Ask My Lawyer logo
AML

Privacy Policy

Last updated: 15 June 2026

This Privacy Policy explains how Ask My Lawyer Pty Ltd ("Ask My Lawyer", "we", "us") collects, uses, shares, and protects personal information when you use our website and services (the "Service"). Ask My Lawyer Pty Ltd is the data controller responsible for your personal information.

1. Information we collect

  • Account information: name, email address, password (hashed), and role (client or lawyer).
  • Profile information: for lawyers — practice areas, biography, qualifications, availability.
  • Consultation data: matter type, scheduled date/time, your written notes, and any documents you upload.
  • Communications: messages you send through the platform and support enquiries.
  • Technical data: IP address, device identifiers, browser type, and usage/telemetry data.
  • Cookies: essential cookies for authentication and session management.

Payment card details are collected and processed directly by Stripe and are not stored on our systems.

2. How we use your information

  • To create and manage your account and provide the Service.
  • To match clients with verified lawyers and facilitate video consultations.
  • To process bookings and pass relevant order data to Stripe for payment.
  • To provide customer support and respond to your enquiries.
  • To prevent fraud, abuse, and security incidents.
  • To improve and develop the Service.
  • To comply with legal obligations.

3. Legal bases for processing

We process your personal information on the following bases: performance of our contract with you, our legitimate interests (improving the Service, fraud prevention), your consent (where required), and compliance with legal obligations.

4. How we share your information

  • Lawyers on the platform: when you book a consultation, the assigned lawyer receives your matter details, notes, and uploaded documents.
  • Payment processor (Stripe): we share order and customer data with Stripe Payments Australia Pty Ltd to process payments, prevent fraud, and issue refunds.
  • Service providers / subprocessors: hosting, database, video infrastructure, email, and analytics providers acting on our instructions.
  • Professional advisers: legal, accounting, and insurance advisers.
  • Authorities: where required by law, court order, or to protect rights and safety.

5. International transfers

Some of our service providers may be located outside Australia. Where personal information is transferred internationally, we rely on appropriate safeguards such as standard contractual clauses or transfers to countries with adequate protection.

6. Data retention

We retain personal information for as long as your account is active and for a reasonable period afterwards to comply with legal, accounting, and dispute-resolution obligations. Consultation records and documents may be retained for longer periods where required by professional or regulatory rules. When no longer needed, data is deleted or anonymised.

7. Your rights

Subject to applicable law (including the Australian Privacy Principles and, where relevant, the GDPR), you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion or restriction of processing.
  • Object to processing or withdraw consent.
  • Request portability of your data.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local supervisory authority.

To exercise any of these rights, contact us at privacy@askmylawyer.com.au.

8. Security

We implement appropriate technical and organisational measures to protect your personal information, including encryption in transit (TLS), encryption at rest, role-based access controls, audit logging, secure authentication, and regular backups. Access to client matter data is restricted to the assigned lawyer and authorised platform staff on a need-to-know basis. No system is perfectly secure, but we work continuously to safeguard your data and respond to incidents promptly.

9. Privacy law compliance (Privacy Act 1988 & APPs)

Ask My Lawyer Pty Ltd is bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) issued by the Office of the Australian Information Commissioner (OAIC). Because we handle sensitive information (including legal matter details, identification documents, and health-related disclosures that may arise in legal consultations), we apply the heightened protections required for sensitive information under APP 3 and APP 11.

Our commitments under the APPs include:

  • APP 1 — Open and transparent management: we maintain this Privacy Policy and clear internal handling procedures.
  • APP 3 & 5 — Collection & notification: we only collect personal and sensitive information that is reasonably necessary for the Service, with your consent, and we tell you why we collect it.
  • APP 6 — Use and disclosure: sensitive legal information is used only for the primary purpose of delivering your consultation, except where you consent or the law requires otherwise.
  • APP 8 — Cross-border disclosure: where data is processed by overseas service providers, we take reasonable steps to ensure they handle it consistently with the APPs.
  • APP 11 — Security: we take active steps to protect information from misuse, interference, loss, unauthorised access, modification, or disclosure, and to destroy or de-identify it when no longer needed.
  • APP 12 & 13 — Access and correction: you may request access to or correction of your personal information at any time.

Notifiable Data Breaches scheme: if an eligible data breach occurs that is likely to result in serious harm, we will notify affected individuals and the OAIC as required by Part IIIC of the Privacy Act.

10. Security standards aligned with telehealth practice

Because legal consultations carried out by secure video share many of the same risks as telehealth, we align our practices with the privacy and security expectations set out in the Australian Digital Health Agency's Standards for Systems and Technologies — Telehealth Services. In practice this means:

  • End-to-end encrypted video infrastructure for consultations.
  • Authenticated, role-based access — only the client and assigned lawyer can join a consultation room or view its records.
  • Secure document upload and storage, with access tied to the specific matter.
  • Network and application security controls, including TLS, hardened authentication, and monitoring for unusual activity.
  • Privacy-by-design review of new features that handle sensitive information.
  • Vendor due diligence on subprocessors that support video, storage, and payments.

Reference: ADHA — Standards for Systems and Technologies: Telehealth Services.

11. Cookies

We use essential cookies required for authentication and session management. We do not use advertising cookies. You can manage cookie preferences in your browser settings; disabling essential cookies may prevent you from signing in.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email.

13. Contact us

Ask My Lawyer Pty Ltd, Australia. Email: privacy@askmylawyer.com.au.