← Back to homepage

Privacy Policy

Last updated: May 2026

1. About this Policy

TLK Source ("we," "us," or "our") is a trading name of TLK Source, ABN 16 525 180 164. We provide independent freight and warehouse cost intelligence services to Australian shippers. This Policy describes how we collect, use, disclose, store, and protect personal information and commercial information across both our Freight Intelligence and 3PL Intelligence product lines.

Although TLK Source may not be required to comply with the Privacy Act 1988 (Cth) (the "Privacy Act") if our annual turnover falls below AUD $3 million, we voluntarily handle personal information in accordance with the Australian Privacy Principles (APPs) established under the Privacy Act.

2. Information we collect

We collect the following categories of information:

  1. Contact information: when you make an enquiry, purchase the Service, or communicate with us — including business name, ABN, contact person name, email address, and phone number.
  2. Commercial information: when you use the Service — including, depending on the product purchased: freight invoices, rate cards, carrier contracts, shipment manifests, lane data; 3PL contracts and pricing schedules, 3PL invoices, 3PL proposals and RFP responses, warehouse volume profiles, pick/pack activity, pallet and cubic storage data, labour and lease assumptions, WMS and systems fees, SLA schedules, exit and transition documentation; and any other operational data you submit for analysis. This information may contain third-party names, addresses, and other details relating to your carriers, 3PLs, customers, and suppliers.
  3. Website usage data: when you visit tlksource.com.au — including IP address, browser type, device information, pages visited, and interaction data. We use privacy-focused analytics and do not rely on third-party advertising trackers.
  4. Communication records: records of your communications with TLK Source via email, the portal, or our AI assistant Alex, including message content, timestamps, and metadata.

3. How we use your information

We use collected information to:

  1. Provide the relevant TLK Source service and deliver the purchased report, analysis, monitoring output, or tender materials;
  2. Respond to enquiries and provide customer support;
  3. Process payments via Stripe;
  4. Send service-related transactional emails via Resend;
  5. Improve our services, including maintenance of our proprietary benchmark dataset (where explicitly consented to and always in anonymised, aggregated form);
  6. Comply with legal obligations;
  7. Detect and prevent fraud or misuse.

4. How we share your information

We do not sell, rent, or trade your information. We disclose information only to the following service providers under appropriate contractual safeguards:

ProviderPurposeLocation
Cloudflare Pty LtdInfrastructure (compute, storage, DNS, security)Australia
Stripe Payments Australia Pty LtdPayment processingAustralia
ResendTransactional email deliveryUnited States
Anthropic PBCAI inference (zero-retention, no-training terms)United States

We may also disclose information to:

  1. Law enforcement or regulatory authorities where required by law;
  2. Professional advisors such as lawyers and accountants, under confidentiality obligations;
  3. Business successors in the event of a merger, acquisition, or sale of assets (with appropriate confidentiality safeguards).

5. Data location

  1. Client commercial data (invoices, rate cards, manifests, engagement records) is stored on Cloudflare infrastructure with Australian-region storage controls where available.
  2. AI-assisted analysis uses the Anthropic API, which processes data on United States infrastructure. Under our contractual arrangement with Anthropic, no data is retained by Anthropic after processing and no data is used to train Anthropic's models.
  3. Payment data is processed by Stripe and is not stored by TLK Source. Stripe's privacy practices are governed by Stripe's own privacy policy.
  4. Transactional emails are sent via Resend, which processes email addresses and message content on United States infrastructure.

6. Data retention

  1. One-off engagements (Freight Tender, 3PL Health Check, 3PL Tender, Advisory work): your uploaded data and the report we deliver are retained for the duration of the engagement plus 30 calendar days after final delivery, then automatically deleted.
  2. Annual monitoring subscriptions (Freight Monitoring, 3PL Cost Monitoring): your uploaded data and reports are retained for the active subscription term plus 30 calendar days from term end. Each renewal extends the window, so trend analysis and year-on-year comparison are possible throughout your subscription.
  3. You may delete your data at any time from the customer portal. We will remind you before doing so that year-on-year comparisons against deleted data are no longer possible.
  4. We email you at least 30 days before any automatic deletion, with a banner shown in your portal during the same window.
  5. Anonymised market reference data derived from your data — carrier rates by lane and freight type, fuel-levy mechanics, DIFOT, transit and invoice-accuracy benchmarks, 3PL rate ranges — is retained indefinitely as a market benchmark dataset only where you have given explicit consent at engagement start. The dataset contains no shipper identifiers; only carrier and 3PL names are retained, since the dataset describes their published commercial behaviour. Where consent has not been given, no derived benchmark data is retained.
  6. Engagement records (payment records, report metadata, audit logs) are retained for 7 years to comply with Australian tax and business record-keeping obligations.
  7. Marketing and enquiry data (where provided) is retained until you request deletion or for a maximum of 3 years of inactivity.
  8. To request manual deletion of any specific record, email hello@tlksource.com.au.

7. Security

We protect your information through:

  1. Encryption in transit (TLS 1.3) and at rest (AES-256);
  2. Per-engagement encryption keys stored separately from encrypted data;
  3. Role-based access controls with multi-factor authentication for administrators;
  4. Comprehensive audit logging of all data access events;
  5. Automated deletion schedules enforced by scheduled workers;
  6. Regular security review and monitoring;
  7. Annual penetration testing;
  8. Cyber liability and professional indemnity insurance.

8. AI processing notice

TLK Source uses AI to assist with the analysis of Client-supplied data. We want you to understand exactly how this works and what protections apply.

  1. What we use AI for. Document extraction (parsing invoices, contracts, rate cards, manifests), structured analysis (identifying variances, benchmark comparisons, red-flag clauses), and report drafting (the narrative findings, executive summaries, and recommendations you receive). AI is used inside our analysis pipeline; it is not an interface you interact with directly except for our chat assistant Alex.
  2. Which provider. We use the Anthropic Claude API (Anthropic PBC, United States). Specifically Claude Sonnet, Claude Opus, and Claude Haiku models, depending on the pipeline stage.
  3. Zero retention by Anthropic. Under our contractual arrangement with Anthropic, no Client data is retained by Anthropic after the API call completes. Anthropic does not store your prompts or our responses.
  4. No training on Client data. Anthropic does not use API traffic to train its models. Your data does not contribute to any AI model used by anyone, including us.
  5. Where AI processing happens. Inference runs on United States infrastructure. The API call sends prompts (which contain extracts of your data, contextualised for analysis) to Anthropic; Anthropic returns the structured analysis. Both the call and response transit over TLS. We log the metadata (timestamps, token counts, cost) but not the prompt content beyond what is necessary for debugging and quality assurance.
  6. Human in the loop. The first ten reports for each new product line are reviewed manually by a TLK Source analyst before delivery. Beyond the first ten, reports with a confidence score below 0.85 are also routed to manual review. You see the report only after it passes the review gate.
  7. Your right to opt out. If you do not consent to AI-assisted analysis, contact hello@tlksource.com.au before engagement commencement. We may decline the engagement in that case as our pipelines are AI-assisted by design; we will not silently switch you to a manual-only path without your knowledge.
  8. Your right to deletion. See clause 9 below. Deletion applies to all Client data we hold, whether the data was processed by AI or not.

9. Your rights

You have the right to:

  1. Access the personal information we hold about you;
  2. Request correction of inaccurate personal information;
  3. Request deletion of your data (subject to legal retention obligations);
  4. Request a deletion certificate following data deletion;
  5. Make a complaint about our handling of your information.

To exercise any of these rights, email hello@tlksource.com.au.

10. Complaints

If you have a concern about our handling of your information, please email hello@tlksource.com.au in the first instance. We will acknowledge your complaint within two business days and provide a substantive response within 30 days.

If your complaint is not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone on 1300 363 992.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be published at tlksource.com.au/privacy. The date at the top of this page indicates when this Policy was last updated.

12. Contact

For questions about this Policy, contact hello@tlksource.com.au.

TLK Source
ABN: 16 525 180 164
Australian-owned and operated

© TLK Source 2026. Australian-owned and operated.