Notices

Privacy Policy

Last updated: 26 June 2026

This Privacy Policy explains how AddTransit Pty Ltd (ABN 73 161 133 366) ("AddTransit", "we", "us") collects, uses, stores and discloses personal information through https://addtransit.com, our web application, our REST API, and our iOS/Android apps (together, the "Services").

We act as a data controller for our own account and marketing data, and as a data processor on behalf of transit operators for the passenger and booking data they collect through our ticketing and tours features.

1. The information we collect

Account & operator data — name, email, phone, mailing address, company/agency details, job title, and a hashed password. For operators receiving payouts, the business/identity details required by our payment processor.

Operator content — the GTFS feed data you upload or create (routes, stops, schedules, agency details, fares), and tour/ticket configuration.

Payment data — card payments are processed by Stripe; we do not store full card numbers. For operators receiving payouts we use Stripe Connect (bank/payout and identity details are held by Stripe, not us). We retain transaction metadata (amounts, dates, status, last-4 digits) for accounting.

Passenger / booking data — when an end-customer books a ticket or tour: name, contact details, journey/booking details and passenger counts, collected on behalf of the operator.

Communications — support tickets, and emails sent and received (transactional email via AWS SES; business mailboxes via Zoho).

Usage & device data — IP address, browser/device type, pages viewed, and analytics/interaction data via cookies (see "Cookies" below). Our mobile apps may collect device and location data where you enable location-based features (e.g. vehicle tracking, route mapping, stop location).

2. How we use it & legal bases

To provide the Services (performance of a contract); process payments and operator payouts (contract / legal obligation); send transactional email (contract / legitimate interests); send marketing email only with consent or to existing customers where permitted, always with an opt-out; analytics and product improvement (consent for non-essential cookies / legitimate interests); and support and security (legitimate interests / legal obligation).

3. Sub-processors

We use the following providers to run the Services. We do not sell personal information, and disclose data only to these processors, where legally required, or with your consent.

ProviderPurpose
Amazon Web Services (AWS)Hosting, database, file storage, transactional email (SES), DNS — region us-west-2 (USA)
StripeCard payments and operator payouts (Stripe Connect)
GoogleAnalytics (GA4), Ads/conversion, Tag Manager
MouseflowSession recording / heatmaps
ClickyWeb analytics
Meta (Facebook)Conversion pixel / advertising
ZohoBusiness email

4. International transfers

Service data is stored in the USA (AWS us-west-2). Transfers are covered by Amazon Web Services' standard contractual terms (which include the European Commission's Standard Contractual Clauses where applicable).

5. Data retention

Account/operator data is retained for the life of the account, then deleted or anonymised within 90 days of closure, except where longer retention is required. Booking and transaction records are retained for 7 years to comply with Australian tax/accounting law (held in anonymised form after an erasure request where required). Analytics are retained per each provider's settings. Unsubscribed/bounced email addresses are retained so we do not re-contact you.

6. Cookies & similar technologies

We use essential cookies (session/login, always on), analytics cookies (GA4, Clicky, Mouseflow) and marketing cookies (Google Ads, Meta Pixel). Non-essential cookies load only after you consent via our cookie banner. You can change or withdraw consent at any time via Cookie settings, and you can block cookies in your browser (some features may not work).

7. Your rights

Depending on your location (including the Australian Privacy Act and EU/UK GDPR), you may have the right to access, correct, delete, export, object to, or restrict processing of your personal information, and to withdraw consent.

To delete your account or data, use Account Deletion or email info@addtransit.com. For other requests, email info@addtransit.com — we respond within 30 days. You may complain to the Office of the Australian Information Commissioner (OAIC, oaic.gov.au) or your local EU/UK data protection authority.

8. Security

We protect personal information with measures including TLS in transit, hashed passwords, access controls and ongoing security review. No system is perfectly secure; we address vulnerabilities responsibly (security reports: legal@addtransit.com).

9. Children

The Services are not directed at children under 16; we do not knowingly collect their personal information.

10. Changes

We may update this policy; material changes will be posted here with a new "Last updated" date.

11. Contact

AddTransit Pty Ltd (ABN 73 161 133 366)
info@addtransit.com
Innovation House, 115 Regent Street, Little River, Victoria, Australia 3211

Last updated: 26 June 2026