Privacy Policy

Last updated: 20 March 2026

PitlaneHQ Pty Ltd (ABN pending) ("PitlaneHQ", "we", "us", or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our workshop management software and related services (the "Service").

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and applicable state and territory privacy legislation.

1. Information We Collect

Account Information

When you register for PitlaneHQ, we collect information necessary to create and manage your account, including:

  • Name and contact details (email address, phone number)
  • Business name, ABN, and business address
  • Billing information (processed securely by Stripe)
  • Login credentials (passwords are hashed and never stored in plain text)

Workshop Data

In the course of using the Service, you may store workshop operational data including:

  • Customer names, contact details, and vehicle information
  • Job records, invoices, quotes, and related financial information
  • Employee and technician details
  • Stock, supplier, and purchase order information
  • Uploaded files and documents (photos, PDFs, attachments)
  • SMS messages and communication history

Usage Data

We automatically collect certain usage information, including:

  • Browser type, operating system, and device information
  • IP address and approximate location
  • Pages visited, features used, and time spent in the Service
  • Error logs and performance data to improve the Service

Cookies and Analytics

We use cookies and similar technologies for essential service functionality (authentication, site preferences) and analytics. Our analytics tools include:

  • Google Analytics 4 (GA4) for understanding user behaviour and improving the Service
  • Meta Pixel for measuring the effectiveness of our marketing campaigns
  • Sentry for error tracking and performance monitoring

You can control cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service: Process your data as needed to deliver workshop management features
  • Communicate with you: Send transactional emails (invoices, booking confirmations, password resets), service announcements, and support responses
  • Process payments: Manage subscription billing via Stripe
  • Improve the Service: Analyse usage patterns, identify issues, and develop new features
  • Ensure security: Detect and prevent fraud, unauthorised access, and other security threats
  • Comply with legal obligations: Meet our obligations under Australian law

3. Data Sharing and Disclosure

We do not sell your personal information. We may share information with the following categories of third parties only as necessary to provide the Service:

  • Stripe: Payment processing and subscription management. Stripe's privacy policy applies to payment data they process.
  • Twilio: SMS and messaging delivery. Phone numbers and message content are processed by Twilio to deliver messages on your behalf.
  • Resend: Transactional email delivery.
  • Accounting providers (Xero, MYOB, QuickBooks): When you connect an accounting integration, relevant invoice and contact data is synced to your accounting platform.
  • Analytics providers (Google Analytics, Meta): Anonymised usage data for service improvement and marketing measurement.
  • Error tracking (Sentry): Technical error data for service reliability.

We may also disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of PitlaneHQ, our users, or others.

4. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • Encryption in transit: All data transmitted to and from the Service uses TLS/HTTPS encryption
  • Encryption at rest: Sensitive credentials are encrypted using AES-256-GCM
  • Access controls: Role-based permissions ensure users only access data relevant to their role
  • Multi-tenant isolation: Each workshop's data is logically separated and inaccessible to other workshops
  • Secure authentication: Passwords are hashed using bcrypt; sessions use short-lived JWTs in httpOnly cookies
  • Audit logging: All data modifications are logged for accountability

No system is perfectly secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Workshop operational data (jobs, invoices, customer records) is retained for the duration of your subscription.

After account cancellation, we retain data for a reasonable period to allow account reactivation and to comply with legal obligations (such as tax record retention requirements). You may request earlier deletion by contacting us.

6. Your Rights

Under the Australian Privacy Act and APPs, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention obligations)
  • Complaint: Lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy
  • Data export: Export your workshop data via our CSV export features at any time

To exercise any of these rights, contact us at privacy@pitlanehq.com.au. We will respond within 30 days.

7. Australian Privacy Act Compliance

We are committed to compliance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles. This includes:

  • Collecting personal information only when it is reasonably necessary for our functions
  • Providing notice of how we handle personal information (this policy)
  • Taking reasonable steps to ensure data accuracy and security
  • Not using or disclosing personal information for direct marketing without consent
  • Providing access to personal information on request

8. Cross-Border Data Transfers

Some of our service providers (Stripe, Twilio, Google, Meta, Sentry) may process data outside Australia. Where this occurs, we take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs. By using the Service, you consent to these transfers.

9. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Start Free Trial