VanMan

Privacy Policy

Last updated: 1 February 2026

This Privacy Policy describes how VanMan Limited ("VanMan", "we", "us", or "our") collects, uses, stores, and protects your personal information when you use our moving company management software platform and related services (collectively, the "Service"). VanMan is a New Zealand-registered company providing cloud-based software-as-a-service (SaaS) solutions for the moving and removals industry.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Service immediately.

Information We Collect

We collect several categories of information to provide, maintain, and improve our Service. The types of information we collect depend on how you interact with VanMan and which features you use.

Personal Data. When you register for an account, subscribe to a plan, or interact with our Service, we may collect personal information that identifies you or relates to you as an individual. This includes your full name, email address, phone number, company name, company registration details, business address, job title, and any other information you voluntarily provide during account setup or while using the Service. If you are an end customer of a VanMan subscriber, your name, contact details, and move-related information may be stored within the platform by the moving company that services you.

Usage Data. We automatically collect information about how you access and use the Service. This includes the pages and features you visit or interact with, the time and date of your visits, the duration of your sessions, the actions you take within the platform (such as creating jobs, generating quotes, or managing schedules), your device type, operating system, browser type and version, screen resolution, and your Internet Protocol (IP) address. We may also collect referring URLs, search terms that led you to our site, and general geographic location inferred from your IP address.

Cookies and Tracking Technologies. We use cookies, local storage, and similar tracking technologies to maintain your session, remember your preferences, and gather analytics data about how the Service is used. These technologies help us understand usage patterns, optimise performance, and deliver a more personalised experience. For comprehensive information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

How We Use Your Information

We use the information we collect for a range of purposes, all aimed at delivering, maintaining, and improving the Service, and ensuring a secure and efficient experience for our users.

Service Delivery and Account Management. Your personal data is essential for creating and managing your account, processing your subscription, and providing you with access to the features included in your plan. We use your information to authenticate your identity, manage billing and invoicing, and ensure that your account settings and preferences are correctly applied. Your business information enables us to tailor the Service to your operational context, including configuring job templates, pricing structures, and regional settings.

Communications. We use your email address and phone number to send you transactional communications that are necessary for the operation of the Service. These include account verification emails, password reset requests, subscription confirmations, payment receipts, and job-related notifications. Where you have opted in, we may also send SMS notifications related to job status updates, crew assignments, or scheduling changes. We may occasionally send you product updates, feature announcements, or tips for getting the most out of VanMan, but you can opt out of non-essential communications at any time.

Product Improvement and Analytics. Aggregated and anonymised usage data helps us understand how the Service is used, identify popular features, detect areas for improvement, and prioritise our product development roadmap. We analyse usage patterns to optimise the user interface, improve system performance, and develop new features that address the needs of the moving industry. This data is used in aggregate form and is not linked back to individual users for these purposes.

Security and Fraud Prevention. We use your information, including IP addresses, device information, and access logs, to detect, investigate, and prevent unauthorised access, fraud, abuse, and other harmful activities. This includes monitoring for suspicious login attempts, enforcing rate limits, and maintaining audit trails of significant account actions. Our security measures are designed to protect both your data and the integrity of the Service as a whole.

Customer Support. When you contact us for support, we use your account information and any details you provide in your enquiry to diagnose issues, resolve problems, and improve our support processes. We may retain records of support interactions to provide continuity of service and to train our support team.

Data Sharing and Third Parties

We do not sell your personal information to third parties. We share your data only with trusted service providers who assist us in operating and delivering the Service. Each third-party provider is contractually obligated to protect your data and to use it only for the specific purposes for which it was shared. Below is a list of the key third-party services we use and the data shared with each:

  • Clerk (Authentication) — We share your name and email address with Clerk to manage user authentication, including sign-up, login, multi-factor authentication, and session management. Clerk processes this data to verify your identity and secure your account.

  • Supabase (Database Hosting) — All application data, including personal data, job records, customer information, scheduling data, and business configurations, is stored in databases hosted by Supabase. Supabase provides the underlying PostgreSQL infrastructure and is responsible for the storage and availability of this data.

  • Stripe (Payment Processing) — Your billing details, including payment card information, billing address, and subscription details, are shared with Stripe to process payments, manage subscriptions, handle refunds, and generate invoices. Stripe is a PCI DSS Level 1 certified payment processor, and your full card details are never stored on our servers.

  • Twilio (SMS Communications) — Phone numbers and message content are shared with Twilio to deliver SMS notifications related to job updates, scheduling confirmations, crew communications, and other operational messages. Twilio processes this data solely for the purpose of delivering these messages on our behalf.

  • SendGrid (Email Communications) — Email addresses and email content are shared with SendGrid to deliver transactional emails, including account notifications, password resets, job confirmations, invoice emails, and other service-related communications. SendGrid acts as our email delivery provider and processes this data to ensure reliable email delivery.

  • Xero (Accounting Integration) — When you choose to connect your Xero account, invoice data, contact details, payment records, and related financial information are synchronised with Xero to streamline your accounting workflows. This integration is optional and only activated at your request. Data is shared with Xero only when the integration is enabled and configured by you.

  • Google Maps (Mapping and Geocoding) — Pickup and delivery addresses entered into the Service are shared with Google Maps to provide mapping, route calculation, distance estimation, and address autocomplete functionality. Google processes these addresses to render maps and calculate routes within the VanMan interface.

  • Sentry (Error Tracking and Monitoring) — Anonymised and pseudonymised usage data, including error reports, stack traces, browser information, and session replay data, is shared with Sentry to help us identify, diagnose, and resolve software errors and performance issues. Personal identifiers are stripped or hashed before transmission where possible.

  • Vercel (Hosting and Deployment) — Access logs, IP addresses, request metadata, and performance metrics are processed by Vercel as part of hosting and serving the VanMan web application. Vercel provides the infrastructure on which the front-end application is deployed and served to users.

We may also share your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Data Storage and Security

We take the security of your data seriously and implement industry-standard technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction.

Encryption. All data stored within our systems is encrypted at rest using AES-256 encryption, one of the strongest block cipher standards available. All data transmitted between your browser and our servers, and between our servers and third-party services, is encrypted in transit using TLS 1.3, ensuring that your information is protected during transmission across networks. These encryption standards are regularly reviewed and updated to reflect current best practices.

Tenant Isolation. VanMan operates as a multi-tenant platform, and we employ strict tenant isolation measures at the database level to ensure that each customer's data is logically separated from that of other customers. Row-level security policies are enforced to prevent cross-tenant data access, and all database queries are scoped to the authenticated tenant. This architecture ensures that your business data, customer records, and operational information are accessible only to authorised users within your organisation.

Security Audits and Access Controls. We conduct regular security audits and vulnerability assessments of our infrastructure, application code, and third-party integrations. Access to production systems and customer data is restricted to authorised personnel on a need-to-know basis, and all access is logged and monitored. We employ role-based access controls within the application, allowing you to manage permissions for your team members according to the principle of least privilege. We also maintain an incident response plan to ensure that any security events are promptly identified, contained, and resolved, and that affected parties are notified in accordance with applicable laws.

Data Retention and Deletion

We retain your personal information only for as long as it is necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.

Active Accounts. For active accounts, we retain all data associated with your account for the duration of your subscription. This includes your personal information, business data, job records, customer information, financial records, and usage data. Data is maintained in its current state and is available to you through the Service at all times during your subscription period.

After Cancellation. Following the cancellation of your subscription, we provide a 30-day data export window during which you may download your data from the platform. During this period, your data remains intact and accessible for export purposes, though active use of the Service will be restricted. We offer data export in standard formats to facilitate portability. After the 30-day export window has elapsed, your data will be permanently and irreversibly deleted from our primary systems. All associated backups containing your data will be purged within 90 days of the deletion from primary systems. Once deletion is complete, your data cannot be recovered.

Legal Requirements. Notwithstanding the above, we may retain certain information for longer periods where required by applicable law, such as financial records that must be retained for tax or regulatory compliance purposes. In such cases, the retained data will be restricted from general processing and used only for the specific legal purpose that requires its retention.

Your Rights

Depending on your location and applicable privacy laws, you may have certain rights regarding your personal information. We are committed to facilitating the exercise of these rights and will respond to any valid request in a timely manner.

You have the following rights in relation to your personal data:

  • Right of Access — You have the right to request confirmation of whether we process your personal data and, if so, to request a copy of that data. You can access most of your data directly through the Service at any time via your account settings and data export features.

  • Right to Correction — You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You can update most of your information directly through your account settings, or you may contact us for assistance with corrections.

  • Right to Deletion — You have the right to request the deletion of your personal data, subject to certain exceptions (such as data we are required to retain by law). Upon receiving a valid deletion request, we will delete your data in accordance with our data retention procedures described above.

  • Right to Data Portability — You have the right to receive your personal data in a structured, commonly used, and machine-readable format. VanMan supports data export in JSON and CSV formats, enabling you to transfer your data to another service provider. You can initiate a data export through your account settings at any time.

  • Right to Object to Processing — You have the right to object to our processing of your personal data in certain circumstances, including processing for direct marketing purposes. If you object to processing for direct marketing, we will cease such processing without delay.

  • Right to Withdraw Consent — Where we rely on your consent as the legal basis for processing your data, you have the right to withdraw that consent at any time. Withdrawing your consent does not affect the lawfulness of any processing carried out before the withdrawal, nor does it affect processing carried out on other lawful grounds.

To exercise any of these rights, please contact us at privacy@vanman.app. We will endeavour to respond to your request within 20 working days, as required under New Zealand law, or within the timeframe applicable under your local privacy legislation. We may need to verify your identity before processing your request.

Cross-Border Data Transfers

VanMan is based in New Zealand, but our Service relies on cloud infrastructure and third-party service providers that may process your data in locations outside of New Zealand. Your data may be processed in New Zealand, Australia, and the United States, depending on the specific services and infrastructure components involved.

We take appropriate steps to ensure that any cross-border transfer of your data is conducted in compliance with applicable data protection laws. Where your data is transferred to a country that does not provide an equivalent level of data protection to your home jurisdiction, we implement appropriate safeguards to protect your data. These safeguards may include standard contractual clauses approved by relevant regulatory authorities, binding corporate rules, or reliance on the receiving country's adequacy status as determined by the applicable regulatory body.

New Zealand is recognised by the European Commission as providing an adequate level of data protection, which facilitates the transfer of data from the European Economic Area and the United Kingdom to New Zealand. For transfers to other jurisdictions, we rely on the safeguards described above and contractual commitments from our service providers to ensure that your data receives a consistent level of protection regardless of where it is processed.

Children's Privacy

The VanMan Service is designed for use by businesses and professionals in the moving and removals industry. Our Service is not intended for use by individuals under the age of 16, and we do not knowingly collect, store, or process personal information from anyone under the age of 16.

If we become aware that we have inadvertently collected personal data from a person under the age of 16, we will take immediate steps to delete that information from our systems. If you believe that we may have collected information from or about a child under 16, please contact us immediately at privacy@vanman.app so that we can investigate and take appropriate action.

Parents and guardians who become aware that their child has provided personal information to VanMan without their consent should contact us at the address above. We are committed to working with parents and guardians to ensure that the privacy of minors is protected.

Cookie Policy

VanMan uses cookies and similar tracking technologies to enable essential functionality, maintain your session state, remember your preferences, and collect analytics data that helps us improve the Service. Cookies are small text files placed on your device when you access our platform.

We use both session cookies, which expire when you close your browser, and persistent cookies, which remain on your device for a set period or until you delete them. Some cookies are strictly necessary for the operation of the Service, while others are used for analytics and performance monitoring purposes.

For full details about the specific cookies we use, their purposes, duration, and how to manage or disable them, please refer to our Cookie Policy. You can manage your cookie preferences at any time through your browser settings or through the cookie consent mechanism provided on our platform.

Regional Compliance

VanMan serves customers across multiple jurisdictions and is committed to complying with applicable privacy and data protection laws in each region where our users are located. This section outlines our compliance with specific regional privacy frameworks.

New Zealand Privacy Act 2020

VanMan is subject to the New Zealand Privacy Act 2020 and operates in compliance with the Information Privacy Principles (IPPs) set out in that legislation. We collect personal information lawfully and by fair means, directly from the individual concerned wherever practicable. We hold personal information securely and take reasonable steps to protect it from loss, unauthorised access, use, modification, or disclosure.

In accordance with the Privacy Act 2020, we are transparent about the purposes for which we collect and use personal information, and we do not use or disclose personal information for purposes other than those for which it was collected, except with the individual's consent or as permitted by law. We will notify the Office of the Privacy Commissioner and affected individuals of any notifiable privacy breach, as required under Part 6 of the Act. Individuals may lodge a complaint with the Office of the Privacy Commissioner if they believe we have interfered with their privacy.

Australian Privacy Principles

For our users in Australia, VanMan complies with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). We ensure that personal information of Australian users is handled in accordance with the APPs, including requirements relating to the collection, use, disclosure, storage, and security of personal information. Australian users have the right to access and correct their personal information held by us, and may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if they believe their privacy has been breached.

We take reasonable steps to ensure that personal information of Australian users that is transferred overseas receives a level of protection comparable to that required under Australian law. Where we disclose personal information to overseas recipients, we ensure that contractual arrangements are in place to protect the data in accordance with the APPs.

UK GDPR Compliance

For users in the United Kingdom, VanMan processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We process personal data on the basis of one or more lawful grounds, including the performance of a contract, our legitimate interests in operating and improving the Service, compliance with legal obligations, and, where applicable, your consent.

UK users have enhanced rights under the UK GDPR, including the right to access, rectify, erase, restrict processing, and port their personal data, as well as the right to object to processing and the right not to be subject to automated decision-making. We have appointed internal contacts responsible for data protection matters and maintain records of our processing activities as required by the UK GDPR. Users in the United Kingdom may lodge a complaint with the Information Commissioner's Office (ICO) if they believe their data protection rights have been infringed.

US State Privacy Laws (CCPA/CPRA)

For users who are residents of California, VanMan complies with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). California residents have the right to know what personal information we collect, use, and disclose, the right to request deletion of their personal information, the right to opt out of the sale or sharing of their personal information, and the right to non-discrimination for exercising their privacy rights.

VanMan does not sell personal information, nor do we share personal information for cross-context behavioural advertising purposes as defined under the CCPA/CPRA. California residents may exercise their rights by contacting us at privacy@vanman.app or through the privacy controls available within their account settings. We will verify your identity before processing any rights request and will respond within the timeframes required by applicable law. We also honour the requirements of other US state privacy laws, including those enacted in Virginia, Colorado, Connecticut, and other states, to the extent they apply to our processing activities.

Contact for Privacy Enquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: privacy@vanman.app

VanMan Limited New Zealand

This Privacy Policy was last updated on 1 February 2026. We may update this policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by sending you a notification via email or through the Service.