ezylegal

Privacy Policy

Last updated: 20 May 2026

Draft. This policy is being finalised by counsel. Your information is handled in accordance with the Australian Privacy Principles in the meantime. Questions? Reach us at [email protected].

1. Who this applies to

This policy explains how ezylegal Pty Ltd (“we”, “us”) collects, uses, and protects personal information from clients, lawyers, and law-firm administrators using the ezylegal platform.

2. Information we collect

When you sign up as a lawyer or firm administrator we collect your name, work email, mobile (optional), practice or firm name, state of practice, and a password (stored as a hash, never in plain text). When firms onboard for payments, we collect business identifiers, BSB / account details (held by Stripe, never by us), and KYC information collected by Stripe Connect. When clients engage a lawyer, we collect the information necessary to handle the matter: contact details, documents uploaded, messages exchanged, and case metadata generated by the platform.

3. How we use information

We use personal information to operate the platform: route matters to lawyers, generate Rachel’s case-management outputs, facilitate settlement payments, send notifications, and provide customer support. We do not sell personal information.

4. AI features

Rachel and the document-generation features process case data to assist lawyers. Personal information is processed by AI providers we engage (currently Anthropic and OpenAI) under contracts that prohibit using customer data to train their models. We do not use AustLII content as inputs to AI features. Other restrictions are set out in our internal AI governance posture.

5. Storage & location

Production data is stored in Australia (DigitalOcean Sydney region). File storage uses encrypted object storage. Email is delivered via ZeptoMail; SMS via Twilio.

6. Sharing with third parties

We share information only as necessary to operate the platform: with the lawyers a client engages, with payment processors (Stripe) when payments are processed, with email and SMS providers when notifications are sent, and as required by law. Firm data is isolated from other firms’ data by our multi-tenancy model.

7. Your rights

Under the Australian Privacy Principles you may request access to, or correction of, personal information we hold about you. To make a request, contact [email protected].

8. Security

We use TLS in transit and encrypted storage at rest. Access to production systems is restricted to authorised personnel. Authentication is handled by Better Auth with industry-standard hashing. Stripe Connect handles all sensitive payment credentials.

9. Retention

We retain personal information for as long as required to provide the service and to meet legal and professional record-keeping obligations. Closed cases and inactive accounts are reviewed for retention or deletion in line with those obligations.

10. Complaints

If you believe we have mishandled your personal information you can contact us first at [email protected]. If unresolved, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.

11. Changes to this policy

We may update this policy. Material changes will be notified to users by email or in-product. The “Last updated” date at the top of this page reflects the most recent revision.