Review: June 2026
Key Changes in Version 2.2
- Added detailed account deletion process
- Clarified HVNL compliance data retention requirements
- Enhanced transparency about de-identification processes
- Added regulatory compliance section
Questions about this Privacy Policy?
We’re happy to help. Reach out and we’ll clarify anything you need.