XemTrack Docs

Privacy Policy

How XemTrack collects, uses, stores, and discloses personal information.

Effective date: 18 July 2026

This Privacy Policy explains how Xemrevin Pty Ltd trading as XemTrack (we, us, our) handles personal information in connection with the XemTrack GPS tracking and fleet platform, websites (including xemtrack.com.au and app.xemtrack.com.au), progressive web app, devices, notifications, AI features, and related services (the Services).

We handle personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act), where applicable, and other applicable Australian privacy laws.

By using the Services, you acknowledge this Policy. Our Terms and Conditions also apply.

1. Who we are

The Services are provided by Xemrevin Pty Ltd, an Australian company operating XemTrack from South Australia. Privacy questions and requests can be sent via the XemTrack contact page. Please mark the message as a privacy enquiry.

2. Scope

This Policy covers personal information we collect about:

  • account holders and authorised users of the dashboard;
  • purchasers and enquirers on our marketing or shop pages;
  • individuals whose information appears in fleet data you upload or generate (for example device labels, verified mobile numbers, or location history tied to a vehicle or asset); and
  • visitors to our websites and app.

If you use XemTrack to track vehicles or assets used by employees, contractors, or others, you are typically the organisation responsible for providing notices and obtaining any required consents from those individuals. We process that information as needed to provide the Services to you.

3. Personal information we collect

Depending on how you use the Services, we may collect:

Account and identity

  • name, email address, and authentication identifiers;
  • password and security data handled by our identity provider;
  • roles, subscription and plan status, and account preferences (for example time zone, theme, report retention);
  • verified mobile number for SMS alerts (where you enable SMS).

Billing and commerce

  • purchase and subscription records, invoices, credit balance and usage;
  • limited payment metadata from processors (we do not store full card numbers when payments are handled by Stripe, Payhip, or similar providers);
  • shipping or delivery details you provide for hardware orders (for example name, address, and contact details).

Device and IoT telemetry

  • device identifiers, labels, and configuration;
  • GPS location, speed, timestamps, trip and movement history;
  • device health signals (for example voltage, GSM/signal indicators, reporting gaps);
  • geofence, monitor, and alert configuration and event history.

This telemetry can be personal information where it relates to an identifiable individual (for example a driver associated with a vehicle).

Communications and support

  • messages you send via contact forms or support channels;
  • notification content and delivery logs for in-app, email, and SMS alerts.

AI and analytics usage

  • AI agent titles, instructions, schedules, scoped devices, run history, and generated summaries;
  • prompts used for instruction improvement and AI Insight reports;
  • product analytics events (for example feature usage) and, where enabled, session interaction data used to improve reliability and user experience.

Technical data

  • IP address, device/browser type, approximate location derived from IP, diagnostic and performance logs, cookies or similar technologies, and crash or error reports.

We do not intentionally collect sensitive information (as defined in the Privacy Act) unless you choose to provide it or it is necessarily embedded in content you submit. Please do not submit health, biometric, or other sensitive information unless we have expressly requested it for a stated purpose.

4. How we collect information

We collect information:

  • directly from you (account setup, settings, orders, support, AI instructions);
  • automatically from GPS trackers and the mobile network when devices report to our platform;
  • from your use of the dashboard, map, monitors, reports, and AI features;
  • from identity, payment, messaging, maps, analytics, and hosting providers acting on our behalf; and
  • from publicly available sources only where reasonably necessary (for example validating a business enquiry).

If you provide personal information about another person (including employees or drivers), you must have a lawful basis and any required authority to do so, and you should direct them to this Policy where appropriate.

5. Why we collect and use personal information

We collect and use personal information to:

  • provide, operate, secure, and support the Services (including live tracking, history, monitors, reports, and AI features);
  • create and manage accounts, authenticate users, and enforce plan limits;
  • process orders, subscriptions, credits, and payments;
  • send service notifications you configure (in-app, email, SMS);
  • improve reliability, performance, documentation, and product design;
  • detect, investigate, and prevent fraud, abuse, and security incidents;
  • comply with law, respond to lawful requests, and establish or defend legal claims; and
  • communicate about the Services, including operational updates and (where permitted) marketing — you may opt out of marketing communications.

We do not sell personal information.

6. AI processing

When you use AI agents, AI Insight, or related features, we process relevant Customer Data (such as device telemetry summaries, your instructions, and account context) to generate outputs. Those outputs may be stored in your account (for example run history or reports) and may be emailed to you when you enable that channel.

AI providers process data to return model outputs. You should avoid placing unnecessary personal information in free-text prompts. AI outputs may be inaccurate; see our Terms for related limitations.

7. When we disclose personal information

We may disclose personal information to:

  • service providers who help us host, authenticate, map, message, bill, analyse, monitor, or run AI inference for the Services;
  • mobile network and messaging partners involved in device connectivity or SMS delivery;
  • professional advisers (lawyers, accountants, insurers) under confidentiality obligations;
  • regulators, courts, or law enforcement where required or authorised by law; and
  • a buyer or successor in a business transfer, merger, or restructuring, subject to appropriate privacy protections.

We require service providers who process personal information for us to handle it only on our instructions and with appropriate security, where that is within our contractual control.

8. Overseas disclosure

Our primary application and telemetry hosting is designed to keep core fleet data in Australia.

Some providers that support the Services may process personal information in other countries. Depending on the feature, this can include identity authentication, payment processing, SMS delivery, product analytics, AI model inference, and observability tooling. Those countries may include, from time to time, locations in which our providers operate (for example the United States, European Economic Area, or other regions where a subprocessor hosts infrastructure).

Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles the information in a manner consistent with the Australian Privacy Principles, or as otherwise permitted under the Privacy Act (including APP 8). By using the Services, you consent to such overseas disclosure where consent is an applicable basis under the Privacy Act.

9. Storage, security, and retention

We use technical and organisational measures appropriate to the nature of the information, including access controls, encrypted transit where standard for our stack, monitoring, and staff access limitations. No method of transmission or storage is completely secure; you also play a role by protecting account credentials and devices.

We retain personal information only as long as needed for the purposes above, including:

  • account and billing records for the life of the account and a period afterward as required for tax, dispute, and legal obligations;
  • telemetry and report history according to product settings and plan policy (you can configure report retention in account settings — see Data retention);
  • AI run history and notifications for operational and audit purposes for a reasonable period; and
  • backups and logs for a limited period for disaster recovery and security.

When information is no longer required, we take reasonable steps to destroy or de-identify it, except where retention is required by law.

10. Cookies, local storage, and analytics

We and our providers use cookies, local storage, and similar technologies to keep you signed in, remember preferences, secure the app, measure performance, and understand product usage. Analytics may include event tracking and, where configured, session replay or similar diagnostics to fix issues and improve the experience.

You can control cookies through your browser settings. Disabling certain technologies may limit functionality (for example staying signed in).

11. Direct marketing

We may send service-related messages that are necessary to operate your account. Where we send promotional marketing, we will do so in accordance with Australian law (including the Spam Act) and provide an unsubscribe mechanism where required. Operational alerts you configure (for example live monitor SMS) are not marketing.

12. Access, correction, and your choices

You may request access to, or correction of, personal information we hold about you by contacting us via the contact page. We will respond within a reasonable period as required by the Privacy Act.

You can also update many profile details directly in the app (for example time zone, theme, report retention, and mobile verification settings).

You may request deletion of your account or certain data. We will consider requests in accordance with the Privacy Act and our legitimate retention needs (for example billing records). Deleting telemetry may affect your ability to use historical map layers, reports, and AI features.

If you are an employee or driver whose vehicle is tracked by a XemTrack customer, please contact that organisation first; we may need to refer your request to them as the primary account controller for that fleet data.

13. Complaints

If you have a privacy complaint, contact us via the contact page and include enough detail for us to investigate. We will endeavour to respond within a reasonable time.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au).

14. Children

The Services are intended for business and adult users. We do not knowingly collect personal information from children under 18 for the purpose of creating accounts. If you believe we have collected such information in error, contact us and we will take appropriate steps.

15. Third-party sites

Our sites may link to third-party websites (for example shop checkout, coverage maps, or documentation references). Those sites have their own privacy practices. We are not responsible for their content or privacy controls.

16. Changes to this Policy

We may update this Privacy Policy from time to time. The effective date at the top will change when we do. Significant changes may also be notified in-app, by email, or on our website. Continued use of the Services after an update constitutes acknowledgment of the updated Policy, except where applicable law requires otherwise.

17. More information