Privacy Policy

1. Our Commitment to Privacy

Luris develops software for legal professionals, government users, and organisations handling sensitive information. Our systems are designed on the principle that client data should remain controlled, compartmentalised, and auditable.

We take reasonable steps to ensure that personal information:

• is securely stored
• is only accessible to authorised users
• is not used beyond its lawful purpose
• remains within Australia where hosted services are used

2. What Personal Information We Collect

We may collect personal information necessary to provide our products and services, including:

Account Information

• name
• email address
• organisation or firm name
• user role or access permissions
• login and authentication details

Usage and Technical Information

• IP address
• device and operating system information
• access timestamps
• software configuration data
• diagnostic logs and error reports

Support Communications

• correspondence with us
• technical support requests
• feedback or feature requests

3. Handling of Sensitive Information and Client Documents

Our software may process information contained in documents uploaded by users. This may include personal information contained in legal documents, pleadings, or case materials.

Given the nature of our services, these uploaded materials may contain "sensitive information" as defined by the Privacy Act 1988 (Cth), such as health information, criminal records, racial or ethnic origin, or professional association memberships.

Luris acts purely as a technology provider and data processor. We do not solicit or actively collect sensitive information for our own purposes, nor do we claim ownership of client data. It is the sole responsibility of the user, firm, or organisation uploading such documents to ensure they have the lawful right, authority, and necessary consents to collect and process this sensitive information using our platform. Luris applies strict security and compartmentalisation measures to all uploaded data, treating all client document contents with the highest level of confidentiality. We do not access document contents except where necessary to provide technical support requested by the user or as required by law.

4. How We Collect Personal Information

We collect information when you:

• create an account
• use our applications
• upload documents
• contact support
• interact with our website
• request demonstrations or services

Where reasonably practicable, we collect personal information directly from you.

5. Why We Collect Personal Information

We collect and use personal information to:

• provide and operate our software services
• authenticate users
• maintain system security
• provide customer support
• improve system stability and performance
• comply with legal and regulatory obligations

We do not sell personal information. We do not use client legal materials to train public artificial intelligence systems.

6. Direct Marketing

We may occasionally use your contact details to send you updates about Luris products, feature releases, security advisories, or promotional materials that we believe may be relevant to your professional use of our software.

We will only send direct marketing communications where you have consented, or where it is otherwise permitted by law. You may opt out of receiving marketing communications at any time by using the "unsubscribe" link provided in our emails, or by contacting us directly. Please note that opting out of marketing communications will not prevent you from receiving essential administrative, billing, or critical security notices related to your active account.

7. Data Hosting and Australian Data Sovereignty

Hosted deployments of Luris software are located within Australia (Sydney region). Databases, authentication records, and stored files can be maintained entirely onshore. This supports organisations that require Australian data residency, including legal practices and government entities.

8. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Security measures include:

• encryption of stored data (AES-256)
• encryption of data in transit (TLS 1.2 or higher)
• secure authentication systems
• role-based access controls
• database-level access restrictions between organisations
• audit logging
• regular security updates

Each customer organisation's data is logically separated so that users from one organisation cannot access another organisation's information.

9. Notifiable Data Breaches

Luris complies with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). In the event of an unauthorised access, disclosure, or loss of personal information that is likely to result in serious harm to any of the individuals to whom the information relates, we will promptly investigate and assess the suspected breach. If an "eligible data breach" is confirmed, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with our legal obligations, and work closely with affected client organisations to mitigate any potential harm.

10. Government and Sensitive Information Environments

Our deployment architecture supports environments assessed under the Australian Government Information Security Registered Assessors Program (IRAP) at the PROTECTED level, and the software can be deployed in approved government cloud environments where required.

11. Disclosure of Personal Information

We may disclose personal information:

• to service providers assisting in operating our systems (for hosting, security, and infrastructure)
• where required by law
• to comply with a court order, subpoena, or lawful regulatory request
• to prevent a serious threat to safety or life

While our primary servers are located in Australia, some of our third-party infrastructure providers may route encrypted diagnostic or technical support data overseas in exceptional circumstances to maintain system stability. We do not disclose personal information overseas in the ordinary course of business.

12. Access and Correction

You may request access to the personal information we hold about you. If information is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request correction. Requests can be made using the contact details below. We will respond within a reasonable time.

13. Data Retention

We retain personal information only for as long as reasonably necessary to:

• provide our services
• comply with legal obligations
• maintain security and audit records

Customers may request the deletion of account data where legally permissible. Backups may persist for a limited period (e.g., 30 days) for disaster recovery purposes before being securely destroyed.

14. Anonymity and Pseudonymity

Where lawful and practicable, users may interact with certain informational parts of our website without identifying themselves. However, our software services require account identification for security and audit purposes.

15. Cookies and Website Analytics

Our website may use essential cookies required for security, session management, and basic functionality. We do not use cookies to profile individuals or sell behavioural advertising data.

16. Complaints

If you believe we have breached the Australian Privacy Principles, you may contact us. We will investigate and respond within a reasonable time.

If you are not satisfied with our response, you may contact:

Office of the Australian Information Commissioner (OAIC)
www.oaic.gov.au

17. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available on our website.

18. Contact Us

Luris Pty Ltd
ABN: [Insert ABN]
Address: [Insert Physical/Postal Address]
Email: [Insert Privacy Contact Email]

For all privacy enquiries, access requests, or complaints, please contact us in writing.