Try Free for 14 Days
Privacy

Privacy Policy

How we collect, use, and protect your personal information.

Effective: 16 February 2026

Contents

  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Disclosure of Your Information
  5. Cross-Border Data Transfers
  6. Data Security
  7. Access, Correction & Data Export
  8. Account Deactivation & Data Retention
  9. Cookies & Local Storage
  10. Changes to This Policy
  11. Contact Us

1. Who We Are

LawlinQ is a legal technology platform operated by LawlinQ Pty Ltd (ABN pending), a Queensland-registered company. LawlinQ provides practice management tools for Queensland criminal lawyers, including court list matching, client management, calendar synchronisation, document generation, and a town agency network for coordinating town agency requests.

For the purposes of the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), LawlinQ Pty Ltd is the entity responsible for handling your personal information through the LawlinQ platform.

If you have questions about this policy or your personal information, please see the Contact Us section below.

2. Information We Collect

We collect personal information that is reasonably necessary for us to provide the LawlinQ platform and related services. We collect information directly from you when you register, use the platform, or contact us.

Account Information

  • Name, title, email address, phone number
  • Law firm or chambers name and business address
  • Website (optional)
  • Password (stored as a salted hash, never in plain text)

Client & Matter Data

  • Client names, dates of birth, and contact details that you enter into the system
  • Court dates, charges, court locations, and matter reference numbers
  • Court events, task notes, and file attachments you upload

Town Agency Network Data

  • Agency requests, availability preferences, and town agency history
  • Outcome reports and agency correspondence
  • Messages exchanged with other practitioners through in-app chat

Calendar Data

  • If you connect your Outlook or Google calendar, we access calendar events to synchronise court dates. We store OAuth tokens (encrypted) and calendar event mappings.

Technical & Usage Data

  • IP address, browser type, and device information (collected in access logs)
  • Session data including login times and activity timestamps
  • Notification preferences and platform settings

Payment Information

Subscription payments are processed by Stripe. We do not store your credit card number. Stripe handles all payment card data under their own privacy policy.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Providing the service: Account authentication, court list matching, client management, calendar sync, task tracking, and document generation
  • Town agency network: Matching practitioners for town agency assistance based on location, availability, and preferences
  • Communications: Sending transactional emails (verification codes, password resets, security notifications, agency updates) via our email service provider
  • Security: Protecting your account through two-factor authentication, session management, and monitoring for unauthorised access
  • Improving the platform: Aggregated, de-identified usage data to understand how the platform is used and where to improve
  • Legal obligations: Complying with applicable laws, regulations, or court orders

We will not use your personal information for direct marketing without your consent. We do not sell personal information to third parties.

4. Disclosure of Your Information

We may disclose your personal information in the following circumstances:

  • Town agency network participants: When you use the town agency network, limited information (your name, firm, and relevant court date details) is shared with other practitioners to facilitate town agency arrangements. You control your visibility through your agency preferences.
  • Service providers: We use third-party services to operate the platform (see Cross-Border Data Transfers below). These providers process data on our behalf under contractual obligations to protect your information.
  • Legal requirements: We may disclose information where required or authorised by law, including to law enforcement agencies, courts, or regulators.

We do not disclose your client data to other practitioners. Client and matter information you enter is visible only to you unless you explicitly share it through town agency requests.

5. Cross-Border Data Transfers

In accordance with APP 8, we disclose below the countries where your personal information may be processed by our service providers. We take reasonable steps to ensure these providers comply with the APPs or are subject to substantially similar privacy protections.

Service Purpose Data Location Data Processed
MongoDB Atlas Primary database Sydney, Australia (ap-southeast-2) All application data (accounts, clients, court dates, messages)
Brevo (SendinBlue) Transactional email delivery France / European Union Email addresses, email content (verification codes, notifications, agency updates)
Stripe Payment processing United States Name, email, payment card details, subscription status
Microsoft Azure Outlook calendar sync (optional) United States / Global OAuth tokens, calendar event titles and dates (only if you connect your calendar)
Google Cloud Google Calendar sync (optional) United States / Global OAuth tokens, calendar event titles and dates (only if you connect your calendar)

Your primary application data (client records, court dates, messages, and account information) is stored in MongoDB Atlas in the Sydney, Australia region. Calendar synchronisation is optional and only activated when you explicitly connect your Outlook or Google account.

6. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • Encryption: All data in transit is encrypted via TLS/HTTPS. Database connections use encrypted channels. Passwords are hashed using industry-standard algorithms (never stored in plain text).
  • Authentication: Strong password requirements (minimum 12 characters with mixed case, digits, and special characters). Optional two-factor authentication (TOTP) with backup codes. Configurable session timeouts.
  • Access controls: Role-based access ensures users only see their own data. Administrative functions are restricted to authorised personnel.
  • Session management: Sessions are stored securely with automatic expiry. Users can view active sessions and terminate them individually or all at once. Security events (password changes, new logins, 2FA changes) trigger email notifications.
  • Infrastructure: Security headers (Content-Security-Policy, HSTS, X-Frame-Options) are enforced on all responses. CSRF protection is enabled on all forms. Rate limiting is applied to authentication endpoints.

7. Access, Correction & Data Export

Under APPs 12 and 13, you have the right to access and correct the personal information we hold about you.

Accessing Your Data

You can view and update most of your personal information directly through the LawlinQ Settings page, including your profile details, notification preferences, and security settings.

You can download a copy of all data we hold about you using the Download My Data feature in Settings > Security. This exports your profile, clients, court dates, events, tasks, assistance requests, notifications, and activity history as a JSON file.

Correcting Your Data

You can correct your profile information (name, email, phone, firm details) at any time through the Settings page. If you believe any other information we hold about you is inaccurate, please contact us and we will take reasonable steps to correct it.

Requesting Access

If you require access to personal information not available through the platform, you may submit a written request to us. We will respond within 30 days. We may need to verify your identity before providing access. Access may be refused in limited circumstances permitted by the Privacy Act (e.g., legal professional privilege).

8. Account Deactivation & Data Retention

You can deactivate your account at any time through Settings > Security. We recommend downloading your data before deactivating.

What Happens When You Deactivate

  • Your account is immediately locked and you cannot log in
  • OAuth tokens, 2FA secrets, and active sessions are cleared
  • A security notification email is sent confirming the deactivation
  • Your data enters a 90-day grace period during which you can contact us to reactivate

After 90 Days

  • Sole-party data is permanently deleted: clients, court dates, court events, tasks, notifications, calendar mappings, smart matches, files, and subscription records
  • Shared data is de-identified: Town agency requests, outcome reports, agency emails, chat messages, and activity logs are retained with your personal details replaced by a "Deactivated User" placeholder to maintain data integrity for other participants
  • Your user account document is permanently deleted

This process runs automatically. Once completed, deletion is irreversible.

9. Cookies & Local Storage

LawlinQ uses cookies and browser storage strictly for platform functionality. We do not use tracking cookies, advertising cookies, or third-party analytics.

  • Session cookie: A secure, HTTP-only cookie that identifies your authenticated session. Expires based on your configured session timeout (default 30 days).
  • CSRF token: A security token embedded in pages to prevent cross-site request forgery attacks. Generated per-session.
  • Trusted device token: If you enable "Trust this device" during 2FA login, a secure cookie is set to skip 2FA on that device for 30 days.
  • Local storage: Used for UI preferences such as sidebar state and notification settings. No personal information is stored in local storage.

10. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify registered users via email and update the effective date at the top of this page. We encourage you to review this policy periodically.

Minor changes (such as clarifications or formatting updates) may be made without notification. The current version of this policy is always available at /privacy.

11. Contact Us

If you have questions about this privacy policy, wish to make a complaint about our handling of your personal information, or want to exercise your rights under the Privacy Act, please contact us:

LawlinQ Pty Ltd

Email: admin@lawlinq.com.au

Website: www.lawlinq.com.au

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).