Privacy Policy

This Privacy Policy explains how Fleet (“Fleet”, “we”, “us”, “our”), the operator of the Fleet platform at fltads.com, collects, uses, stores, discloses and protects personal information when you use our website and services (the “Service”).

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the Service you agree to this Policy. It should be read together with our Terms of Service.

We collect the following categories of information:

Account and identity

• Your name, email address, and (if you sign in with Google) your Google profile photo and Google account identifier.
• Display name, phone number, and the password you set (managed by our auth provider).

Company and billing

• Company (tenant) details: company name, legal name, business address, phone, billing email, and team-member roles.
• Billing identifiers held by our payment processor (e.g. Stripe customer and subscription references). We do not store your full card number.

Campaign content you provide or generate

• Briefs, chat messages, prompts, uploaded files and brand assets, and the strategies, copy, images and video generated for you through the Service.

Usage, device and log data

• IP address, browser and device information, activity logs, and analytics and cookie data (see Cookies and analytics).

We collect personal information:

• directly from you, when you create an account, set up a Company, or use the Service;
• automatically, through cookies, analytics, and server logs as you use the Service;
• from Google, when you choose to sign in with Google (limited to the fields described below); and
• from our payment processor, in relation to billing and transactions.

We use personal information to:

• provide, operate, secure and improve the Service;
• create and authenticate your account and manage your Company and team;
• generate campaign outputs using AI features you request;
• process billing, payments and credits, and prevent fraud and abuse;
• provide support and respond to your enquiries;
• send you service communications, and — with an option to opt out — marketing communications (see Direct marketing); and
• comply with our legal obligations.

When you sign in with Google, we access your Google account name, email address, profile photo and Google account identifier via the email, profile and openid scopes.

We use this information solely to create and authenticate your Fleet account, identify you within your Company, and operate the sign-in feature. We do not sell it, and we do not transfer it to third parties except the sub-processors listed in this Policy who help us operate the Service, or where required by law.

You can revoke Fleet's access to your Google account at any time at myaccount.google.com/permissions, and you may request deletion of this data as described in Retention and deletion.

Fleet's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Our AI features send content you provide — including text prompts, uploaded images and brand assets, and generated outputs used as further inputs — to third-party AI providers to generate the outputs you request. These providers are OpenAI, Google AI and Anthropic.

Under our agreements with these providers (paid/API tiers), your content is not used to train their general models. Providers may retain content for a short period (typically around 7–30 days) for abuse monitoring before deletion, and may carry out limited human review for trust-and-safety and policy enforcement.

We do not automatically de-identify content before sending it for generation; we rely on our contracts with these providers. Please avoid including unnecessary personal or sensitive information in prompts and uploads.

We share personal information with trusted service providers who process it on our behalf to operate the Service:

• Supabase — authentication, database and sessions.
• Google Cloud (incl. Cloud Storage) — hosting and storage of files and creative assets.
• Stripe — payment processing, billing and tax.
• OpenAI, Google AI, Anthropic — AI generation features.
• Advertising platforms (e.g. Meta, Google, LinkedIn) — to set up and run campaigns, including advertising pixels and conversion tracking you ask us to configure.

We may also disclose information where required by law, to protect our rights, or in connection with a business transfer. We do not sell your personal information.

Several of our sub-processors are located in, or store data in, countries outside Australia, including the United States. By using the Service you acknowledge that your personal information may be stored and processed overseas. We take reasonable steps to ensure these providers handle your information consistently with this Policy and applicable law.

We use cookies and similar technologies to keep you signed in (e.g. authentication cookies), remember preferences, and understand usage through analytics such as Google Tag Manager. As part of campaign setup, we may also configure advertising pixels and conversion tracking on advertising platforms for your campaigns.

You can control cookies through your browser settings; disabling some cookies may affect how the Service works.

We take reasonable technical and organisational measures to protect personal information, including encryption in transit and at rest through our infrastructure providers, access controls, and least-privilege practices. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We retain personal information for as long as your account is active and as needed to provide the Service. When you close your account or request deletion, we will delete or de-identify your personal information within 90 days, except where we are required to retain it for legal, tax, accounting or dispute-resolution purposes.

Google account information obtained at sign-in is retained for as long as your account is active and deleted or de-identified when you delete your account or request deletion, subject to those legal obligations. You can revoke access at any time via your Google Account settings.

You may request access to, or correction of, the personal information we hold about you by contacting privacy@fltads.com. We will respond within a reasonable time and may need to verify your identity.

If you have a privacy complaint, please contact us first so we can try to resolve it. If you are not satisfied, you can escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

We may send you news, product updates and offers about Fleet. You can opt out at any time using the unsubscribe link in those messages or by contacting privacy@fltads.com. We handle direct marketing in line with APP 7 and the Spam Act 2003 (Cth). Service and transactional messages (e.g. billing, security) are not marketing and may still be sent.

Fleet is based in Australia and intended for Australian businesses. If you access the Service from outside Australia, your information will be handled in Australia and the other countries described above, which may have different data-protection laws. By using the Service you consent to this handling.

The Service is intended for business users aged 18 and over. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

We may update this Policy from time to time. We will post the revised version with a new “Last updated” date, and material changes may also be notified via the Service or email. Continued use after the effective date constitutes acceptance.

Questions or requests about privacy:

• Privacy: privacy@fltads.com
• OAIC: oaic.gov.au