Quan Freight Management Logo

Privacy Policy

Quan Freight Management Pty Ltd (ABN 86 679 485 333) trading as QFM Logistics (“QFM”, “we”, “us”) handles personal information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth). This policy explains what we collect, why we collect it, who we share it with, and how you can access or correct it.

Last updated: 8 May 2026.

What we collect

We collect personal information that you provide directly to us, and limited technical information generated when you use our website or services:

  • Contact details — when you submit a quote, information, or damage-claim form. This typically includes your name, email address, phone number, company name, freight pickup and delivery suburbs, item descriptions, and any photos or supporting documents you choose to attach.
  • Account details — when you log in to the QFM Client Portal. We store your email address, login timestamps, the IP address used to log in, and the authentication tokens issued by our identity provider. We do not store passwords; the Client Portal uses one-time email codes for authentication.
  • Operational records — when QFM dispatches freight on your behalf. This includes consignment numbers, sender and receiver addresses, item descriptions, weights and dimensions, carrier name, and tracking events. These records are kept for as long as the freight relationship continues and for the periods set out in the Retention section below.
  • Technical data — automatically captured when you browse our website. This includes your IP address, browser user-agent string, the pages you view, the order in which you view them, and basic timing information. This data is used for security (rate-limiting abusive traffic, detecting unauthorised login attempts) and for aggregated analytics that help us improve the website.

We do not collect sensitive information as defined in the Privacy Act 1988 (such as health, racial or ethnic origin, religious beliefs, sexual orientation, or biometric data). If you submit such information unsolicited via a contact form, we will delete it from our records.

Why we collect it

  • To respond to your quote, information, and damage-claim enquiries.
  • To organise, dispatch, and track freight movements you have engaged us for.
  • To operate the QFM Client Portal and Staff CRM securely, including detecting unauthorised access attempts and maintaining audit trails.
  • To meet our record-keeping obligations under Australian tax, transport, work-health-and-safety, and corporate law.
  • To investigate and resolve disputes, claims, and complaints relating to freight we have handled.

We do not sell personal information. We do not use it for marketing other than direct correspondence in response to your enquiry. We do not share it with third parties for their own marketing purposes.

Anonymity

You can browse our website without providing any personal information. Submitting a quote, information, or damage-claim form necessarily requires contact details so we can respond, but you control which fields you complete; only a minimal set is required.

Who we share it with

We rely on a small number of trusted service providers to operate our website and freight platform. Personal information is shared with these providers only to the extent necessary for them to deliver the service, and they are bound by their own privacy obligations:

  • Resend (United States) — transactional email delivery for quote confirmations, login codes, and damage-claim notifications.
  • Supabase (Tokyo, Japan) — database and authentication for the Staff CRM and Client Portal.
  • Vercel (United States, with global edge regions) — website hosting, edge caching, and traffic analytics.
  • Machship (Australia) — transport management platform that QFM uses to dispatch and track consignments.
  • Google Analytics (United States) — aggregated, de-identified website usage statistics.
  • Transvirtual (Australia) — carrier tracking widget embedded on our shipment-tracking page.

Some of these providers store data outside Australia. By submitting personal information through our website, you consent to that overseas disclosure. We take reasonable steps to ensure overseas providers handle your information consistently with the Australian Privacy Principles, including by selecting providers with documented privacy and security programs.

We do not transfer personal information to any third party that is not listed above. If our list of service providers changes — for example, when we roll out a new feature that depends on a new provider — we will update this Privacy Policy and revise the “Last updated” date.

Cookies

Our website uses cookies for three purposes:

  • Authentication — keeping you signed in to the Client Portal between page loads.
  • Idle timeout — enforcing the four-hour idle-timeout for Client Portal sessions, so an unattended browser does not keep your session open indefinitely.
  • Analytics — Google Analytics and Vercel Analytics use cookies to count visitors and pages in aggregate; the data is de-identified and is not used to track you across other websites.

You can disable cookies in your browser at any time. The Client Portal will not function without session cookies, but the rest of the website will continue to work.

How long we keep it

  • Quote and information enquiries — retained while the relationship is active and for up to seven years after the last contact, to meet tax record-keeping obligations.
  • Damage-claim records and attachments — retained for seven years from the date of submission, covering the standard insurance claim and dispute window.
  • Client Portal accounts — retained while access is active and for up to twelve months after access is revoked.
  • Audit and login logs — retained for twelve months and then deleted.

We delete personal information when it is no longer needed for the purposes set out above, except where law requires a longer retention period.

How we protect your information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These steps include:

  • TLS encryption for all data in transit between your browser, our servers, and our service providers.
  • Encrypted-at-rest databases on Supabase.
  • Multi-factor authentication required for all staff access to the Staff CRM.
  • Row-level security policies on every multi-tenant database table, so an authenticated user can only access data they are explicitly authorised to see.
  • Audit logging of every login and privileged action, retained for twelve months for security investigation.

If we become aware of a data breach involving personal information that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme.

Direct marketing

We do not send marketing communications. The only emails you will receive from us are direct responses to enquiries you have submitted, transactional notifications relating to freight you have engaged us for (such as quote responses, dispatch confirmations, and damage-claim acknowledgements), or login codes you have requested for the Client Portal.

Children’s privacy

Our services are not directed at children. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has submitted personal information through our website, please contact us at accounts@qfmlogistics.com.au and we will delete it.

Your rights

You have the right to:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate, incomplete, or out of date.
  • Request deletion of information we no longer need to retain for legal, tax, or contractual reasons.
  • Make a privacy complaint about how we have handled your personal information.

To exercise any of these rights, email accounts@qfmlogistics.com.au with a clear description of your request. We will acknowledge receipt within seven business days and respond substantively within thirty days.

If you are not satisfied with how we have handled a privacy concern, you can refer the matter to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Contact us

Quan Freight Management Pty Ltd
Level 7, 570 St Kilda Road, Melbourne VIC 3004
accounts@qfmlogistics.com.au

Changes to this policy

We update this policy when our practices change — for example, when we add or remove a service provider, when our retention periods change, or when new services we offer collect different categories of information. The “Last updated” date at the top of this page reflects the most recent revision.

Material changes that affect existing customers will be communicated by email where practicable. We encourage you to review this policy periodically. Previous versions of this policy are available on request via accounts@qfmlogistics.com.au.