Overview
DriveLog is a record-keeping and audit compliance platform built for Australian driving schools. This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
Who We Are
DriveLog is operated by Drive Log Australia, based in New South Wales, Australia.
- Website: drivelog.com.au
- Email: support@drivelog.com.au
- Jurisdiction: New South Wales, Australia
What We Collect
We collect only the information necessary to provide driving school management and compliance services.
| Category | Data Collected | Who Provides It |
|---|---|---|
| Identity | Full name, date of birth | Learner driver |
| Contact | Mobile number, email address, residential address | Learner driver |
| Licence | NSW licence number, licence expiry date, licence class | Learner driver (via OCR scan or manual entry) |
| Booking | Test date, test time, test centre, package selected | Learner driver |
| Booking Confirmation | Screenshot/photo of official RMS/Service NSW test booking confirmation | Learner driver (uploaded image) |
| Lesson Records | Lesson dates, durations, notes, payment status | Driving instructor |
| Account | Instructor name, email, Google account (for login) | Driving instructor |
| Consent | Timestamp and version of privacy policy accepted | Automatically recorded at registration |
How We Use It
Personal information collected through DriveLog is used solely for the following purposes:
- Creating and managing student records for the driving school
- Scheduling and tracking driving lessons and test bookings
- Generating audit-ready compliance reports required by transport authorities
- Sending notification emails to instructors when a new student registers
- Verifying test booking details against the uploaded confirmation screenshot
- Saving student contact details to the instructor's Google Contacts for easy access
- Creating calendar events for lessons and tests in the instructor's Google Calendar
Google Services
DriveLog integrates with Google services when an instructor logs in using their Google account. The following Google APIs are used:
| Google Service | Purpose | Data Accessed |
|---|---|---|
| Google Calendar | Create and read lesson and test appointments | Instructor's calendar events |
| Google Contacts | Save student contact details for easy lookup | Instructor's contact list |
| Licence OCR | Extract details from uploaded licence photos automatically | Image content only — not stored by Google |
Google API access is granted by the instructor at login and is used exclusively on their behalf. DriveLog does not access, read, or store any Google data beyond what is explicitly described above.
DriveLog's use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
Booking Confirmation Screenshots
When a learner selects a test package, they may upload a screenshot or photo of their official RMS / Service NSW test booking confirmation. This image is:
- Stored securely in a private Supabase Storage bucket — not publicly accessible
- Linked to the learner's profile in the driving school's records
- Accessible only by the instructor associated with that school
- Used to verify and audit the test date, time, and centre details entered during registration
- Retained for a minimum of 7 years in accordance with Australian business record-keeping obligations
Data Storage & Security Infrastructure
All DriveLog data is stored using Supabase, a secure cloud database platform. Key protections include:
- Database hosted on servers with Australian data residency options
- Row-Level Security (RLS) — each driving school can only access its own data
- All data transmitted over HTTPS/TLS encryption
- Storage buckets are set to private — no public URL access to uploaded files
- Automatic inactivity logout after 30 minutes (APP 11 compliance)
- Access logging on sensitive student profile views
Data Retention
| Data Type | Retention Period |
|---|---|
| Student records & lesson logs | 7 years (Australian tax & business records obligation) |
| Booking confirmation screenshots | 7 years minimum |
| Consent logs | 7 years |
| Instructor account data | Duration of active account + 2 years |
| Error & access logs | 90 days |
Upon written request, we will delete personal information earlier where there is no legal obligation to retain it.
Your Rights
Under the Australian Privacy Act 1988, you have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — request correction of inaccurate or outdated information
- Deletion — request deletion of your personal information (subject to legal retention requirements)
- Complaint — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy rights have been breached
To exercise any of these rights, contact us at support@drivelog.com.au. We will respond within 30 days.
Security
We take reasonable steps under APP 11 to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Measures include:
- Encrypted data transmission (HTTPS/TLS)
- Private, access-controlled file storage
- Automatic session expiry after 30 minutes of inactivity
- Audit logging of all access to sensitive student profiles
- School-level data isolation — no cross-school data access
If you become aware of any security concern relating to your data, please contact us immediately at support@drivelog.com.au.
Contact Us
For any privacy-related questions, requests, or complaints: