Effective 2026-05-01
Privacy Policy
slug: privacy-policy title: Privacy Policy documentType: privacy_policy version: "2.0" appContext: platform requiredForRole: "both" displayOrder: 2 mustAcceptToUse: true effectiveDate: 2026-05-01 jurisdiction: WA summary: | How OZ Ride and OOHAi collect, use, share, and protect your personal information.
04 — Privacy Policy
Effective Date: 1 May 2026 Joint controllers: OZ Ride Pty Ltd (ABN 52 694 735 487) and OOHAi Media Pty Ltd as trustee for the OOHAi Media Unit Trust. Governing law: Western Australia, Australia. Defined terms: Capitalised terms not defined in this document have the meaning given in 00 — Definitions.
This Privacy Policy describes how OZ Ride and OOHAi Media (together referred to as "we" in this document, with the responsible entity identified per data flow where relevant) collect, hold, use, disclose, and protect Personal Information in connection with the Platform.
This Privacy Policy is written to comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APP) set out in Schedule 1 to that Act, the Spam Act 2003 (Cth), and the privacy and surveillance-devices legislation of Western Australia. It applies to Personal Information collected on or after the Effective Date.
1. Who we are and how to contact us
1.1 OZ Ride is the controller of Personal Information collected and used in connection with the Rideshare Service, the Taxi Service, the Driver App, the Rider App, the Phone Booking Service, and Driver-side payment flows.
1.2 OOHAi Media is the controller of Personal Information collected and used in connection with the Advertising Service, the Advertiser Portal, advertiser billing, and Audience Data.
1.3 Joint controllership. Where a single data flow is processed by both entities (notably, the Player Tablet operating in a Driver's Vehicle), the entities act as joint controllers and have apportioned responsibility according to function as set out in this Policy.
1.4 Privacy contacts.
- OZ Ride privacy:
privacy@oz-ride.com - OOHAi Media privacy:
privacy@oohai.com.au - General support:
support@oz-ride.com(rideshare/taxi);advertisers@oohai.com.au(advertising)
You may also write to OZ Ride at 224 Balcatta Road, Balcatta, Western Australia 6021, Australia.
2. The Personal Information we collect
2.1 From Riders
We collect Personal Information from Riders for the purpose of enabling Riders to request and complete Trips, to make and receive payments, to make use of Safety Features, and to receive support.
| Category | Examples | Source | Purpose |
|---|---|---|---|
| Account | Name, mobile number, email, date of birth (where required for age verification), preferred language | You | Account creation, authentication, communication |
| Identifiers | Apple/Google account identifier where used for sign-in | Sign-in provider | Authentication |
| Payment | Payment method type, last 4 digits, expiry, billing postcode | You via Stripe Elements | Payment processing |
| Location | Pickup location, drop-off location, location updates while a Trip is open or being requested | Your device location services | Trip dispatch, navigation, fare calculation, Safety Features |
| Trip | Trip history, ratings given and received, comments, fare components | Platform | Service, support, abuse detection, ratings |
| Communications | SMS one-time-passwords; push notification delivery records; phone-call recordings and transcripts where you call the Phone Booking Service | Twilio, AWS SES, FCM, OZ Ride | Authentication, support, training, quality |
| Safety | Trusted contact details (name, mobile, optional relationship), trip-share recipients, SOS event records, route-deviation alert history | You; Platform telemetry | Safety Features |
| Device | Device model, OS version, app version, push token, IP address | App at use | Service, debugging, fraud prevention |
| Support | Support tickets, chat transcripts, attachments | You | Support |
2.2 From Drivers
We collect Personal Information from Drivers for the purpose of onboarding, Compliance Status maintenance, dispatch, payment, and support.
| Category | Examples | Source | Purpose |
|---|---|---|---|
| Account | Name, mobile, email, date of birth, address | You | Identity, payments, communication |
| Identity | Driver's licence number and image, passport or ID image, photograph of you, biometric template generated by RapidID | You; RapidID | Identity verification, fraud prevention |
| Authorisations | PTD number and status; PTV details; ODBS membership; National Police Certificate currency; insurance policy number, insurer, expiry; ABN | You; WA Department of Transport (PTD/PTV/DVID); ABR (ABN) | Compliance Status; regulator obligations |
| Vehicle | Make, model, year, registration, photographs, fitness | You | Compliance, dispatch, brand standards |
| Payment | Stripe Express account identifier; bank account details (held by Stripe); tax-residency declarations | Stripe; you | Payouts, GST handling |
| Location | Real-time and aggregated location updates while online | Your device | Dispatch, fare calculation, safety |
| Trip | Trip history, ratings, cancellations, acceptance | Platform | Dispatch, ratings, support |
| Communications | SMS, push, in-app messages, phone-call recordings | Same as Riders | Same |
| Safety | SOS use, tamper events, complaints | Platform | Safety, trust |
| Device | Driver device model, OS, app version, push token, IP, BLE pairing identifier | App | Service, debugging |
| Education | Driver education quiz results | App | Compliance, training |
2.3 From Advertisers and Advertiser Users
We collect Personal Information from Advertiser Users for the purpose of authenticating their access to the Advertiser Portal and enabling them to manage their Tenant.
| Category | Examples | Source | Purpose |
|---|---|---|---|
| Account | Name, work email, role, mobile (optional) | You | Authentication, communication |
| Tenant | Business name, ABN, billing address, finance contact, agency designation | You | Onboarding, billing, contracting |
| Payment | Stripe Customer identifier; payment method last 4; billing postcode | Stripe | Billing |
| Activity | Login records, Audit Log entries for content approvals, campaign edits, billing actions | Platform | Audit, security, dispute resolution |
| Communications | Email; in-portal messages; support tickets | You; Platform | Support, account communication |
| Device | Browser, OS, IP, session identifier | Browser | Authentication, security |
2.4 From Player Tablet observations
The Player Tablet runs an on-device computer-vision system that detects faces in the field of view, classifies them into demographic buckets (age range, gender, predominant emotion expression), and records dwell and gaze time. This system runs entirely on the Tablet using TensorFlow Lite models. Raw video frames and any biometric template are processed only on the Tablet and are discarded immediately after inference. Only aggregated, non-identifying Audience Data is transmitted off-device.
We do not consider the Audience Data we receive to be Personal Information about any specific individual, because the Audience Data does not, alone or in combination with other information reasonably likely to be available to OOHAi Media, allow OOHAi Media to identify any specific individual.
2.5 From Website visitors
When you visit the Website, we collect:
- Server-log data (IP address, user agent, requested URL, timestamp) for security and operational purposes;
- Aggregated analytics (pages viewed, time on page, source) using a privacy-respecting analytics tool;
- Cookies as described in the Cookie Policy.
We do not use re-identifying analytics tools that connect your visit to other identities you may have on the open web.
2.6 From third parties
We may receive Personal Information about you from:
- The WA Department of Transport (PTD, PTV, DVID feed);
- The Document Verification Service (DVS) operated by the Australian Government (driver identity confirmations);
- RapidID (identity-verification results and biometric match scores);
- Stripe (payment, payout, dispute, chargeback events);
- Twilio (call status, SMS delivery status);
- Apple, Google, Facebook (sign-in identifiers when you choose to sign in with those services);
- Australian Business Register (ABN status for Drivers and Advertisers);
- Trusted contacts you nominate (passively, by their phone responding to a confirmation prompt we send).
2.7 Location data — what we access and when
We treat Location as a sensitive category and limit our collection of it. The exact operating-system permissions we request, and the conditions under which Location is collected, differ between the Rider App and the Driver App, and between Android and iOS.
2.7.1 Rider App
| Platform | Permissions requested | When Location is collected |
|---|---|---|
| Android | ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION | Foreground only. Location is collected while the Rider App is in the foreground, in order to display your pickup point, set the pickup, show nearby Drivers, and render the live route during an active Trip. The Rider App on Android does not request background Location and stops Location collection as soon as you background the App or end the Trip. Trip Share live-ETA updates on Android occur only while the App is in the foreground. |
| iOS | NSLocationWhenInUseUsageDescription for foreground use; NSLocationAlwaysAndWhenInUseUsageDescription only while a Trip Share is active with one or more Trusted Contacts | Foreground use as above. Background use on iOS is limited to active Trip Share sessions, so a Trusted Contact's live ETA stays current while the Rider App is backgrounded. Background collection ends automatically when the Trip ends or the Trip Share is revoked. |
2.7.2 Driver App
| Platform | Permissions requested | When Location is collected |
|---|---|---|
| Android | ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION, ACCESS_BACKGROUND_LOCATION, FOREGROUND_SERVICE_LOCATION (used together with a foregroundServiceType="location" foreground service) | While you are signed in and online to receive Trip requests, or while you are on an active Trip. Background Location is required so the Platform can match you to nearby Riders and so dispatch can complete when the Driver App is not in the foreground. While Location is being collected, a persistent system notification is shown by the foreground service so the collection is visible to you. Going offline ends the foreground service and stops Location collection. |
| iOS | NSLocationWhenInUseUsageDescription for foreground use; NSLocationAlwaysAndWhenInUseUsageDescription for background use while online or on an active Trip | Same triggers as Android. Going offline stops background Location collection. |
2.7.3 What we do, and do not, do with Location
We use Location strictly for the operational purposes set out in clause 5 of this Policy: Trip dispatch, navigation, fare and meter calculation, ETA rendering for Riders and their Trusted Contacts, route-deviation Safety Features, and fraud detection. We do not use Location for advertising, for building behavioural profiles outside the Platform, or for sale to third parties.
2.7.4 Retention specific to Location
Granular Location pings recorded during a Trip form part of the Trip Record and are retained for the period set out in clause 8 ("Trip records — 7 years from Trip date"). Location pings recorded while a Driver is online but not on an active Trip are retained for the same operational period under clause 8.
2.7.5 Permissions you can revoke at any time
You can revoke any Location permission via your device's system settings. Revoking foreground Location for the Driver App will prevent you from going online; revoking background Location for the Driver App will limit you to foreground-only operation, which is unlikely to be workable for sustained dispatch. Revoking foreground Location for the Rider App will prevent the App from showing your pickup point and nearby Drivers; the App will let you key in a pickup address manually as a fallback.
3. Sensitive Information
We do not generally seek Sensitive Information about you. Where we do collect it (for example, biometric templates generated during identity verification, or limited health information you may volunteer in a support ticket), we collect it only with your consent and use it only for the purpose stated at collection.
4. How we collect Personal Information
We collect Personal Information:
- Directly from you, when you create an account, complete onboarding, take a Trip, contact support, or call the Phone Booking Service;
- Automatically, from your device or browser, when you use the Apps or the Website;
- From third parties, as described in clause 2.6 above; and
- From the operation of the Platform (Trip records, ratings, chat content, audit-log events).
Where we collect Personal Information directly from you, we do so with your awareness, including by telling you the purposes at the time of collection. Where we collect indirectly, we do so only where the collection is reasonably necessary for the relevant purpose and is permitted by APP 3.
5. Why we use Personal Information
We use Personal Information for the following purposes:
| Purpose | What we use | Lawful basis |
|---|---|---|
| Provide the Platform (account, dispatch, navigation, fare, payment, ratings, support, Safety Features) | Account, payment, location, trip, communications | Performance of the contract with you under the Driver Service Agreement, Rider Terms of Service, or Advertiser Terms of Service; APP 6 |
| Verify identity and Compliance Status | Identity, authorisations | Necessary for the operation of a regulated passenger-transport service; explicit DVS Consent for DVS verification; APP 3, APP 6 |
| Process payments and payouts | Payment, account, transaction history | Performance of the contract; APP 6 |
| Detect, investigate, and prevent fraud, abuse, and safety risks | Trip, location, communications, audit log, device | Legitimate operational interest; safety; APP 6 |
| Maintain Audit Logs of administrative actions | Activity, account | Audit and accountability; APP 6 |
| Train and quality-control human and AI support agents | Support transcripts, call recordings (with disclosure at start of call) | With notice and to perform support contract; APP 6 |
| Send operational messages | Mobile, email, push token | Performance of the contract; APP 6 |
| Send marketing messages | Account, with marketing consent | With your consent (APP 7); Spam Act 2003 |
| Comply with regulatory obligations | Compliance Status, identity, Trip records | Legal obligation under WA passenger-transport law; APP 6 |
| Improve the Platform | Aggregated Trip and event data; technical telemetry | Legitimate operational interest; APP 6 |
6. Disclosure to third parties
We disclose Personal Information to the following categories of third parties for the purposes shown:
| Recipient | Information | Purpose | Location |
|---|---|---|---|
| Stripe Payments Australia Pty Ltd | Payment, payout, customer identifier, transaction | Payment processing, payouts, billing, dispute handling | Australia / United States |
| Twilio Inc | Mobile number, message content, call audio | SMS, voice, OTP delivery; call transcripts | United States (SOC 2 attested); Australian regional infrastructure where available |
| ElevenLabs Inc | Text strings to be voiced | Voice synthesis for the Phone Operator AI Agent | United States |
| Anthropic PBC | Conversation transcripts and tool calls during AI interactions | Claude Large Language Model inference for the Phone Operator AI Agent and other AI agents | United States |
| OpenAI L.L.C. | Conversation transcripts where the legacy GPT integration is used | LLM inference for legacy support flows | United States |
| Amazon Web Services Inc | Substantially all data described above (storage, compute) | Hosting, S3 storage, SES email, Rekognition (driver face match), CloudWatch logs, RDS database | Sydney (ap-southeast-2); regional egress for SES |
| Mapbox Inc | Pickup, drop-off, route coordinates | Map tiles, geocoding, routing, ETA | United States |
| WA Department of Transport | Driver name, identity, PTD; vehicle, PTV; identity verification request | Authorisation lookups, DVID continuous monitoring, DVS lookups, PTSS submissions | Western Australia |
| RapidID | Identity-document images, photographs, biometric template | Identity verification | Australia |
| Australian Business Register (ABR) | ABN | ABN status verification for Drivers and Advertisers | Australia |
| TinyMDM (Cibox / GROUP HOLDING SAS) | Player Tablet device telemetry | MDM management | European Union |
| Apple Inc, Google LLC, Meta Platforms Inc | Account identifier where you choose to sign in with these providers | Authentication | United States |
| Vercel Inc | Website server logs and analytics | Website hosting, edge delivery | United States; CDN globally |
| Insurer of OZ Ride | Limited Trip and incident data, on a need-to-know basis | Insurance claims handling | Australia |
| Auditor and professional advisers | Limited business records as required for audit, tax, or legal advice | Statutory and professional obligations | Australia |
| Successor entity | All categories of data on assignment under clause 20 of the relevant agreement | Business continuity | As applicable |
7. Cross-border disclosure (APP 8)
Several of the recipients listed in clause 6 are located outside Australia. Where we disclose Personal Information to a recipient outside Australia, we take reasonable steps to ensure that the recipient handles the Personal Information in a way that is consistent with the Australian Privacy Principles, including by entering into contractual data-protection terms (for example, Stripe and Anthropic standard data-processing agreements).
You consent to the cross-border disclosures described in clause 6 by accepting this Privacy Policy and the relevant agreement applicable to your use of the Platform.
8. Data minimisation and retention
We retain Personal Information for the minimum period necessary for the purpose for which it was collected, subject to legal and audit requirements. The default retention periods are:
| Category | Default retention |
|---|---|
| Account record after account deletion | 90 days for a soft-delete recovery window, then erasure within 30 days, except as required for legal/audit |
| Trip records | 7 years from Trip date (consistent with WA passenger-transport recordkeeping and ATO recordkeeping) |
| Identity-verification records (RapidID + DVS) | Duration of Driver account + 7 years after termination |
| Payment records (Stripe) | Per Stripe's payment-processing retention policies and 7 years for our financial records |
| Driver compliance records (PTD, PTV, ODBS, NPC, insurance certificates) | Duration of Driver account + 7 years after termination |
| Phone-call recordings | 12 months from the call, unless extended for an open dispute or investigation |
| In-app messages between Riders and Drivers | 12 months from message |
| SOS event records | 7 years from event |
| Trip share tokens | Until the lesser of: 60 minutes after Trip completion, or your revocation |
| Audit Logs | 7 years from event |
| DVS Consent Logs | 7 years from consent or revocation |
| Audience Data (Advertising Service) | Aggregated indefinitely; raw event records 25 months for billing reconciliation |
| Marketing-list membership | Until you opt out; opt-out evidence retained 12 months |
| Server logs / web analytics | 90 days |
Deletion of records subject to a litigation hold, regulator request, or open investigation is paused until the matter is resolved.
9. Your rights
9.1 Access (APP 12)
You may request access to the Personal Information we hold about you. We will respond within 30 days. Where access cannot be granted in full (for example, because giving access would unreasonably impact the privacy of another person, or because the information is privileged or subject to legal hold), we will explain the reason and offer an alternative where possible.
9.2 Correction (APP 13)
You may ask us to correct Personal Information that is inaccurate, out of date, incomplete, irrelevant, or misleading. You may correct most account information directly in the Driver App, Rider App, or Advertiser Portal. For corrections you cannot make yourself, write to the relevant privacy contact in clause 1.4.
9.3 Deletion
You may request deletion of your account and the associated Personal Information by writing to the relevant privacy contact. We will action deletion within 30 days, subject to clause 8 retention exceptions. Trip records, payment records, and compliance records are subject to statutory retention periods and cannot be deleted on request before those periods expire.
9.4 Withdrawal of consent
Where we rely on your consent (notably, DVS Consent for identity verification, marketing consent, or trusted-contact consent), you may withdraw consent at any time. Withdrawal of DVS Consent will result in your Compliance Status becoming non-compliant and your Driver account being placed in suspension; this is described in the Driver Service Agreement.
9.5 Marketing opt-out
You may opt out of marketing messages at any time by following the unsubscribe link in any message, or by adjusting your preferences in the Driver App, Rider App, or Advertiser Portal.
9.6 Complaints
If you believe we have breached this Privacy Policy or the Australian Privacy Principles, you may complain to the relevant privacy contact in clause 1.4. We will acknowledge your complaint within 5 Business Days and respond substantively within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone on 1300 363 992.
10. Security
We take reasonable steps to protect Personal Information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:
- TLS encryption for data in transit;
- Encryption at rest for compliance vault data, identity documents, and payment data (the latter held by Stripe);
- AWS-managed encryption-at-rest for RDS, S3, and EBS;
- Role-based access control with least-privilege principles for OZ Ride and OOHAi Media personnel;
- Audit logging of administrative actions;
- Multi-factor authentication for administrative access (
server/routes/auth/twofa.ts); - WebAuthn-based 2FA for the most sensitive admin roles;
- Network segmentation between the monolith and the Advertising Service;
- Monitoring with CloudWatch + Sentry, with alarms for anomalous activity;
- Regular dependency, secret, and code-quality scans (
npm audit,gitleaks,semgrep,trivy).
No security measure is perfect. We commit to detecting, responding to, and notifying you of any eligible data breach in accordance with the Notifiable Data Breaches scheme set out in Part IIIC of the Privacy Act 1988 (Cth).
10.1 Data breach notification
Where we experience a data breach that is likely to result in serious harm to you, we will notify you and the OAIC as required by the Notifiable Data Breaches scheme. Notification will include the kind of information involved, recommended steps in response, and our contact details for further information.
11. Cookies and tracking
The Cookie Policy describes the cookies and similar technologies we use on the Website. The Apps do not use third-party tracking cookies; they use device-level identifiers and the OS-provided push-notification tokens for the operational purposes described in this Policy.
12. Children
The Platform is not directed at children under 18. Riders under 18 must travel only when accompanied by an adult. We do not knowingly collect Personal Information from a child under 13. If we discover that we have collected such information without verifiable parental consent, we will delete it.
13. Recordings and surveillance disclosure
Phone calls to and from the Phone Booking Service are recorded for support, training, and quality purposes. We disclose this fact at the start of the call. You may at any time request that the call be transferred to a human operator and that the recording be paused. The use of any in-Vehicle audio or video recording device by a Driver is regulated by the Surveillance Devices Act 1998 (WA) and the Driver is responsible for compliance, including posting required notices.
14. AI use
The Platform uses artificial-intelligence systems for: the Phone Operator AI Agent ("Alex") on inbound calls to the Phone Booking Service; the support AI agents in the admin console; the content-suitability assessment of advertising Creatives. Where you interact with an AI system, you are notified at the start of the interaction. AI systems may pass your interaction text and limited related context to the third-party LLM providers listed in clause 6 (Anthropic, OpenAI). The Phone Operator AI Agent is constrained by server/services/FinancialGuard.ts and may not, on its own authority, complete financial transactions.
15. Changes to this Policy
We may amend this Privacy Policy from time to time. The Effective Date at the head of this document will reflect the date of the most recent material change. Where the change materially affects your rights, we will notify you in advance by in-app message and email at least 14 days before the change takes effect. The current version of this Policy is always available at web.oz-ride.com/legal/privacy.
16. Contact and complaints
For any privacy-related question, request, or complaint, contact:
- OZ Ride privacy:
privacy@oz-ride.com, or by post to OZ Ride Pty Ltd, Privacy Officer, 224 Balcatta Road, Balcatta WA 6021, Australia. - OOHAi Media privacy:
privacy@oohai.com.au. - OAIC:
oaic.gov.au, 1300 363 992.
End of Privacy Policy.