Effective Date: June 29, 2025

Privacy Policy for DriveVault

1. What is Personal Information?

In Australia, "personal information" is information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; and

• whether the information or opinion is recorded in a material form or not.

This can include names, email addresses, phone numbers, and other identifying details.

2. Information We Collect

We collect various types of personal information to provide and improve our service to you. We only collect personal information that is reasonably necessary for or directly related to our functions or activities.

a. Information You Provide Directly:

• Account Registration Information: When you register for a DriveVault account, we collect your dealership's name, your name, email address, phone number, and any other details you provide during the setup process.

• Billing Information: If you subscribe to a paid plan, we collect billing details, which may include credit card information, billing address, and other payment-related data. Please note that we use reputable third-party payment processors, and we do not directly store your full credit card details on our servers.

• Communications: When you contact us for support, send us emails, or interact with us through other channels, we collect the content of those communications.

b. Information Collected from Dealership Users:

• User Account Details: For each user within your dealership's DriveVault account, we collect their name, email address, assigned roles, and access permissions.

• Document Metadata: When documents (deal packs) are uploaded to DriveVault, we collect metadata associated with these documents, such as file names, upload dates, and the user who uploaded them. We do not access or process the content of the documents themselves for any purpose other than providing the storage and sharing functionalities you configure within the platform. Your dealership remains the controller of the personal information within the uploaded documents.

c. Information Collected Automatically (Usage Data and Cookies):

• Usage Data: We collect information on how the service is accessed and used. This Usage Data may include information such as your computer's Internet Protocol (IP) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

• Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. We will notify you about the use of cookies through a banner or pop-up on our website.

3. How We Use Your Personal Information

DriveVault uses the collected personal information for the following primary purposes:

• To Provide and Maintain the Service: This includes managing your account, providing customer support, and enabling the core functionalities of document storage and management as per your subscription.

• To Improve Our Service: We use de-identified or aggregated usage data to understand how our platform is used, identify areas for improvement, and develop new features.

• To Manage Your Subscription: To process payments and provide you with access to subscribed features.

• To Communicate with You: To send you service-related announcements, updates, security alerts, and administrative messages.

• To Ensure Security: To detect, prevent, and address technical issues, fraud, or other security concerns.

• For Compliance and Legal Obligations: To comply with applicable Australian laws, regulations, and legal processes.

Direct Marketing: We will only use or disclose your personal information for the purpose of direct marketing if:

• We have your consent, or it is impracticable to obtain your consent; and

• You would reasonably expect us to use or disclose your personal information for direct marketing; and

• We provide a clear and easy way for you to opt-out of receiving direct marketing communications.

4. How We Share Your Personal Information

We understand the sensitive nature of the personal information stored on DriveVault and are committed to protecting it. We do not sell or rent your personal information to third parties. We may share your information in the following limited circumstances:

• With Your Dealership (as part of your account): Information is shared within your dealership's account to facilitate the functionality of the platform (e.g., access permissions for different users).

• With Your Consent: We may share your information if you give us explicit permission to do so.

• With Service Providers: We may employ third-party companies and individuals to facilitate our Service (e.g., cloud hosting providers, payment processors, analytics providers). These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We take reasonable steps to ensure these service providers are compliant with the APPs or subject to similar privacy obligations.

• For Legal Reasons: We may disclose your personal information where required or authorised to do so by Australian law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of Australian law enforcement, or to protect the security or integrity of our Service.

• Business Transfers: If DriveVault is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different Privacy Policy.

5. Cross-Border Disclosure of Personal Information (APP 8)

As a cloud-based service, your personal information (including dealership data and potentially customer data uploaded by dealerships) may be stored or processed on servers located outside of Australia.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information. This may involve:

• Entering into contractual arrangements with overseas service providers that require them to comply with Australian privacy laws; or

• Ensuring the overseas recipient is subject to a law or binding scheme that has the effect of protecting the information in a way that is substantially similar to the Australian Privacy Principles.

By using DriveVault, you acknowledge and consent to the potential transfer of your personal information to overseas recipients for the purposes outlined in this policy.

6. Data Quality (APP 10) and Data Security (APP 11)

The security and quality of your data are paramount to us.

• Data Quality: We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up-to-date, complete, and relevant for the purpose for which it is collected.

• Data Security: We implement a variety of technical and organisational security measures, including encryption, access controls, secure coding practices, and regular security audits, to protect your personal and dealership data from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee its absolute security. 

7. Data Retention

We retain personal information for as long as necessary to provide the services you have requested, comply with our legal obligations (including Australian tax and accounting laws), resolve disputes, and enforce our agreements. When your account is terminated, or you request deletion, we will take reasonable steps to securely delete or de-identify your personal information in accordance with our data retention policies and legal requirements.

8. Notifiable Data Breaches (NDB) Scheme

DriveVault is committed to complying with Australia's Notifiable Data Breaches (NDB) scheme. In the event of an eligible data breach (i.e., a data breach that is likely to result in serious harm to any individual whose information is involved), we will:

• Conduct a reasonable and expeditious assessment of whether the breach is an eligible data breach.

• If it is an eligible data breach, notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable.

• Notify affected individuals as soon as practicable, providing details of the breach and recommendations on steps they can take in response.

9. Your Data Protection Rights (Access and Correction - APPs 12 & 13)

Under the Australian Privacy Principles, you have the right to:

• Access Personal Information (APP 12): Request access to the personal information we hold about you. We will provide access unless an exception under the Privacy Act applies.

• Correction of Personal Information (APP 13): Request that we correct any personal information we hold about you that is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We will respond to your request within a reasonable time and, where possible, in the manner you requested. We may charge a reasonable fee for providing access, but not for making a request for access or for corrections.

10. Anonymity and Pseudonymity (APP 2)

Where it is lawful and practicable, individuals have the option of dealing with us anonymously or by using a pseudonym. However, given the nature of the DriveVault service, it is generally not practicable for us to provide our services to individuals who have not identified themselves or who are using a pseudonym, as account management and secure access require identifiable information.

11. Complaints About Privacy

If you have a complaint about how DriveVault has handled your personal information, please contact us directly using the details provided below. We will acknowledge your complaint within a reasonable time and will investigate and respond to your complaint within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Online: www.oaic.gov.au

• Phone: 1300 363 992

• Mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001

12. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy, your privacy rights, or wish to make a complaint, please contact us:

• By email: help@drivevault.app