Incubate Pty Ltd trading as MyLuxFleet ("we," "our," or "us") understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us, in connection with your use of our cloud-based vehicle management platform (the "Platform" or "Services"). We help individuals and businesses manage valuable vehicles, and access various related functionalities (e.g., valuations, storage referrals, insurance referrals, user interaction).
This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles, as well as the New Zealand Privacy Act 2020 and the Information Privacy Principles. Where noted, additional obligations under other jurisdictions (e.g., EU GDPR) may also apply.
Privacy at a Glance
- We never sell your data. We only share information with the minimum service providers required to operate the platform (e.g., payment processing, cloud hosting), and we never share your data for marketing or advertising purposes.
- Geolocation features are disabled by default and require user activation to function. IP based region data is only used for security and fraud prevention.
- You own your data. You can request a complete and permanent deletion of your information at any time.
- Direct Access. You have a direct line to our Data Privacy Officer at cliff@myluxfleet.com.
1. The Information We Collect
Personal information means information or an opinion about an individual who is identified or reasonably identifiable, whether the information or opinion is true or not, and whether recorded in a material form or not. The types of personal information we may collect about you include:
Instead of a broad list, we categorize data by its functional necessity to reassure users that we do not track them unnecessarily.
Our Commitment to Data Minimization: We believe privacy is a fundamental right. We adhere to a "Privacy by Design" principle, meaning we only collect the minimum data required to deliver our services.
1.1 Essential Identity Data
To secure your account, we collect your name and a primary contact (email or phone). We do not require, nor do we collect, social media profiles or personal imagery unless you explicitly choose to upload them for asset identification purposes.
1.2 Transactional Integrity
For financial transactions, we collect necessary financial identifiers. These are processed through bank-level encrypted gateways; our staff never have direct access to your full credit card or banking credentials.
1.3 Technical Discretion
To protect against unauthorized access, we log essential technical data such as your IP address and device type. We do not use this data for behavioural profiling or third-party marketing.
- Identity Data: Your name and any other personal data you wish to disclose, company or business name, ABN (if applicable).
- Contact Data: Billing address, email address, telephone numbers.
- Financial Data: Bank account or payment card details, collected only when you initiate a paid subscription or purchase.
- Technical and Usage Data: IP address, login data, and page view statistics — used for security, fraud prevention, and service improvement.
- Profile Data: Username and password, asset listings, support requests, user-generated content, preferences, feedback, and survey responses.
- Marketing and Communications Data: Your preferences in receiving marketing from us and communication preferences.
- Sensitive Information: We do not actively collect sensitive information. If needed, we will first obtain your consent.
2. How We Collect Personal Information
We collect personal information in several ways:
- Directly: When you provide information to us (e.g., creating an account, filling forms, uploading asset details).
- Indirectly: Through your interaction with our Platform (e.g., usage logs, cookies).
- From Third Parties: From integrated service providers or referrals (only with your consent).
3. Why We Collect Personal Information
We collect and use personal information only for:
- Account Creation & Management
- Service Delivery
- Payment Processing
- Personalised in-app recommendations (with consent)
- User Interaction
- Analytics & Improvement
- Legal Compliance & Protection
4. Disclosure of Personal Information to Third Parties
We only share personal information where strictly necessary to deliver specific services, and we never share your data for marketing or advertising purposes.
- Payment Processing: We share payment information with Stripe to process subscriptions and purchases. No personal information is shared with our cloud hosting provider.
- Internal Access: Employees and related entities — staff access is logged and audited regularly.
- In-App Personalised Offers: If you choose to take advantage of personalised offers within the platform, relevant information may be shared with the partner providing that offer. This only occurs with your explicit consent.
- Legal or Regulatory Authorities: Where required by law or court order.
- Corporate Events: In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.
5. Overseas Disclosure
Your primary data is stored in Switzerland (see Section 7). Some service providers (e.g., payment processors) may process limited data in their own jurisdictions to deliver their services. We ensure compliance with relevant privacy laws and principles when transferring data internationally.
6. Your Rights & Controlling Your Personal Information
- You can choose not to provide personal information
- You can unsubscribe from marketing communications
- You can request access to or correction of your personal information
- You can make complaints about our handling of your information
Data Deletion: To request deletion of your personal data, contact support@myluxfleet.com. We will complete your request within 30 days. Some data may be retained where required by law (e.g., financial records for tax compliance). All other data will be permanently and irreversibly destroyed.
7. Storage & Security
We prioritize the security of your data and assume strict obligations to protect it. We utilize industry-standard technical safeguards, including:
- Encryption in Transit: All data moving between your device and our servers is protected using secure protocols (e.g., TLS/SSL).
- Encryption at Rest: We employ industry-standard encryption for stored data. For specific data categories, users may also enable User-Defined Encryption settings to manage how their data is secured at rest. (This ensures that even in the unlikely event of an interception, your information remains unreadable and secure).
- Monitoring & Maintenance: We conduct regular vulnerability patching and security monitoring to protect against unauthorized access.
Zero-Trust Access Control
We utilize a Zero-Trust network architecture. Access to any client data is governed by strict Role-Based Access Controls (RBAC) and requires Hardware-based Multi-Factor Authentication (MFA). Every instance of staff access is logged in an immutable audit trail.
Data Storage Location
Your data is stored exclusively in Switzerland. We do not move your data between international servers without your explicit, case-by-case consent.
Data Centre Security
Your data is housed in Tier-4 data centres that are monitored 24/7/365 by on-site security personnel.
While we use these robust security measures, we cannot guarantee absolute security of information transmitted over the Internet.
Data Breach Response
In the unlikely event of a data breach that poses a risk of serious harm, we will notify affected users and relevant authorities within 72 hours, in accordance with applicable law. We maintain an incident response plan and conduct regular security audits.
8. Data Retention
We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Once your personal information is no longer required, we will take reasonable steps to permanently destroy or de-identify it in a secure manner.
You have the option to delete your data at any time. The following data retention periods apply:
- Account data: Retained for the duration of your account, plus 30 days after deletion.
- Transaction records: Retained for 7 years (as required by tax law).
- Technical logs: Retained for 90 days.
- Marketing preferences: Retained until you unsubscribe.
9. AI & Automated Decision-Making
Our Platform utilizes Artificial Intelligence (AI) and automated data models to enhance your experience, streamline data entry, and provide market insights.
AI-Assisted Data Entry
We use AI to help you manage your assets more efficiently:
- Image Recognition: When you upload photos, our AI identifies asset types and characteristics to suggest entries.
- Document Scraping: Our systems can extract data from uploaded "artifacts," such as insurance policies, service logs, and valuation certificates.
- Human-in-the-Loop: In all instances of AI data extraction, the information is presented as a draft. No data is officially saved to your account until you have reviewed, edited (if necessary), and manually confirmed the accuracy of the information.
Automated Valuations
The Platform may provide preliminary asset valuations based on automated market data models.
- Transparency: These models are designed to provide estimates based on aggregate market trends and may not reflect the specific nuances or unique condition of every item.
- Human Review & Contestation: If you believe an automated valuation is inaccurate or if you require a formal, certified appraisal for insurance or legal purposes, you have the right to request a manual human review.
To request a human review of a valuation, please contact our support team. Please note that manual reviews or certified appraisals may be subject to a quoted fee.
10. Cookies & Tracking Technologies
We use cookies for website operation, analytics, and personalised in-app recommendations. You can manage cookie preferences through your browser settings.
We do not store any Personally Identifiable Information data in any of our application logging.
11. Google API Services
Our use of Google APIs complies with Google's User Data Policy. We limit data use to providing or improving our Services and do not use such data for personalised in-app recommendations without authorisation.
12. Additional Notes on Specific Integrations
External service providers may have their own privacy policies. We recommend reviewing their practices before sharing personal information.
13. Amendments
We will notify you of material changes to this policy via email or in-app notification at least 30 days before changes take effect. For significant changes to how we use your personal data, we will seek your renewed consent.
14. Contact Us
For questions, concerns, or complaints about our privacy practices, please contact us. Our support team is available from 9:00 AM to 5:00 PM, every day.
Email: support@myluxfleet.com
Address: 1/959 Glen Huntly Road, Caulfield South, Melbourne, Victoria, Australia