Legal
Privacy Policy
Last updated: 11 July 2026
This policy explains how PICKU AUSTRALIA PTY LTD (ABN 38 670 095 511), trading as BYRO, handles your personal information. We are bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). It covers our booking site (book.byro.au), our website (byro.au), our customer portal (my.byro.au), and bookings made by phone or email.
1. Information we collect
To provide your transfer we collect:
- Identity & contact details — your name, mobile number (your primary account identifier), and email address.
- Trip details — pickup and drop-off addresses, date and time, vehicle type, number of passengers, flight number(s) including any return leg, child-seat requirements, and any notes you add.
- Payment information — processed by Stripe. We store only the last four digits and card type, plus secure references — never your full card number, security code or expiry (see section 4).
- Business details (optional) — company name, ABN and billing address, if you request a company tax invoice.
- Account & booking history — your past bookings, cancellations, tips, saved (in-progress) bookings, and a reference to your saved card.
- Technical information — standard web and server logs, and error-diagnostic data from our monitoring tools, which may incidentally include the information above.
- Quote & visit activity — when you search for a price we may collect the routes, dates, vehicle and fares you view, together with your IP address and approximate location (city/region), to understand demand and improve our pricing and service.
2. How we use your information
We use your information to:
- provide, dispatch and manage your transfer;
- process payments, refunds and tax invoices/receipts;
- send booking confirmations and trip updates (including by SMS, WhatsApp or email);
- manage your account and saved details so future bookings are faster;
- provide customer support and handle complaints;
- prevent fraud and meet our legal, tax and regulatory obligations;
- with your ability to opt out, send service updates and post-trip review requests; and
- where you have given marketing consent, measure how our advertising performs, understand how visitors use our sites, and show you relevant ads — you can withdraw this consent at any time (see sections 7 and 10).
3. When you give us someone else’s details
If you book on behalf of another passenger, please make sure they are aware their details (such as name and contact number) are provided to us so we can carry out the transfer.
4. Card & payment data
Card payments are processed by Stripe. Your card details are captured securely by Stripe and are not transmitted through or stored on BYRO’s own systems. We retain only the last four digits and card type, and secure references that let Stripe identify your saved card for future bookings. BYRO never stores your full card number, security code or expiry date. Stripe’s handling of your data is governed by Stripe’s own privacy policy.
5. Who we share your information with
We share your information only as needed to run the service, with the providers below. We do not sell your personal information.
| Provider | Purpose |
|---|---|
| Stripe | Card processing, secure card storage and refunds |
| Google (Places & Maps) | Address autocomplete and distance/route at quote time |
| api.byro.au (our dispatch system) | Pricing and dispatching your booking to a driver |
| CRM | Customer and booking records, powering the my.byro.au portal |
| Sentry | Application error monitoring (diagnostics that may include request data) |
| Cloudflare | Hosting and delivery of our websites (CDN) |
| Our WordPress host | Hosting the booking system and order database |
| Email / SMTP provider | Sending confirmations, invoices and receipts |
| Trustindex / Google Reviews | Post-trip review requests and the reviews widget |
| Meta (Facebook / Instagram) | Advertising measurement and audience matching — only with your marketing consent, using hashed (irreversible) versions of your contact details plus coarse route information, never your exact addresses |
| Google (Ads & Analytics) | Advertising performance and conversion measurement. A no-PII ad click identifier (added by Google to your landing web address) is recorded with your booking and reported to Google to measure which ads lead to bookings, regardless of your cookie choice — it contains none of your contact details. Richer measurement and remarketing (hashed, irreversible versions of your contact details) only with your marketing consent, never your exact addresses |
We may also disclose information where required or authorised by law.
6. Overseas disclosure
Some of the providers we use to operate BYRO store or process data outside Australia. In particular, card payments are processed by Stripe; address look-ups use Google services; application error monitoring uses Sentry (European Union); a no-personal-information advertising click identifier is reported to Google in the United States to measure ad performance, regardless of your cookie choice; and, where you have given marketing consent, richer advertising and measurement data (including hashed contact details) is shared with Meta and Google in the United States; and our websites are served through global hosting and CDN providers. By using BYRO you consent to your personal information being disclosed to and processed by these providers, which may be located in the United States, the European Union and other countries. We take reasonable steps to ensure these providers handle your information consistently with the Australian Privacy Principles.
7. Cookies & similar technologies
We use essential cookies and local storage to run the booking flow — for example to keep your booking session,
your quote, and to carry your details between our website, booking app and portal (a cookie set on .byro.au so your choices survive across our subdomains). The reviews widget on our website is loaded from Trustindex.
With your consent, we also use marketing and analytics tags — such as the Meta pixel and Google
tags — to measure how our advertising performs. These are off by default and only load after you
accept marketing cookies in our consent banner; your choice is remembered in a byro_consent_marketing cookie set on .byro.au, and you can change it at any time through the banner or your browser
settings. You can control or clear cookies through your browser settings; disabling essential cookies may stop
the booking flow from working.
8. How long we keep your information
- Bookings, orders and invoices — kept for as long as needed to provide the service and to meet our tax, accounting and legal obligations (generally up to 7 years).
- Saved cards — kept until you ask us to remove them or your account is closed.
- Saved (in-progress) bookings — cleared automatically once a booking for that mobile number is completed.
- Quote data — short-lived (cached for around 15 minutes).
- Error/diagnostic logs — kept for a limited period in line with our monitoring provider’s retention.
9. How we protect your information
We take reasonable steps to protect your personal information. Payments are handled by Stripe over encrypted connections and BYRO does not store full card numbers. Access to booking data is restricted to authorised personnel and providers. No system is perfectly secure, so we cannot guarantee absolute security, but we work to protect your information and to meet our obligations under the Privacy Act.
10. Marketing, advertising & reviews
Booking confirmations, invoices and receipts are transactional messages about your trip. After your trip we may invite you to leave a review. You can opt out of non-transactional marketing at any time by contacting us; reviews you choose to leave on Google are public.
To promote BYRO we measure how our advertising performs, in two ways with different privacy treatments:
Google — advertising measurement (no personal information). When you arrive from a Google ad, Google adds a click identifier to the web address. If you then make a booking, we record that identifier with your order and report it to Google so we can measure which ads lead to bookings. This identifier does not contain your name, email, phone number or address, and is used to measure advertising performance regardless of your marketing-cookie choice. We do not share your contact details with Google.
Google & Meta — remarketing and richer measurement (only with your marketing consent). If you accept marketing cookies, we also share booking-funnel events (such as a price check or a completed booking) and hashed, irreversible versions of your contact details (for example your phone number or email) with Meta and Google, so they can attribute conversions and, where applicable, show you relevant ads. We share only coarse route information (for example region to region) — never your exact pickup or drop-off address. This is off by default: you opt in through our consent banner and can withdraw at any time via the banner or your browser settings, and withdrawing does not affect your booking.
11. Accessing or correcting your information, and complaints
You can ask us for a copy of the personal information we hold about you, or ask us to correct it, by contacting contact@byro.au. We will respond within a reasonable period. If you believe we have mishandled your personal information and you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
12. Contact us
PICKU AUSTRALIA PTY LTD trading as BYRO · ABN 38 670 095 511
Suite 532, 61 Jonson Street, Byron Bay NSW 2481
Phone / SMS: +61 440 136 000
Email: contact@byro.au