Privacy Policy

Last updated: 16 March 2026

RegoDue, the Australian rego reminder service (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Our service is designed for Australian users, and we keep APP-compatible privacy practices while also applying GDPR principles where relevant.

1. Information We Collect

When you create a reminder we collect:

  • Email address — to send your reminder emails.
  • State or territory code — to tailor reminder messaging.
  • Registration due date — to schedule your reminders.
  • Vehicle nickname (optional) — to personalise reminder emails.

We also automatically collect limited technical metadata — such as IP-derived information — used solely for security monitoring, abuse prevention, and rate limiting. This data is not used for profiling or marketing.

2. Purposes and Lawful Basis

The information above is collected for one primary purpose: to send you scheduled reminder emails before your vehicle registration due date. The lawful basis is performance of a contract with you (providing the reminder service you request) and our legitimate interests in operating, securing, and improving service reliability. We do not use your data for advertising, profiling, or unrelated marketing.

3. How We Use It

  • Send transactional reminder emails via our email delivery provider, Resend.
  • Send a one-time confirmation email when you sign up.
  • Maintain operational logs for reliability, error diagnosis, and security purposes.
  • If we add analytics or other tracking in future, this policy will be updated and reflected in a revised “Last updated” date at the top of this page.

4. Who We Share It With

We do not sell your personal data. We do not share it with marketing companies or data brokers. The only third party we share data with is:

  • Resend — our email delivery provider (resend.com). Your email address is transmitted to Resend to deliver reminder messages. Resend processes data as a sub-processor under its own privacy and security controls. We do not share your registration details with Resend beyond what is necessary to format and deliver your emails.

We may disclose information if required by Australian law or a valid court order.

5. Data Retention

  • Subscription data (email, state, due date, nickname) is retained until you unsubscribe. Once you unsubscribe, your record is marked inactive and deleted within 30 days.
  • Operational logs are retained for up to 90 days and then purged.
  • You may request immediate deletion of your data by emailing [email protected].

6. Your Rights

Under the Australian Privacy Principles, and where applicable the EU General Data Protection Regulation (GDPR), you have the right to:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate or out-of-date information.
  • Request deletion of your personal data.
  • Request restriction of processing where legally applicable.
  • Object to processing (where GDPR applies).
  • Request data portability where GDPR applies.
  • File a complaint with a relevant supervisory authority.

To exercise these rights, email us at [email protected]. We will respond within 30 days.

7. GDPR Essentials

  • Controller identity: Fromcode 119 LTD.
  • Purpose and lawful basis: processing is necessary to provide reminder delivery requested by you (contract) and for our legitimate interests in operating and securing the service.
  • Data subject rights: access, rectification, erasure, restriction, objection, portability, and the right to lodge a complaint with a supervisory authority.
  • Contact channel: [email protected].
  • Supervisory authority complaint route: the Commission for Personal Data Protection (CPDP) in Bulgaria, and the Office of the Australian Information Commissioner (OAIC) in Australia where relevant.

8. Cookies and Tracking

We do not use advertising cookies or third-party tracking pixels. The site may set session-level technical cookies required for basic web application operation (e.g. CSRF protection). These cookies do not contain personal information and are cleared when your browser session ends.

9. Australian Privacy Act 1988

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) to the extent they apply to our operations. Our practices are designed to be consistent with APP 1 (open and transparent management), APP 5 (notification of collection), APP 6 (use or disclosure), APP 11 (security), and APP 12 (access to personal information).

If you are located in the European Union or United Kingdom, your rights under the GDPR or UK GDPR also apply, and our practices are designed to be compatible with those requirements.

10. Security

  • All data is transmitted over TLS (HTTPS) and encrypted in transit.
  • Database access is restricted to authorised application services only.
  • We do not store payment card information of any kind.
  • Secrets and credentials are managed via environment variables, not source code.

No system is perfectly secure. If you become aware of a security issue, please contact us promptly at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted at this URL with a revised “Last updated” date at the top of the page. We encourage you to review this policy periodically. If changes are material we will endeavour to notify active subscribers by email.

12. Contact Us

For privacy-related questions, access requests, or complaints, contact us at:

[email protected]

If you are not satisfied with our response, you may contact the Bulgarian Commission for Personal Data Protection (CPDP) or the Office of the Australian Information Commissioner (OAIC) where relevant. .

13. Legal Entity

Operator: Fromcode 119 LTD

VAT: BG201550322

Location: Sofia, Bulgaria