Privacy Policy

Last updated: January 2025

ExaLaw Pty Ltd (ABN 12 345 678 901) (“ExaLaw”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, platform, and services.

1. About This Policy

This Policy applies to all personal information we collect through:

Our website (exalaw.com.au)
Our online platform and applications
Our communications with you
Third-party integrations you authorise

By using our services, you consent to the practices described in this Policy.

2. Information We Collect

2.1 Information You Provide

Account Information

Name and contact details
Email address
Password (encrypted)
Business name and ABN (if applicable)

Profile Information

Professional or business information
Preferences and settings
Communication preferences

Document Content

Information you enter into documents you create
Uploaded documents for review or storage
Signature data

Payment Information

Billing address
Payment method details (processed by our payment provider)

Communications

Support enquiries and correspondence
Feedback and survey responses

2.2 Information We Collect Automatically

Usage Information

Pages visited and features used
Time spent on the platform
Documents created and actions taken

Device Information

Browser type and version
Operating system
IP address
Device identifiers

Cookies and Similar Technologies

Session cookies for functionality
Analytics cookies for improvement
Preference cookies for personalisation

See our Cookie Policy section below for more details.

2.3 Information from Third Parties

Government Agencies

Registration confirmations and status updates (ASIC, ATO)

Payment Processors

Transaction confirmations and payment status

Lawyers in Our Network

Communication and engagement status

3. How We Use Your Information

We use your personal information to:

3.1 Provide Our Services

Create and manage your account
Process documents you create
Facilitate business registrations
Enable electronic signatures
Connect you with lawyers

3.2 Process Payments

Process subscription and document fees
Issue invoices and receipts
Manage refunds where applicable

3.3 Communicate With You

Send service-related notifications
Respond to support enquiries
Provide updates about your account
Send marketing communications (with your consent)

3.4 Improve Our Services

Analyse usage patterns
Identify and fix issues
Develop new features
Train and improve our AI (with appropriate safeguards)

3.5 Legal and Safety

Comply with legal obligations
Protect against fraud and abuse
Enforce our Terms of Service
Respond to legal requests

4. Legal Basis for Processing

We process your personal information based on:

Contract: To provide services you’ve requested
Consent: Where you’ve given permission (e.g., marketing)
Legitimate interests: To improve and protect our services
Legal obligation: To comply with applicable laws

We do not sell your personal information. We share information only as follows:

5.1 Service Providers

We share information with trusted providers who help us operate, including:

Cloud hosting providers (Australian data centres)
Payment processors (PCI-compliant)
Email service providers
Analytics services
Customer support tools

These providers are contractually bound to protect your information.

5.2 Lawyers in Our Network

When you engage a lawyer through our platform, we share relevant contact and matter information to facilitate the engagement.

5.3 Government Agencies

We submit information to ASIC, ATO, and other agencies as necessary to process registrations you request.

5.4 Legal Requirements

We may disclose information if required by:

Court order or legal process
Government or regulatory request
To protect our rights or safety
In connection with a merger or acquisition

We may share information for other purposes with your explicit consent.

6. Data Security

We implement robust security measures to protect your information:

Technical Measures

TLS 1.3 encryption for data in transit
AES-256 encryption for data at rest
Regular security audits and penetration testing
Multi-factor authentication options

Organisational Measures

Strict access controls
Employee security training
Incident response procedures
Regular policy reviews

Infrastructure

Australian-based data centres
SOC 2 certified hosting providers
Redundant backups
24/7 monitoring

Despite our measures, no system is completely secure. Please protect your account credentials and report any concerns immediately.

7. Data Retention

We retain your information for as long as necessary to:

Provide our services
Comply with legal obligations
Resolve disputes
Enforce our agreements

Typical retention periods:

Data Type	Retention Period
Account information	Duration of account + 7 years
Documents	Until deleted by you + 90 days
Payment records	7 years (tax requirements)
Support communications	3 years
Usage analytics	2 years (anonymised thereafter)

You can request deletion of your personal information at any time, subject to legal retention requirements.

8. Your Rights

Under Australian privacy law, you have the right to:

8.1 Access

Request a copy of the personal information we hold about you.

8.2 Correction

Request correction of inaccurate or incomplete information.

8.3 Deletion

Request deletion of your personal information (subject to legal requirements).

8.4 Restriction

Request that we limit how we use your information.

8.5 Portability

Receive your information in a portable format.

8.6 Objection

Object to processing based on legitimate interests.

Withdraw consent for processing where consent is the basis.

To exercise these rights, contact us at privacy@exalaw.com.au.

We will respond to requests within 30 days. We may need to verify your identity before processing requests.

9. Cookies and Tracking

9.1 Types of Cookies We Use

Essential Cookies Required for basic functionality. Cannot be disabled.

Functional Cookies Remember your preferences and settings.

Analytics Cookies Help us understand how you use our services.

Marketing Cookies Used to deliver relevant advertisements (with consent).

9.2 Managing Cookies

You can control cookies through:

Browser settings
Our cookie consent banner
Platform preferences

Note that disabling certain cookies may affect functionality.

9.3 Do Not Track

We respect Do Not Track browser signals where technically feasible.

10. Third-Party Links

Our services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

11. Children’s Privacy

Our services are not intended for children under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us.

12. International Transfers

Your information is primarily stored and processed in Australia. If we transfer information overseas, we ensure appropriate safeguards are in place, including:

Contractual protections
Recipient country adequacy assessments
Your explicit consent where required

13. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes by:

Posting the updated Policy on our website
Sending you an email notification
Displaying a notice when you log in

The “Last updated” date indicates when the Policy was last revised.

14. Complaints

If you have concerns about how we handle your personal information, please contact us first. We will investigate and respond within 30 days.

If you’re not satisfied with our response, you can lodge a complaint with:

Office of the Australian Information Commissioner (OAIC) Website: www.oaic.gov.au Phone: 1300 363 992

15. Contact Us

For privacy-related questions or requests:

Privacy Officer ExaLaw Pty Ltd Level 10, 123 George Street Sydney NSW 2000

Email: privacy@exalaw.com.au Phone: 1300 EXALAW (1300 392 529)