Privacy policy

1. What we collect and why

• Account details (name, email, mobile, address) — so we can deliver, support and contact you.
• Driver licence verification — handled by Stripe Identity. They capture the licence photo + a selfie, return a pass / fail to us, and we record the outcome + date. We never store the raw images beyond verification; supporting media is auto-deleted from our records within 30 days.
• Payment details — held by Stripe. We never touch your card number; we store a Stripe token + last 4 digits for receipt display only.
• Booking history — kept for the period required by the ATO for GST/tax records (5 years).

2. Who we share data with

• Stripe (payment + identity verification, Ireland + United States — see Stripe's privacy policy).
• Supabase (database hosting, Sydney region).
• Twilio (SMS dispatch, AU sender ID).
• Resend (transactional email).
• Law enforcement, when compelled by a warrant or production order.

3. Marketing

We only send marketing email or SMS to customers who actively opt in at signup or in their account settings. Every marketing message includes a one-click unsubscribe, in line with the AU Spam Act 2003.

4. Your rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles you can ask us for a copy of the personal information we hold about you, ask us to correct it, or ask us to delete it (subject to tax-record retention obligations). Email privacy@pacificarrent.com.

5. Cookies

We use first-party cookies for sign-in sessions and CSRF protection. We do not currently run advertising trackers. If that changes we will publish a cookie banner before launch.