Privacy — Australia

Caselaw operates under the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) for Australia users. Data residency: Supabase EU-WEST (Frankfurt); regional read-replica in ap-southeast-2 considered if performance demands. Privacy regulator: Office of the Australian Information Commissioner.

• We comply with APP 1 (open and transparent management), APP 5 (notification at collection), APP 6 (use and disclosure), APP 11 (security).
• GST 10% applied via Stripe Tax for Australian transactions.

What we collect

• Email address (account, magic-link auth, transactional comms)
• University / year-level / exam-focus (only what you give us in the waitlist or settings)
• Salted IP hash for abuse prevention (never raw IP)
• Reading history within Caselaw — used to drive flashcards and revision suggestions; never sold
• Stripe customer / subscription state (via Stripe; we do not store payment card data)

What we don't collect

• Tracking cookies that follow you off the site
• Third-party advertising profiles
• Card numbers (Stripe processes them — we never see them)
• Voice / video / camera data — we have none of those features

Your rights

Access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability and the right to object — all exercisable by emailing [email protected]. We respond within 30 days. If you're not satisfied, you can lodge a complaint with the Office of the Australian Information Commissioner.

This regional privacy notice supplements our global privacy policy — read both. Effective 2026-05-01.