At CAILO we are committed to protecting user privacy and complying with the regulatory environment. We understand that users value their privacy and may have concerns about the information collected and how it is used, stored, and distributed.
Our approach to user privacy is to ensure open and transparent management of information to ensure users are comfortable and fully understand what information we have, how we use it and how they can protect and manage their information with us.
We have documented in this statement how we manage user information including but not limited to what we collect, how we collect it, how it is stored, when we use it and limitations on who has access to the information and how its output is distributed.
This statement has been written with close reference to the Australian Privacy Act amendments and the Australian Privacy Principles and the relevant Workplace Surveillance legislation. For the purpose of this document 'information' or 'data' references Personal Information and 'users' refers to individuals to whom we have information for.
We will continue to review this statement in light of any updates or legislative changes and the most recent version will be published in the user portal at https://portal.cailo.com (login required) or can be requested directly by contacting us using any of the methods listed at the end of this statement.
We believe that our service is compliant with the relevant legislative provisions.
CAILO limits the collection of information to what is essential in order for us to deliver products and services to the user. We have documented what information we collect below.
Please note that there are instances where we may not collect the information based on the scope of the deployment and configuration.
It is at the user's discretion to the degree of accuracy they wish to provide us in their information input, however where accurate information is not provided, it may limit our ability to provide services.
Information is collected from various sources and also produced within our service delivery platform. By providing information through the users account setup and/or using our service, the user consents to our collection and storage of the information. This consent is obtained from each user via a prompt upon first use.
We have provided detail with reference to the information listed above in respect of how the information is collected.
User inputted information This information is collected through the user or user's employer providing the input via online form and/or system prompts during user setup or otherwise received directly.
In some instances (where the service is sponsored by a third party e.g. employer) we may receive some information directly. Where this is the case, within a reasonable time frame, we will input the information into the user account, and it is the employers responsibility to notify the user of the information and how it can be accessed and corrected. If the user has an issue with the information being used by CAILO a complaint can be raised to address the concerns through their employer or by contacting CAILO.
Calendar Integration This information is collected through the calendar feed feature from the user's calendar.
This feature is optional and at the user discretion as to whether they enable the functionality. All data is queried on demand and is not stored unless committed and saved by the user.
Vehicle Location Information & Driver Behaviour This information is collected through CAILO's integration through approved third-party OEM integration.
Vehicle Activity Information This information is collected through the processing of data sourced through approved third-party OEM integration with CAILO.
Third Party Information This information is provided by a third party to CAILO strictly for the use as defined.
All information is securely managed and stored by Microsoft Azure. Azure provides managed hosting services in a dedicated secure environment and meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards such as the Australian IRAP.
The Azure data centres are located on the east coast of Australia and are certified with enterprise level encryption (AES-256). Azure also commits to operating within ISO/IEC 27018 which is the code of practice for cloud privacy. CAILO protects data with real-time redundancy.
CAILO also follows ISO standards according to ISO27001 and ISO9001 framework.
All transmissions between our servers and users are protected by SSL encryption to secure and maintain the data integrity.
Transmissions between the CAILO and our servers are raw data string only and do not contain personally identifiable information. CAILO decodes the data in our secure cloud environment.
CAILO operates within the ISO 27001 and ISO9001 framework. The secure management of the CAILO's ICT infrastructure, systems and information, as defined in the Statement of Applicability version 1, dated 20 July 2019. (ISO 27001:2013).
Provision of fleet and data management services including processing, collation, analytical analysis of data and other associated services for organisations. (ISO 9001:2015).
By submitting and allowing us to collect information for you for the purpose of our service delivery (including core functions and activities) you agree to us storing, processing and collecting your data to comply with our service contract with you or your employer.
We may use data which has been anonymised and aggregated into a form where it is no longer personalised data. This may be used for a wide range of purposes for the benefit of CAILO. These may include enabling us to improve the service delivery and service quality, production of new and improved products/services, statistical analysis of usage patterns, behaviour statistics, benchmarking or relative analysis. No personal data that can identify an individual will be used for this purpose.
CAILO may, from time to time, send users information about new features, services, or updates relevant to our platform. We will only send such communications where the user has provided consent or where consent is implied under the Privacy Act.
Users may opt out of receiving direct marketing communications at any time by using the unsubscribe function included in the communication or by contacting us at our contact page. Opting out of direct marketing will not affect your access to our core services.
We are committed to maintaining an open and transparent channel to deal with requests from users related to their privacy.
Users can at any time access personal information about the individual that is held by us and also seek correction of such information.
CAILO has a support channel that can handle any request relating to this policy, simply click on our contact page and our team will undertake to respond to all requests.
If a user does not receive a response within a reasonable timeframe, escalations should be directed to the CEO on telephone 1800 564 2665 identifying the call as an 'escalated privacy related request'. These requests will be escalated to senior management and responded to upon receipt.
Upon receipt of an inquiry or complaint our team will investigate the issue and respond with a solution or if more time is required, an outline of the steps we will be taking to address the query and an estimated time frame when we expect to have a response to the user.
Please note that where the request involves information access and/or correction, we will require a formal identification process of the requestor to be completed before any requests will be processed.
User information is available and can be accessed via our web platform and mobile applications. A user may also receive alerts via email, push notification or SMS. Alerts disclose limited information, instead of requiring the user to login to action the alert.
Information can be accessed and updated by the user or the user may contact CAILO directly and submit a request for update. All update fields are protected by a secure login and any updates will be implemented in real-time.
We will not distribute any information without explicit written consent. Our information distribution model relies on the user facilitating any information distribution except in limited circumstances noted below.
The user has access to information that is suitable for distribution (such as the logbook report) and it is the user's responsibility to download/export any information (in the form of reports) and distribute (to relevant parties) it as necessary.
Where an employer has sponsored CAILO and is using the solution for enterprise purposes we will provide authorised persons with access to the secure CAILO portal.
Data access and privacy levels will be set based on the access level of the authorised individual. Where information is requested that is outside of the usual access levels, CAILO requires written authorisation from a verified authorised representative.
Access levels will be communicated directly to users via initial communications and/or presentations and/or user training. If you are an employee/driver and have any queries or would like to request additional information about the reporting available to your employer, we're here to help, please contact us at our contact page.
In remote circumstances, we may have arrangements with employers or third parties to provide and distribute information on behalf of users. We will only provide this service where there is written consent from the authorised person. This consent will be kept and referenced by selected staff who have access.
We have strict internal controls on who can access user information. We generally allow access only when required to perform tasks, then we restrict the access once completed.
Our Chief Technology Officer (CTO), has full responsibility for user access and information security. We have restricted access across our team and conduct regular internal audit procedures to uphold our information security function.
Our website and mobile applications may use cookies and similar technologies to enhance user experience, improve service delivery, and analyse how our services are used. Cookies are small data files stored on your device which help us recognise repeat visits and preferences.
We may also use third-party analytics services (such as Google Analytics) to help us understand how users interact with our site and applications. These tools collect information such as IP address, browser type, pages visited, and time spent on the site.
Users can control or disable cookies through their browser settings. Please note that disabling cookies may affect the functionality of some parts of our website or applications.
Analytics data is collected in aggregate form and does not identify individual users.
We may disclose information to the extent that it is required by law, order of any court, tribunal, authority or regulatory body, enforcement authority, rules of any stock exchange or any professional obligations or requirements. If this occurs, where practical and to the extent permitted by law, we will notify the user directly of the requirement to disclose and only disclose the minimum information.
We may also disclose if a permitted general situation exists in relation to a portion or all of the information or in an instance where a health situation exists requiring the information to be disclosed.
Any extraordinary disclosure requires approval by two directors of CAILO PTY LTD.
For your convenience, we store user data for a minimum period of 5 years in Australia and 7 years for New Zealand users. We securely destroy or de-identify personal information once it is no longer required for the purposes outlined in this statement or as required by law.
If users wish for their information to be removed and destroyed, please lodge a request via our contact us website page.
CAILO operates across Australia and New Zealand (ANZ) and does not store ANZ data outside of Australia. CAILO also operates in the United Kingdom and United States, all data from these countries are stored in Australia.
If you are located in the European Union or the United Kingdom, CAILO processes your personal data in compliance with the General Data Protection Regulation (GDPR) and the UK GDPR.
To exercise these rights, please contact us via our contact page.
All personal data is stored in Australia. Where we transfer personal data outside of the EU or UK, we take appropriate safeguards to ensure your data remains protected, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognised mechanisms.
CAILO also operates in the United States. While there is no single federal privacy law equivalent to GDPR, CAILO complies with applicable state privacy laws, including the California Consumer Privacy Act (CCPA), where relevant. US users may request access to, correction of, or deletion of their personal data at any time by contacting us.
We encourage users to contact us on our contact page with any further queries. Our team would be more than happy to help.
CAILO PTY LTD [ABN 684 100 918]
Version 1.0 as at 8 January 2026