Angelift™ Privacy Policy
Effective: March 21, 2026 | Last Updated: March 21, 2026
Angelift Pty Ltd (ABN 81 691 514 593) is committed to protecting your privacy. We comply with the Privacy Act 1988 (Cth) including the Australian Privacy Principles (APPs), the Notifiable Data Breaches (NDB) scheme, the Privacy and Other Legislation Amendment Act 2024 (Cth), and the State Records Act 1998 (NSW) for driver compliance records.
Information We Collect
From Riders
- Identity Information: Name, phone number, email address
- Driver's Licence: Front and back images for identity verification and vehicle ownership confirmation (mandatory during registration)
- Payment Information: Processed securely via Stripe (we do not store card details)
- Location Data: GPS location during active trips only for safety and service delivery
- Vehicle Information: Make, model, registration, colour for service matching
- Trip Audio Recordings: Optional audio recordings created by riders during trips (see Audio Recording section below)
From Drivers
- Identity Information: Name, phone number, email address, date of birth
- Driver Documents: Licence, police check, insurance (stored encrypted)
- Vehicle Information: Photos, registration, inspection records
- Compliance Records: DVD verification results, consent forms (for NSW regulatory compliance)
Rider Driver's Licence Collection
We require riders to upload a photo of their driver's licence (front and back) during registration. This is used for:
- Identity Verification: Confirming you are who you say you are
- Vehicle Ownership: Helping verify you have authority to use the vehicle
- Safety & Compliance: Assisting with any legal requirements or investigations
- Fraud Prevention: Protecting our drivers and platform from misuse
Your licence images are:
- Stored securely via Cloudinary (encrypted at rest and in transit)
- Accessible only to authorized Angelift staff for verification
- Not shared with third parties except as required by law
- Retained for the duration of your account plus legal retention periods
How We Use Your Information
- Booking and delivering our dual-driver service
- Safety and incident response
- Payment processing and invoicing
- Transport for NSW (TfNSW) and Point to Point compliance
- NSW Driver Vehicle Database (DVD) verification for drivers
- Communication about your bookings and account
We never sell your data.
Data Retention
- Rider Data: Retained while your account is active, plus 7 years for tax/legal compliance
- Driver Consent Forms: Retained for 6 years for current and past drivers (State Records Act 1998)
- Incomplete Applications: Destroyed after 6 months if applicant does not proceed
- Trip Records: Retained for 7 years for regulatory and insurance purposes
- GPS Location Trails: Retained for 12 months after the trip, then automatically deleted
- Pre/Post-Trip Vehicle Inspection Photos: Retained for 30 days after the trip (covers the 14-day dispute window plus buffer), then automatically deleted
Data Breach Notification
In the event of an eligible data breach likely to cause serious harm, we will notify affected individuals and the OAIC as soon as practicable and in accordance with the Notifiable Data Breaches scheme.
Your Rights
- Access: You can request access to your personal information
- Correction: You can request correction of inaccurate information
- Deletion: You can request deletion of your account and personal information
- Portability: You can request a copy of your data in a portable format
- Statutory Tort for Serious Invasions of Privacy: Under the Privacy and Other Legislation Amendment Act 2024, individuals have a direct right to sue for serious invasions of privacy, including intrusions into seclusion and misuse of personal information (effective June 2025)
Account Deletion Requests
To request deletion of your account and personal information, please email:
Please include your registered email address and phone number for verification. We will process your request within 30 days. Note that some information may be retained where required by law (e.g., tax records, regulatory compliance).
Third Party Services
- Stripe: Payment processing (PCI-DSS compliant)
- Google Maps: Navigation and location services
- Firebase: Authentication and notifications
- Cloudinary: Secure document and photo storage (SOC 2 Type II, ISO 27001 certified, data encrypted at rest and in transit)
- Google Sheets: Internal compliance tracking and audit logs (access restricted to authorized personnel only)
- Transport for NSW: Driver and vehicle verification (DVD)
Document Storage & Security
Driver documents (licences, police checks, insurance, vehicle inspections) are:
- Stored securely on Cloudinary's Australian/Singapore CDN infrastructure
- Encrypted at rest using AES-256 encryption
- Transmitted via TLS 1.3 encrypted connections
- Access-logged for audit purposes
- Automatically deleted upon account closure (subject to legal retention requirements)
Vehicle inspection photos (pre-trip and post-trip) are retained for 30 days after the trip (covering the 14-day dispute window plus buffer), then automatically deleted.
Automated Decision-Making
Angelift uses automated systems to assist with the following decisions:
- Fare calculation: Fares are calculated automatically based on distance, time, and applicable surcharges
- Driver matching: Drivers are matched to bookings based on proximity, availability, and rating
- Route deviation detection: GPS data is compared against planned routes to detect safety-relevant deviations
- Fatigue management: Online time is tracked to enforce mandatory rest periods
- Document expiry: Automated alerts and account suspensions for expired driver documents
These systems use algorithms and software-based rules. No AI-generated decisions are made without human oversight for account-level actions such as suspensions or deactivations. Angelift will update this section if the law or the platform's decision-support systems materially change.
Trip Audio Recording
The Angelift Rider App includes an optional audio recording feature for rider safety during trips.
How It Works
- Rider-initiated: Recordings are started and stopped manually by the rider during an active trip
- Local storage only: Audio recordings are stored only on the rider's device using encrypted local storage (IndexedDB)
- Not automatically shared: Angelift does NOT receive, store, or have access to audio recordings unless the rider explicitly attaches them to an incident report
- Rider controls deletion: Riders can delete their recordings at any time from their device
NSW Legal Compliance
This feature complies with the Surveillance Devices Act 2007 (NSW):
- One-party consent: Under Section 7 of the Act, a person may record a private conversation if they are a party to that conversation. The rider is a party to all conversations occurring in the vehicle during their trip
- Lawful interest: Recording for personal safety and evidence purposes is protected under Section 7(3)(b) as being "reasonably necessary" for the protection of the rider's lawful interests
- No notification required: NSW law does not require riders to notify drivers when recording conversations they are party to. However, drivers are informed of this possibility in the Driver Terms & Conditions
When Recordings Are Shared With Angelift
Audio recordings are only received by Angelift if the rider chooses to attach them to an incident report. When submitted:
- Recordings are uploaded securely via encrypted connection (TLS 1.3)
- Recordings are stored for the duration of the incident investigation plus 90 days
- Access is restricted to Angelift compliance and safety staff investigating the specific incident
- Recordings may be shared with law enforcement if legally required
- Recordings are permanently deleted after the retention period unless required for ongoing legal proceedings
Driver Acknowledgement
All Angel Drivers are informed in the Driver Terms & Conditions that riders may record audio during trips for their personal safety. By accepting a booking, drivers acknowledge this possibility.