Trust & Security

Your security is our priority

Our Commitment to Security

When you use ExaLaw, you’re trusting us with important information—your business details, legal documents, and personal data. We take that trust seriously.

This page explains how we protect your information and maintain the highest standards of security and privacy.


Data Security

Encryption

In Transit: All data transferred between your device and ExaLaw is encrypted using TLS 1.3, the most secure transport protocol available.

At Rest: All stored data is encrypted using AES-256 encryption, the same standard used by banks and government agencies.

Infrastructure

Australian Data Centres: Your data is stored in secure, SOC 2 certified data centres located in Australia. Your information never leaves the country.

Redundancy: We maintain multiple backups across geographically separated facilities to ensure your data is never lost.

Access Control: Access to our infrastructure is strictly limited to authorised personnel with multi-factor authentication and audit logging.

Application Security

Secure Development: Our software is developed following security best practices, including regular code reviews and automated security testing.

Penetration Testing: We engage independent security firms to conduct regular penetration testing of our systems.

Vulnerability Management: We actively monitor for security vulnerabilities and apply patches promptly.


Privacy

Our Privacy Principles

  1. Collection Limitation: We only collect information necessary to provide our services.

  2. Use Limitation: Your information is used only for the purposes you expect—never sold to third parties.

  3. Transparency: We’re clear about what we collect and how we use it.

  4. Access and Correction: You can access and correct your personal information at any time.

  5. Security: We protect your information with industry-leading security measures.

What We Collect

InformationWhy We Collect It
Account detailsTo provide access to your account
Contact informationTo communicate with you about your account and services
Document contentTo create, store, and manage your documents
Payment informationTo process payments (handled by PCI-compliant payment processors)
Usage dataTo improve our services and provide support

What We Don’t Do

  • ❌ We never sell your personal information
  • ❌ We never share your documents with third parties without your consent
  • ❌ We never use your content to train AI models without explicit permission
  • ❌ We never access your documents unless you request support assistance

Your Rights

Under Australian privacy law, you have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion of your data
  • Withdraw consent for marketing
  • Lodge a complaint with the OAIC

For privacy requests, contact privacy@exalaw.com.au.


Compliance

Australian Privacy Act

ExaLaw complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We maintain a comprehensive privacy policy and regularly review our practices.

Notifiable Data Breaches

We have procedures in place to identify, contain, and notify relevant parties in the event of a data breach, in accordance with the Notifiable Data Breaches scheme.

Industry Standards

We align our security practices with:

  • ISO 27001: Information security management
  • SOC 2 Type II: Service organisation controls (certification in progress)
  • OWASP: Web application security standards

Payment Security

We don’t store full credit card numbers on our servers. All payment processing is handled by PCI DSS Level 1 certified payment processors (Stripe).


Document Quality

Our documents are:

  • Drafted by qualified Australian lawyers with expertise in the relevant practice area
  • Reviewed regularly to ensure compliance with current legislation
  • Updated promptly when laws change
  • Jurisdiction-specific for Australian law

Version Control

We maintain version history for all our templates. If you create a document and the template is later updated, your original document remains unchanged in your account.

Limitations

While we strive for accuracy, ExaLaw provides legal documents and information, not legal advice. For complex matters or significant transactions, we recommend consulting with a qualified lawyer.


Business Continuity

Availability

We maintain 99.9% uptime for the ExaLaw platform, backed by:

  • Redundant infrastructure
  • Automatic failover systems
  • 24/7 monitoring
  • Incident response procedures

Data Backup

Your data is backed up:

  • Continuously: Real-time replication to secondary systems
  • Daily: Full backups retained for 30 days
  • Monthly: Archive backups retained for 12 months

Disaster Recovery

We maintain documented disaster recovery procedures and regularly test our ability to restore services in emergency scenarios.


Your Security Responsibilities

Security is a shared responsibility. To protect your account:

Account Security

  • Use a strong, unique password for your ExaLaw account
  • Enable two-factor authentication (2FA) if available
  • Don’t share your login credentials
  • Log out when using shared devices

Document Security

  • Review sharing settings before sharing documents
  • Revoke access when collaboration is complete
  • Be cautious about who you share sensitive documents with

Email Security

  • Verify email authenticity before clicking links
  • We’ll never ask for your password via email
  • Report suspicious emails to security@exalaw.com.au

Security Contact

Found a security vulnerability? Please report it responsibly:

Email: security@exalaw.com.au

We appreciate responsible disclosure and will:

  • Acknowledge receipt within 24 hours
  • Keep you informed of our progress
  • Credit you (with permission) for responsible reports
  • Not pursue legal action for good-faith security research

Questions?

If you have questions about our security or privacy practices, please contact:

Privacy Officer Email: privacy@exalaw.com.au

Security Team Email: security@exalaw.com.au


Last updated: January 2025