Privacy Policy

This site and freight portal are operated by TASMAN FREIGHT QLD PTY LTD (ABN 86 670 406 372), a Queensland-incorporated refrigerated freight carrier. In this policy we refer to ourselves as Tasman Freight.

Registered office: 12 Barnett Pl, Molendinar QLD 4214.
Phone: 07 5507 6712.
Email: wholesale@tasmanstarseafood.com.

This policy applies to personal information we collect when you:

• visit tasmanstarfreight.com.au;
• register for, or log in to, the Tasman Freight customer or driver portal;
• book a consignment, receive a quote, or sign a proof of delivery (POD);
• email, call or message our office about a booking, invoice or claim.

It does not cover sites we link to (for example, the Australian Business Register, or our sister brand Tasman Star Seafoods). Those sites have their own privacy policies.

We collect only what we need to operate a road-freight business, invoice properly, and meet our obligations under Australian law. Specifically:

Account and contact information

• your full name;
• your work email address;
• a hashed password (we never see or store your password in plain text);
• your role on our platform (customer, driver or administrator).

Business details

• business (trading) name;
• ABN, if you choose to provide one;
• business street address, suburb, state and postcode;
• business phone number.

Booking and consignment information

• pickup and drop-off addresses (including loading-dock or room notes);
• preferred pickup date and any written instructions you give us;
• cargo type and quantity (for example: wet freight, frozen pallet, dry pallet, tuna bin, poly box);
• agreed price and freight status history for the consignment.

Proof-of-delivery information

• a photograph of the consignment at delivery, uploaded by our driver from their phone;
• a receiver’s signature captured on-device;
• the date and time those items were captured.

The name and business address of the receiver are personal information about that person. If you are our customer, we rely on you having told the receiver that these details will be handled this way.

Technical information

• your IP address, browser type and device type (captured in server logs by our hosting provider for fraud prevention and uptime monitoring);
• a NextAuth session cookie, set only after you sign in, so we know your next request is still you.

What we don’t collect

• We do not run third-party analytics, advertising pixels, session replay, or marketing trackers on this site.
• We do nottrack driver or vehicle GPS location in real time. Address markers shown on a driver’s map are generated only from the addresses on their own assigned jobs.
• We do not knowingly collect information about children. Our portal is for business users only.

We collect personal information in three ways:

• From you directly. When you sign up, book a consignment, update your account, or email us.
• From our drivers on your behalf. When a driver marks a consignment as picked up, in transit or delivered, and when they capture a signed POD.
• Automatically. From your browser, in the form of a session cookie after sign-in and routine server logs.

If we ever collect personal information about you from someone else (for example, a receiver’s details from our customer), we take reasonable steps to make sure you know the details set out in this policy.

We use personal information only for the purposes you would expect us to:

• to create and manage your account and verify your identity when you sign in;
• to accept, price, dispatch, track, and deliver your consignments, and to communicate with you about them;
• to issue tax invoices and process payment, and to keep records we are required to keep under Australian tax, transport and work-health-and-safety law;
• to investigate claims, delays, damage or cold-chain breaches, and to defend or pursue legal claims;
• to send you service emails such as booking confirmations and POD copies;
• to improve, debug and secure the portal itself.

We do not sell your personal information. We do not share it with advertisers. We do not use it to train AI models.

We disclose personal information only where it is necessary for the purpose we collected it. The organisations that process personal information on our behalf are:

• Neon(Databricks, Inc.) — managed PostgreSQL database provider, accessed via the Vercel Marketplace. Stores account, booking, invoice and POD records.
• Vercel Inc.— our hosting provider. Runs the web application and stores POD photos and signature images in Vercel Blob storage. Captures standard server logs.
• Resend— our transactional email provider. Handles booking confirmations, status updates, and password-related emails. Processes your email address and message contents only.
• OpenStreetMap Foundation — Nominatim — geocoding service used to turn pickup and drop-off addresses into map markers for our drivers. Addresses are sent to Nominatim; no account information is sent.

Each of these providers is bound by written contractual security obligations.

We will also disclose personal information where:

• you have asked us to (for example, you have asked us to copy a third-party consignee on delivery emails);
• we are required or authorised by law (for example, by a subpoena, court order, ATO notice, or a request from a law-enforcement agency);
• it is necessary for a professional adviser (lawyer, accountant, insurer) to handle a claim, audit or dispute.

Some of our processors host or process data outside Australia. Before disclosing personal information overseas, we take reasonable steps to make sure the recipient handles it consistently with the APPs.

• Neon / Vercel— primarily process data in their contracted region(s), which may include Australia and/or the United States.
• Resend— processes email in the United States.
• Nominatim (OpenStreetMap)— the geocoding servers are hosted in the European Union.

If you would like current region information for any of these providers, contact us and we will confirm.

We take reasonable steps to protect personal information, including:

• all traffic between your browser and the portal is encrypted in transit using TLS (HTTPS);
• passwords are never stored in plain text — we use one-way bcrypt hashing with per-user salts;
• customer data, driver data and admin data are separated by role-based access control enforced on the server; customers only see their own consignments, drivers only see their own assigned loads;
• our database is encrypted at rest by our provider and sits behind connection-string authentication;
• we limit staff access to personal information to those who need it to do their job;
• we review access, dependencies and security practices regularly, and keep audit trails of status changes on every consignment.

No online system is 100% secure. If we become aware of an eligible data breach that is likely to cause serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

We keep personal information only as long as we reasonably need it:

• Account records— while your account is active, plus a reasonable period after closure.
• Bookings, PODs, invoices and status history — for at least seven (7) years from the end of the financial year in which the transaction occurred, to meet our tax, transport, and work-health-and-safety recordkeeping obligations.
• Server logs— typically 30 to 90 days, per our hosting provider’s defaults.

When we no longer need personal information, we securely delete or de-identify it.

We use only the cookies and browser storage that we need to run the portal. No marketing, advertising, or cross-site tracking cookies.

• Session cookie(NextAuth) — set only after you sign in, so we know your next request is still you. Cleared when you sign out or your session expires.
• Geocode cache (browser localStorage key tt-geocode-cache-v1) — stores map coordinates for addresses you have already looked up, so the driver map loads faster. Never leaves your device.

You can clear both at any time through your browser settings. Clearing the session cookie will sign you out.

You can ask us to:

• access the personal information we hold about you;
• correct personal information you believe is inaccurate, out of date, incomplete, or misleading;
• delete personal information that we are no longer required to keep by law.

You can update most of your own account and business details directly in the portal under Account. For anything you can’t change yourself, email wholesale@tasmanstarseafood.com from the email address on file. We may need to verify your identity before acting on a request. We will respond within a reasonable period, usually within 30 days, and will not charge a fee unless the request is complex.

Some information we are required by law to keep — for example, tax invoices and freight records — cannot be deleted on request until the statutory retention period ends.

If you think we have mishandled your personal information, tell us first. Email wholesale@tasmanstarseafood.com with the subject line “Privacy complaint”, and describe what happened and what outcome you’d like. We will acknowledge your complaint within 7 business days and aim to respond substantively within 30 days.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):

• Phone: 1300 363 992
• Web: oaic.gov.au/privacy/privacy-complaints
• Post: GPO Box 5288, Sydney NSW 2001

We may update this policy from time to time — for example, when we change providers, add new features, or respond to a change in Australian law. The “last updated” date at the top of this page always reflects the current version. Where a change materially affects how we handle your personal information, we will take reasonable steps to notify you — for example, by email to the address on your account or by a notice on this page.

The quickest way to reach us about anything in this policy is email. For general freight matters, phone is fine.