Privacy Policy

Quicoo respects your privacy. Read how we collect, use, and protect your data before launch.

Privacy Policy

Privacy Policy – Quicoo Pty Ltd 

Effective Date: 01/04/2025
Company Name: Quicoo Pty Ltd
ABN: 47 673 468 909
Jurisdiction: Victoria, Australia
Contact: [email protected]

PRIVACY AT A GLANCE

At Quicoo, we believe that your data belongs to you. As an Australian-owned platform operating under the strict regulatory frameworks of Victoria and South Australia, we are committed to Australian Data Sovereignty. This means your "Core Identity Data" (such as your Name, Trip History, and Financial Records) is processed and stored primarily within Australian borders, ensuring it remains protected by the Privacy Act 1988 (Cth) and is not subject to foreign data seizure laws.

We collect Personal Information—including forensic-grade GPS location, device telemetry, and identity documents—strictly to provide a safe, efficient, and accredited transportation service. Whether you are a Passenger requesting a ride or a Driver Partner building a business, every piece of data we acquire serves a specific operational or legal purpose, such as verifying identity to prevent fraud, calculating accurate fares, or satisfying our reporting obligations to Safe Transport Victoria (ST Vic) and the Australian Taxation Office (ATO).

Your control over this data is absolute. We provide a binding commitment that we do not sell your Personal Information to third-party data brokers. Furthermore, you retain the right to access, correct, or request the deletion of your account at any time via the Quicoo App. While we must retain certain financial and safety records for 7 years to comply with Australian Law, we ensure that your privacy is respected through rigorous encryption and transparent management practices.

 

PART 1: INTRODUCTION & SCOPE

1.1. Purpose and Scope This Privacy Policy (“Policy”) serves as the definitive data governance document for Quicoo Pty Ltd (ABN 47 673 468 909) (collectively, "Quicoo", "we", "us", or "our"). It details our forensic approach to the collection, storage, protection, and rigorous use of your Personal Information within the Quicoo digital ecosystem.

1.2. Application (The "Quicoo Ecosystem") This Policy applies universally to the entire Quicoo Ecosystem, regardless of the device (Mobile/Desktop), operating system (iOS/Android/Windows/macOS), or interface used. Specifically, this Policy binds:

  • (a) The Rider Applications: The distinct mobile applications designed for Passengers, available on both the Apple App Store (iOS) and Google Play Store (Android).
  • (b) The Driver Partner Applications: The commercial-grade mobile software used by Driver Partners, available on both Apple iOS and Google Android platforms.
  • (c) Web Platforms: The corporate website (www.quicoo.com), the Web Booking Portal, the Driver Onboarding Portal, and the Dispatch Admin Panel.
  • (d) Corporate Clients: Authorised representatives, administrators, or dispatchers managing business travel accounts via the Quicoo Corporate Dashboard.
  • (e) Government & Third-Party Integrations: Any data collection facilitated through Australian Government APIs (e.g., the Document Verification Service or VEVO) or authorized third-party integrations.

1.3. Regulatory Commitment (BSP & CBS Status) Quicoo distinguishes itself through strict adherence to the specific regulatory frameworks of the Australian states in which we operate. We manage your Personal Information not merely as a commercial asset, but as a regulated record required for public safety.

  • In Victoria: We operate as a registered Booking Service Provider (BSP) pursuant to the Commercial Passenger Vehicle Industry Act 2017 (Vic).
  • In South Australia: We operate as an accredited Centralised Booking Service (CBS) pursuant to the Passenger Transport Act 1994 (SA).

1.4. The "Australian Data Sovereignty" Commitment We recognize that your location data and identity documents are sensitive assets.

  • (a) Australian Storage Mandate: We warrant that your "Core Identity Data" (Full Name, Driver Licence, Passport Details, Bank Account Coordinates, and Historical Trip Logs) is processed and stored primarily within Australian Data Centres (e.g., AWS Sydney Region). This ensures your critical records remain under the jurisdiction of the Privacy Act 1988 (Cth).
  • (b) Commercial Use Restriction: Quicoo provides a binding commitment that we do not sell your Personal Information to third-party data brokers for their independent use. However, you acknowledge that in the event of a merger, acquisition, or sale of assets, your Personal Information may be transferred to the acquiring entity, provided that entity agrees to honour the protections set out in this Policy.

1.5. The Contractual Nexus (Binding Agreement) You acknowledge that this Policy is not a standalone document but an integrated component of your legal contract with Quicoo.

  • For Passengers: This Policy is incorporated by reference into the Quicoo Passenger Master Service Agreement.
  • For Driver Partners: This Policy forms a critical part of the Quicoo Policy Suite as defined in the Independent Driver Master Agreement.

By clicking “I Agree,” registering an Account, or accessing the Platform via any iOS or Android device, you explicitly, voluntarily, and unambiguously consent to the practices described herein.

1.6. Contact Us For any privacy inquiries, complaints, or access requests, you may contact our Australian-based support team:

  • Registered Office: Level 24, 91 King William Street, Adelaide SA 5000
  • Email: [email protected]
  • Support Line: 1300 1QUICOO (1300 178 426)

 

PART 2: DATA ACQUISITION & VERIFICATION

  1. COLLECTION RATIONALE & LEGAL AUTHORITY

3.1. Authority to Collect We do not collect data arbitrarily. Quicoo acquires Personal Information strictly to satisfy specific legal and operational mandates. Our authority to collect is derived from:

  • (a) Contractual Necessity: We collect data strictly required to execute the Service Agreements.
    • For Passengers: We cannot dispatch a car without your location or charge you without your payment token.
    • For Drivers: We cannot accredit you without your license or pay you without your bank details.
  • (b) Statutory Compulsion: We are compelled by Australian law to collect specific records, including identity data for the Commercial Passenger Vehicle Industry Act 2017 (Vic) and income data for the Taxation Administration Act 1953 (Cth).
  • (c) Express Consent: Certain data points (such as accessing your Camera for document uploads or Microphone for emergency recording) are collected only after you grant explicit permission via your device’s operating system.

3.2. Collection Vectors We acquire data via three primary vectors:

  • Direct Submission: Information you manually enter into the App (e.g., Registration Forms, Support Tickets).
  • Forensic Telemetry: Passive collection via device sensors (GPS, Gyroscope) while the App is running.
  • Third-Party Verification: Data retrieved from government databases (e.g., VEVO, DVS) to validate credentials.
  1. CORE ACCOUNT & IDENTITY DATA (ALL USERS)

To establish a trusted identity and prevent anonymity, we require the following:

  • 4.1. For Passengers (Riders)
  • Minimum Age: You must be at least 18 years of age to register an Account.
  • Biographical Data: Full legal name and verified mobile number (for OTP authentication).
  • Digital Profile: A current profile photograph. This is shared with the Driver upon booking to ensure they pick up the correct person.
  • Location Context: Saved locations (e.g., "Home", "Work") and frequent destinations to facilitate faster booking.
  • Social Connections: If you use features like "Split Fare" or "Share My Ride," we collect the name and phone number of the contact you select from your address book.
  • 4.2. For Driver Partners
  • Strict Age & Identity: Full legal name, residential address, and Date of Birth. We strictly enforce regulatory age limits:
  • South Australia: You must be at least 20 years old.
  • Victoria: You must be at least 21 years old.
  • Tenure Verification: Evidence that you have held a valid Australian Driver’s License for the required period (6 months for SA, 12 months for VIC).
  • Identity Documents: High-resolution scans of your Australian Driver’s License, Passport, Birth Certificate, or Citizenship Certificate.
  1. REGULATORY & COMPLIANCE DOCUMENTATION (DRIVER SPECIFIC)

Note: This section applies specifically to Drivers to satisfy State Accreditation laws.

5.1. The "Ironclad" Compliance Standard Drivers are independent business entities. To enforce the Driver Master Agreement, we mandate collection of:

  • (a) Enterprise Identifiers: Your Australian Business Number (ABN) and GST Registration status.
  • (b) Accreditation Credentials:
    • Victoria: Your Commercial Passenger Vehicle (CPV) Driver Accreditation obtained from the CPVV.
    • South Australia: Your Small Passenger Driver Accreditation (SP DA) obtained from the Accreditation and Licensing Centre.
  • (c) Character Clearance:
    • Victoria: A completed National Police Check (NPC) sourced from Victoria Police or an accredited provider.
    • South Australia: A Working with Children Check (WWCC) sourced from the Department of Human Services.

5.2. Vehicle Asset Data

  • Vehicle Eligibility: Proof the vehicle is a 4-door car, under 10 years old, and has no significant cosmetic damage.
  • Insurance: Certificates of Currency verifying:
    • Victoria: Upgraded insurance covering commercial passenger services.
    • South Australia: Upgraded Compulsory Third Party (CTP) insurance to cover ‘small public passenger vehicle’ use.
  • Safety: Annual Inspection Reports from approved inspection stations.
  1. BIOMETRIC & SENSITIVE HEALTH DATA

6.1. For Passengers (Service-Based Collection) We generally do not collect sensitive health data unless you volunteer it for a specific service requirement, such as requesting a Wheelchair Accessible Vehicle (WAV) or notifying us of an Assistance Animal.

6.2. For Drivers

  • Facial Liveness: We collect Biometric Data (facial geometry) to perform real-time "selfie" checks, preventing unauthorized account sharing.
  • Medical Fitness: We collect medical assessments to prove fitness to drive:
    • Victoria: A completed Medical Certificate form.
    • South Australia: A Certificate of Fitness signed by a General Practitioner (GP).
  1. FINANCIAL & TRANSACTIONAL INFORMATION

7.1. For Passengers

  • Payment Credentials: Tokenized credit/debit card details processed via a PCI-DSS compliant gateway. We do not store raw card numbers.
  • Transaction History: Records of dates, times, pickup/drop-off points, and amounts charged.
  • Outstanding Debts: We track unpaid fares or "Cleaning Fees" assigned to your account profile.

7.2. For Drivers

  • Banking Coordinates: Australian Bank Account details (BSB/Account) for payout remittance.
  • SERR Tax Reporting: As a reporting platform, we collect your Gross Income, GST collected, and ABN to transmit directly to the Australian Taxation Office (ATO) under the Sharing Economy Reporting Regime.

 

PART 3: TECHNICAL FORENSICS & BEHAVIORAL TELEMETRY

  1. FORENSIC-GRADE LOCATION SERVICES

8.1. Precision Geolocation (The "Blue Dot") To facilitate the core function of the Platform—matching a Rider with a Driver—we collect precise latitude and longitude data using the Global Positioning System (GPS).

  • (a) For Passengers: We collect your location when the App is running in the foreground (open on screen) to suggest pickup points. We may collect "Background Location" only if you enable "Share My Ride" features or during an active trip.
  • (b) For Drivers: Collection of precise location data is a mandatory condition of the Independent Driver Master Agreement. We track your location in the foreground and background to calculate Fares, dispatch jobs efficiently, and monitor for "Long Hauling" fraud.

8.2. Auxiliary Location Signals (When GPS Fails) In dense urban environments (e.g., CBD tunnels), we utilize Assisted GNSS (A-GNSS). This involves scanning for Wi-Fi Handshakes, Bluetooth Beacons, and Cell Tower Triangulation.

8.3. Anti-Spoofing & Mock Location Detection We actively analyze your location telemetry to detect the use of "GPS Spoofing" applications. Any attempt by a Driver to manipulate their location coordinates is detected as a Material Breach and will result in immediate deactivation.

  1. COOKIES, ANALYTICS & ATTRIBUTION TECHNOLOGIES

9.1. Web Technologies (Cookies & Pixels) On our Website and Web Booking Portals, we employ a "Rich Cookie" strategy:

  • Session Cookies: Temporary files used to keep you logged in.
  • Persistent Cookies: Files that remain on your device to remember preferences.
  • Tracking Pixels: We use "invisible pixels" to track conversion rates.
  1. DEVICE INTEGRITY & SECURITY TELEMETRY

10.1. "Device Fingerprinting" (Fraud Prevention) To prevent "Device Farming" (where criminal syndicates use racks of phones to simulate fake rides), we collect a unique digital fingerprint of your hardware, including Hardware Model, Operating System Version, Screen Resolution, and Battery Status.

10.2. Security & Root Detection To protect the integrity of the Quicoo Ecosystem, we scan your device environment to detect "Rooted" or "Jailbroken" Status (removed security restrictions), Malicious Overlays, and Debugger Attachment.

 

PART 4: USAGE PROTOCOLS & FEATURE MECHANICS

  1. HOW WE USE YOUR PERSONAL INFORMATION We do not merely "store" your data; we use it to power the real-time logistics of the Quicoo Platform. Our usage is strictly limited to:
  • 11.1. Core Service Provision: Matching Riders with Drivers, Dynamic Pricing, and Route Optimization.
  • 11.2. Safety & Incident Response: Real-Time Monitoring ("Ride Check") and Emergency Data Sharing with Police (000).
  • 11.3. Dispute Resolution & Forensics: Using data as a "Digital Witness" for fare adjustments and route reviews.
  1. COMMUNICATIONS & SURVEILLANCE TECHNOLOGY

12.1. Privacy-Preserving Contact (Number Masking) To protect your privacy, Quicoo utilizes a VoIP Number Masking System. Neither party sees the other’s personal mobile number. We retain the Metadata of these calls (Date, Time, Duration) for 90 days.

12.2. In-App Audio Recording (Consent to Record) The Quicoo App includes a safety recording feature to document ride-related incidents. By accessing or using the Platform, you explicitly, voluntarily, and unambiguously consent to:

  • (a) Your conversation and environment being recorded if either you or the other party in the vehicle activates the "Safety Record," "SOS," or "Panic" feature; and
  • (b) Such recordings being securely transmitted to Quicoo and subsequently disclosed to Law Enforcement or Regulatory Bodies (e.g., Safe Transport Victoria) as evidence in safety investigations.
  • Note for South Australian Users: You acknowledge that this clause constitutes your express written consent for the purposes of the Surveillance Devices Act 2016 (SA), and you waive any right to claim that such recording was covert.

12.3. In-App Chat Logs & Retention We retain a complete transcript of all text messages sent via the In-App Chat function.

(a) Abuse Scanning: These logs are automatedly scanned for abusive language (e.g., profanity, harassment) to strictly enforce our Community Guidelines.

(b) Dispute-Linked Retention: To align with our dispute resolution window, chat logs are retained for a minimum of 14 days post-trip. This ensures that evidence is available should you or the Driver raise a dispute regarding the booking.

(c) Deletion: If no dispute or safety incident is reported within this 14-day window, the chat logs are automatically sanitized or deleted, unless a longer retention is required by law (e.g., for a Police investigation).13. SOCIAL MEDIA & REFERRAL INTEGRATIONS

13.1. "Split Fare" Mechanics If a Passenger utilizes the "Split Fare" feature, we disclose your Name, Profile Photo, and Payment Status to the other passengers in the group.

13.2. "Invite a Friend" (Referral Program) We track the "First Ride" status of the invited friend solely to trigger your "Referral Bonus" payout.

13.3. Social Login (SSO) If you register using "Continue with Facebook" or "Sign in with Apple," we collect authorized public profile data. We do not post to your timeline without permission.

  1. SURVEYS & DEMOGRAPHIC RESEARCH We may use anonymized survey data for product improvement. Diversity & Inclusion data is optional and strictly separated from your individual profile.

 

PART 5: DISCLOSURE VECTORS & DATA SECURITY

  1. DOMESTIC DISCLOSURE OF PERSONAL INFORMATION We do not sell your data. However, to operate a regulated transport platform, we are legally required to disclose your Personal Information to specific third parties within Australia.

15.1. Statutory Regulators (Mandatory Reporting) As a condition of our BSP and CBS accreditation, we must share data with:

  • (a) Safe Transport Victoria (ST Vic): Trip data and driver identity details.
  • (b) South Australian Department for Infrastructure and Transport (DIT): Accreditation status and trip logs.
  • (c) Australian Taxation Office (ATO): Driver income and ABN data under the SERR.

15.2. Law Enforcement & Emergency Services

  • Imminent Threat: We may disclose data to Police (000) without a warrant if we believe a person is in immediate danger.
  • Formal Investigations: We disclose historical data upon receipt of a valid Warrant or Subpoena.

15.3. Insurance & Accident Management We disclose relevant trip data to the TAC (Vic), CTP Insurers (SA), and our own liability insurers to facilitate accident claims.

15.4. Operational Service Partners We utilize specialized Australian service providers to perform critical functions. These partners are contractually bound to confidentiality:

  • (a) Background Check Providers: To process your National Police Checks (NPC) and VEVO Visa checks.
  • (b) Payment Processors: To facilitate PCI-DSS compliant fare collection and driver payouts.
  • (c) Liability Disclaimer (Third-Party Controllers): You acknowledge that the functions listed in (a) and (b) are performed by independent, regulated third-party service providers. Once Quicoo transmits your data to these entities for the required purpose, those entities become the distinct "Data Controllers" of that information. Quicoo explicitly disclaims liability for any data breaches, unauthorized access, or misuse that occurs within the systems, servers, or infrastructure of these independent third-party providers.
  1. OVERSEAS DISCLOSURE (CROSS-BORDER TRANSFER)

16.1. The "Data Sovereignty" Priority Consistent with our commitment in Section 1.4, Quicoo prioritizes Australian Data Sovereignty. We keep Core Identity Data within Australian legal jurisdiction.

16.2. Limited Technical Exceptions We may utilize specific global SaaS vendors for non-core functions (e.g., SMS OTPs). In these instances, we ensure the vendor is subject to laws substantially similar to the Australian Privacy Principles (APPs).

  1. STORAGE, SECURITY & RETENTION PROTOCOLS

17.1. Defence-Grade Encryption

  • Data at Rest: Encrypted using AES-256.
  • Data in Transit: Tunnelled through TLS 1.3.

17.2. The "7-Year Retention" Rule We do not delete data immediately. We retain:

  • Tax & Financial Records: 7 years (ATO requirements).
  • Trip & Safety Records: 7 years (Civil litigation support).
  • Police Checks: Disposed of within 12 months unless required for a dispute.

17.3. Data Destruction Once the retention period expires, data is permanently sanitized using NIST 800-88 compliant erasure methods.

 

PART 6: RIGHTS, MANAGEMENT & COMPLIANCE

  1. DIRECT MARKETING & OPT-OUT MECHANICS

18.1. Permission-Based Marketing We send offers only where you have provided Consent.

18.2. Your Right to Opt-Out You may "Opt-Out" at any time via the "Unsubscribe" link, In-App Settings, or by replying "STOP" to SMS. You cannot opt-out of Transactional Communications.

  1. ACCESS, CORRECTION & DELETION

19.1. Requesting Access (APP 12) You may access your "Core Data" directly in the App. For complex exports, submit a Subject Access Request (SAR).

19.2. Correction of Inaccurate Data (APP 13) You have the right to request correction of wrong data. Driver Accreditation updates require valid evidence.

19.3. Account Deletion (The "Right to be Forgotten") You may request the deletion of your account via the "Delete Account" function in the App Settings.

  • (a) Immediate Suppression: Upon a valid deletion request, we will immediately suppress your Personal Information from our active databases. This means your profile will no longer be visible to other users, and you will be removed from all marketing and notification lists.
  • (b) Regulatory Retention Hold: Please note that we cannot immediately wipe all data records. As per Section 17.2, we must retain specific "Core Identity Data" (including Trip Logs, Invoices, and Identity Documents) for 7 years to satisfy our statutory obligations under the Taxation Administration Act 1953 (Cth) and state-based Limitation of Actions Acts.
  • (c) Cryptographic Locking: Data retained under this Regulatory Hold is "Cryptographically Locked" and archived. It is strictly segregated from live systems and cannot be accessed for commercial or operational purposes.
  1. LOCAL EXEMPTIONS & LAW ENFORCEMENT We may process data without consent in cases of Unlawful Activity, Serious Threats to Life/Health, or Legal Process (Subpoenas).
  2. CHANGES TO OUR PRIVACY POLICY

21.1. Version Control We reserve the right to amend this Policy. The current version is always available at www.quicoo.com/privacy.

21.2. Mechanics of Acceptance (Amendment Protocol)

  • (a) Minor Amendments: For administrative changes (e.g., fixing typos) or changes that do not materially reduce your rights, we will notify you via the Platform. Your continued use of the Quicoo App after the effective date constitutes your acceptance.
  • (b) Material Changes: For significant changes that expand our data collection or disclosure practices (e.g., sharing data with new third parties), we will provide you with 30 days' notice via email or an in-app alert. You will be required to provide Affirmative Consent (e.g., clicking an "I Accept" button) before proceeding. If you do not agree to the Material Changes, you must stop using the Services and close your Account before the effective date.
  1. CONTACT, FEEDBACK & ESCALATION

22.1. Contact the Privacy Officer

  • Post: Privacy Officer, Quicoo Australia Pty Ltd, Level 24, 91 King William Street, Adelaide SA 5000
  • Email: [email protected]
  • Phone: 1300 1QUICOO (1300 178 426)

22.2. Escalation to the OAIC If dissatisfied with our response after 30 days, you may contact the Office of the Australian Information Commissioner (OAIC).

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992