Skip to main content
Ammu TravelsAmmu Travels
Sign inBook a ride

Privacy

Privacy policy

Last updated: 9 May 2026. Plain-English summary of how we handle your personal information, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Who we are

Ammu Travels Pty Ltd (ACN 697 648 301) as trustee for the Ammu Anand Discretionary Trust (ABN 61 284 163 160). CPV accreditation DC742056. We're a small commercial passenger vehicle (CPV) business serving Western Melbourne. This policy covers ammutravels.com.au and the booking, ride, and invoicing services we run.

What we collect

  • Identity: name, email, mobile phone number. For corporate bookings, company name + ABN.
  • Trip details: pickup + drop-off addresses, scheduled time, flight number (when supplied), passenger / luggage / child-seat counts, booking notes.
  • Home address: derived from your first airport trip and stored for default pickup/drop-off on future bookings. Editable via the customer portal at any time.
  • Payment metadata: payment method, GST-inclusive fare, transaction reference. We do not store card numbers — Stripe handles the card data on its own systems.
  • Sign-in identifiers: Firebase verifies your email or phone (the OTP code itself is held by Firebase, not us).
  • Server logs: IP, user-agent, time of request (for security + debugging). Retained 30 days.

How we use it

  • Operate your booking — quote the fare, dispatch a driver, send you confirmation + pickup updates.
  • Issue tax invoices and meet our obligations under Australian tax law (records kept for 7 years per ATO requirements).
  • Run our loyalty + referral programs (you can opt out of marketing messages without losing trip-essential ones like driver SMS).
  • Improve service safety, prevent fraud, resolve disputes.

Who we share it with

Only the third parties we genuinely need to operate the service. None of them sell your data to advertisers.

  • Google Cloud / Firebase: hosting, Authentication (sign-in), Maps (address autocomplete + distance calculation).
  • Xero (NZ-based, AU-resident): contact + invoice records for accounting.
  • Resend: transactional email delivery (booking confirmations, sign-in links).
  • Stripe: card payment processing, when card payment is selected.
  • Drivers: the assigned driver receives your name, phone, pickup, drop-off, and flight number (if relevant).
  • Government / regulators: if compelled by a court order, subpoena, or applicable law (e.g. CPV regulator audit).

Storage and security

Data is stored in Google Cloud's australia-southeast1 region (Sydney). Sensitive credentials are kept in Google Secret Manager, never in source code or shared chat. Customer-facing passwords are never collected — sign-in is entirely passwordless. Sessions use httpOnly + Secure cookies.

Your rights — access, correction, deletion

Under the APPs you have the right to:

  • See what we hold about you (most of it is visible in the customer portal at ammutravels.com.au/portal).
  • Correct anything that's wrong (do this directly in the portal Profile).
  • Request deletion of your account and all associated personal data, subject to records we're legally required to retain (tax invoices, 7 years per ATO).
  • Withdraw marketing consent at any time without explanation.

Email support@ammutravels.com.au for any of these. We respond within 30 days.

Data breach notification

If a security incident is likely to cause serious harm, we'll notify affected riders and the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches scheme. We carry incident response procedures proportionate to a small business; expect direct, plain-English notification rather than legal-letter language.

Cookies and tracking

We use only what we need: a sign-in session cookie, a referral attribution cookie (30-day, dropped if you click a friend's invite link), and Firebase's App Check token. We don't run advertising trackers, third-party analytics, or session-replay tools.

Complaints

If you think we've mishandled your data, write to support@ammutravels.com.au first — we'd much rather fix it directly. If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.

Changes to this policy

We'll update the "last updated" date when we change anything material. Significant changes are flagged on our home page for at least a week.