← Back to login

Privacy Policy

Gorus Pty Ltd

Effective Date: 3/24/2026

1. Introduction

Gorus Pty Ltd (“Gorus”, “we”, “us”, “our”) provides a cloud-based logistics and transport management platform, including web applications, mobile applications and related integration services (the “Platform”).

We are committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

This Privacy Policy explains how we collect, use, disclose and protect personal information when customers, users, drivers and integration partners access or use the Platform.

2. Types of Information We Collect

We may collect the following categories of personal information:

  • Identity information such as name, email address, phone number and job title
  • Account information including login credentials and authentication data
  • Organisation information linked to customer accounts
  • Operational logistics data entered into the Platform
  • Device and usage information, including IP address, browser type, mobile device identifiers and app usage data
  • GPS location data from mobile devices where permissions are granted
  • Audit logs recording system access and changes
  • Communications with us, including support requests

Where customers upload documents (including transport documentation), those documents may contain personal information. Gorus processes this information on behalf of the customer.

3. How We Collect Information

We collect personal information:

  • Directly from customers and users when they create accounts or use the Platform
  • From mobile applications when users interact with features such as job management or proof of delivery
  • Through integrations including APIs, FTP/FTPS, webhooks and EDI
  • Automatically via logging, monitoring and security systems
  • From third parties authorised by the customer

Where GPS functionality is enabled, location data may be captured to support operational features such as job tracking and proof of delivery.

4. Purpose of Collection

We collect and use personal information to:

  • Provide and operate the Platform
  • Authenticate users and manage accounts
  • Process logistics data and documentation
  • Enable integrations with third-party systems
  • Send service notifications, password resets and transactional emails
  • Monitor performance, security and system integrity
  • Maintain audit trails and compliance records
  • Improve and develop our services

We do not sell personal information.

5. Data Storage and Security

Gorus uses reputable cloud infrastructure providers, including Google Cloud Platform and Amazon Web Services, and utilises managed database services such as MongoDB Atlas.

Security controls include:

  • Encrypted data in transit using TLS
  • Encrypted data at rest
  • Role-based access controls
  • Network isolation via Virtual Private Cloud (VPC)
  • Rate limiting and input validation
  • Audit logging of financial and operational changes
  • Soft deletion of records to preserve audit history

Operational logs are normalised in UTC. Older logs may be archived to secure cloud storage but remain retrievable.

Mobile applications may temporarily store limited data locally to support offline functionality. Data is synchronised when connectivity is restored.

6. Disclosure of Personal Information

We may disclose personal information:

  • To cloud hosting and infrastructure providers
  • To integration partners at the direction of the customer
  • To email delivery providers for system communications
  • To professional advisers
  • Where required by law

We take reasonable steps to ensure service providers comply with appropriate privacy and security standards.

7. Cross-Border Disclosure

Cloud service providers may store data in data centres outside Australia. Where this occurs, we take reasonable steps to ensure overseas recipients handle personal information in accordance with Australian privacy law.

8. Data Retention

We retain personal information for as long as required to provide services and meet legal, contractual and audit obligations. Gorus does not hard delete operational data in the normal course of business, but archives older records in accordance with internal retention policies.

Customers may request deletion of personal information where legally permissible.

9. Access and Correction

Individuals may request access to or correction of their personal information by contacting us at hello@gorus.io. We may need to verify identity before responding.

Where Gorus acts as a processor on behalf of a customer, requests may be referred to the relevant customer organisation.

10. Complaints

If you believe we have breached the Australian Privacy Principles, please contact us in writing. We will investigate and respond within a reasonable timeframe. If you are not satisfied, you may contact the Office of the Australian Information Commissioner.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will be published on our website with an updated effective date.