Privacy Policy

Version: 0.1-draft · Last updated: 2025-12-15

Developer note: This is an APP-aligned scaffold for counsel to finalise. It must be updated to accurately reflect production vendors, data retention settings, and cross‑border disclosures.

1. Overview

[Your Business Name Pty Ltd] (“we/us”) provides the Nomarch service. We aim to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. What personal information we collect

  • Account information: name, email, login credentials (hashed), practice area/jurisdiction (if provided).
  • Usage and activity: search queries, feature usage, timestamps, and related metadata.
  • AI inputs: text you submit (e.g., queries and drafted facts). Developer note: clarify what is stored vs only processed.
  • Payments: billing identifiers (Stripe customer/subscription IDs). We do not store full card details.
  • Device/network: IP address, user-agent, cookie consent logs.
  • Analytics: product analytics events if you opt in to analytics cookies (e.g., PostHog).

3. How we collect personal information

  • Directly from you (account creation, support requests, inputs you provide).
  • Automatically when you use the service (logs, cookies/localStorage, analytics if enabled).
  • From third parties (e.g., Stripe for payments, email delivery providers for deliverability signals).

4. How we use personal information

  • Provide and operate the service (authentication, rate limiting, feature delivery).
  • Security, fraud prevention, abuse monitoring.
  • Product analytics and improvement (only where consent is required and obtained).
  • Communications: service notices, account messages, and (if you opt in) marketing.
  • Legal compliance and responding to lawful requests.

5. Disclosure to third parties

We may disclose personal information to service providers to operate Nomarch. Developer note: counsel to confirm final list and describe categories/purposes.

  • Payments: Stripe.
  • Email delivery: Resend and/or SMTP provider (as configured).
  • Analytics: PostHog (only after analytics consent).
  • AI processing: OpenAI and/or Anthropic (depending on configuration).
  • Hosting/database: Vercel / managed Postgres (as configured).

6. Overseas recipients (APP 8)

Developer note: counsel to confirm where vendors process data (e.g., United States/Europe) and describe safeguards and how APP 8 is addressed.

7. Data retention

Developer note: finalise retention periods for (a) search queries/caches, (b) generated outputs, (c) usage logs, and (d) support communications. Ensure this section matches the actual database retention and cleanup jobs in production.

8. Security

We use reasonable administrative, technical, and physical safeguards. Developer note: describe controls at a high level (encryption in transit, access controls, monitoring) without over-promising.

9. Access and correction (APP 12/13)

You may request access to, or correction of, your personal information by contacting us at privacy@nomarch.com.au.

10. Complaints

If you have a privacy complaint, contact privacy@nomarch.com.au. Developer note: counsel to add internal response timeframe and OAIC escalation wording.

11. Notifiable Data Breaches (NDB)

Developer note: counsel to confirm breach notification approach consistent with the NDB scheme and internal incident response process.

12. Updates to this policy

We may update this policy from time to time. Material changes may be notified in-app or by email.

Contact

[Your Business Name Pty Ltd]

ABN/ACN: [00 000 000 000]

Registered address: [Level 00, 123 Placeholder St, City, State, 0000]

Email: privacy@nomarch.com.au

Developer note: Counsel to replace placeholders (entity name, ABN/ACN, address, and contact emails) before production.