LegalScout
Privacy Act compliance

Aligned to Australian privacy law.

LegalScout is built around the Privacy Act 1988 (Cth) and the Australian Privacy Principles — not retrofitted to them. Data stays in Australia, is never used to train models, and follows a defined lifecycle with permanent deletion.

Privacy Act 1988 (Cth)13 APPsNo model trainingDefined data lifecycle

Australian Privacy Principles mapping.

The key APPs relevant to a legal AI platform — and how LegalScout addresses each.

APP 1 — Open and transparent management

LegalScout publishes a clear Privacy Policy describing what data is collected, why, how it is stored, and how individuals can access or correct it.

APP 3 — Collection of solicited personal information

Only information necessary to deliver the service is collected. LegalScout does not collect personal information beyond what is needed for account management, billing, and service delivery.

APP 6 — Use or disclosure of personal information

Client data is used solely to deliver the LegalScout service. It is not disclosed to third parties for marketing, sold, or used to train AI models.

APP 8 — Cross-border disclosure

All data is stored and processed within Australia (AWS Sydney). LegalScout does not transfer personal information to overseas recipients.

APP 11 — Security of personal information

Data is protected with AES-256 encryption at rest, TLS 1.2+ in transit, MFA-enforced access, and role-based permissions limiting who can access which data.

APP 12 — Access to personal information

Individuals can request access to their personal information. LegalScout provides mechanisms for data export and account deletion upon request.

Data lifecycle

Data has a defined end.

Perpetual data retention is a liability, not a feature. LegalScout enforces a structured lifecycle with permanent deletion.

  1. 1

    Active

    Conversations and documents are accessible within the platform for 90 days from last activity.

  2. 2

    Archive

    After 90 days, data is moved to S3 archival storage — accessible for compliance and legal hold purposes.

  3. 3

    Deletion

    After a further 30 days in archive, data is permanently hard-deleted from all systems. No residual copies.

  4. 4

    Account closure

    On account closure, deletion is initiated immediately. S3 backups are purged within the stated retention window.

Ready to level the playing field?

See LegalScout on your own contracts in a 20-minute live walkthrough. No pressure. No procurement deck.

Get started

Australian owned · Hosted in AWS Sydney · 24/7 support