Privacy Policy

Last updated: 26/05/2026

This policy explains how LegalSkills AU collects, uses, holds and discloses your personal information. It is written to comply with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles ("APPs").

1. What we collect

• Identifiers: the email address you provide at checkout or on the free-preview form.
• Transaction data: Stripe checkout session ID, payment intent ID, amount, currency, status — held to fulfil your purchase and meet tax/record-keeping duties.
• Service usage: when you log in to the dashboard, which skills you open, and when. Used to improve the product and to spot abuse.
• Marketing: if you opt in (or purchase), the messages we've sent you and whether you opened them.

We do not collect government identifiers, sensitive information (as defined in s 6 of the Privacy Act), or content of any prompt you run in a third-party AI tool.

2. Why we collect it

To deliver the Service, manage your account, process payments, respond to support enquiries, send transactional emails (welcome link, receipts), send occasional product-update emails, and meet our legal obligations.

3. How we hold it

Personal information is stored in Supabase (Postgres) hosted in the ap-southeast-2 (Sydney) region. Access is restricted to the LegalSkills AU operator and any service provider strictly necessary to deliver the Service (Stripe for payments, Microsoft 365 for email delivery).

4. Disclosure

We do not sell personal information. We disclose limited personal information only to:

• Stripe Inc. (payment processing) — handles your payment data under its own privacy regime;
• Microsoft Corporation (Microsoft 365 email) — used to deliver transactional emails;
• Supabase Inc. (cloud database) — hosted in Sydney;
• Any regulator or court where we are legally required to disclose.

5. Direct marketing

If you purchase or opt in via the free preview, we may send occasional product-update emails. Every email contains an unsubscribe link, and you can also email us. We use Microsoft 365 (no third-party trackers planted in the message body).

6. Cookies and tracking

Marketing tracking pixels (Meta) may be loaded on the landing page only — not inside the members dashboard. We do not use cross-site advertising cookies inside the member area.

7. Your rights under the APPs

• Access (APP 12): request a copy of the personal information we hold about you.
• Correction (APP 13): ask us to correct anything that's inaccurate.
• Deletion: ask us to delete your account and the personal information associated with it (subject to record-keeping duties for transaction data, typically 7 years).
• Complaint: if you're unhappy with how we've handled your personal information, write to us first. If we don't resolve it, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

8. Data breaches

If a data breach occurs that is likely to result in serious harm to individuals, we will assess and notify affected individuals and the OAIC in accordance with Pt IIIC of the Privacy Act (the Notifiable Data Breaches scheme).

9. Cross-border disclosure

Our database is in Sydney. Some service providers (Stripe, Microsoft) may store backup or operational data outside Australia. By using the Service you consent to that disclosure under APP 8.

10. Contact

Privacy queries, access requests, correction requests, and complaints: leonardo@rsabr.adv.br. We aim to respond within 30 days.