Our Commitment to Security
When you use ExaLaw, you’re trusting us with important information—your business details, legal documents, and personal data. We take that trust seriously.
This page explains how we protect your information and maintain the highest standards of security and privacy.
Data Security
Encryption
In Transit: All data transferred between your device and ExaLaw is encrypted using TLS 1.3, the most secure transport protocol available.
At Rest: All stored data is encrypted using AES-256 encryption, the same standard used by banks and government agencies.
Infrastructure
Australian Data Centres: Your data is stored in secure, SOC 2 certified data centres located in Australia. Your information never leaves the country.
Redundancy: We maintain multiple backups across geographically separated facilities to ensure your data is never lost.
Access Control: Access to our infrastructure is strictly limited to authorised personnel with multi-factor authentication and audit logging.
Application Security
Secure Development: Our software is developed following security best practices, including regular code reviews and automated security testing.
Penetration Testing: We engage independent security firms to conduct regular penetration testing of our systems.
Vulnerability Management: We actively monitor for security vulnerabilities and apply patches promptly.
Privacy
Our Privacy Principles
Collection Limitation: We only collect information necessary to provide our services.
Use Limitation: Your information is used only for the purposes you expect—never sold to third parties.
Transparency: We’re clear about what we collect and how we use it.
Access and Correction: You can access and correct your personal information at any time.
Security: We protect your information with industry-leading security measures.
What We Collect
| Information | Why We Collect It |
|---|---|
| Account details | To provide access to your account |
| Contact information | To communicate with you about your account and services |
| Document content | To create, store, and manage your documents |
| Payment information | To process payments (handled by PCI-compliant payment processors) |
| Usage data | To improve our services and provide support |
What We Don’t Do
- ❌ We never sell your personal information
- ❌ We never share your documents with third parties without your consent
- ❌ We never use your content to train AI models without explicit permission
- ❌ We never access your documents unless you request support assistance
Your Rights
Under Australian privacy law, you have the right to:
- Access your personal information
- Correct inaccurate information
- Request deletion of your data
- Withdraw consent for marketing
- Lodge a complaint with the OAIC
For privacy requests, contact privacy@exalaw.com.au.
Compliance
Australian Privacy Act
ExaLaw complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We maintain a comprehensive privacy policy and regularly review our practices.
Notifiable Data Breaches
We have procedures in place to identify, contain, and notify relevant parties in the event of a data breach, in accordance with the Notifiable Data Breaches scheme.
Industry Standards
We align our security practices with:
- ISO 27001: Information security management
- SOC 2 Type II: Service organisation controls (certification in progress)
- OWASP: Web application security standards
Payment Security
We don’t store full credit card numbers on our servers. All payment processing is handled by PCI DSS Level 1 certified payment processors (Stripe).
Document Quality
Legal Accuracy
Our documents are:
- Drafted by qualified Australian lawyers with expertise in the relevant practice area
- Reviewed regularly to ensure compliance with current legislation
- Updated promptly when laws change
- Jurisdiction-specific for Australian law
Version Control
We maintain version history for all our templates. If you create a document and the template is later updated, your original document remains unchanged in your account.
Limitations
While we strive for accuracy, ExaLaw provides legal documents and information, not legal advice. For complex matters or significant transactions, we recommend consulting with a qualified lawyer.
Business Continuity
Availability
We maintain 99.9% uptime for the ExaLaw platform, backed by:
- Redundant infrastructure
- Automatic failover systems
- 24/7 monitoring
- Incident response procedures
Data Backup
Your data is backed up:
- Continuously: Real-time replication to secondary systems
- Daily: Full backups retained for 30 days
- Monthly: Archive backups retained for 12 months
Disaster Recovery
We maintain documented disaster recovery procedures and regularly test our ability to restore services in emergency scenarios.
Your Security Responsibilities
Security is a shared responsibility. To protect your account:
Account Security
- Use a strong, unique password for your ExaLaw account
- Enable two-factor authentication (2FA) if available
- Don’t share your login credentials
- Log out when using shared devices
Document Security
- Review sharing settings before sharing documents
- Revoke access when collaboration is complete
- Be cautious about who you share sensitive documents with
Email Security
- Verify email authenticity before clicking links
- We’ll never ask for your password via email
- Report suspicious emails to security@exalaw.com.au
Security Contact
Found a security vulnerability? Please report it responsibly:
Email: security@exalaw.com.au
We appreciate responsible disclosure and will:
- Acknowledge receipt within 24 hours
- Keep you informed of our progress
- Credit you (with permission) for responsible reports
- Not pursue legal action for good-faith security research
Questions?
If you have questions about our security or privacy practices, please contact:
Privacy Officer Email: privacy@exalaw.com.au
Security Team Email: security@exalaw.com.au
Last updated: January 2025