PRIVACY
POLICY

During beta, features may change, data handling processes may be updated, and security measures are being strengthened. We recommend not uploading highly sensitive documents (e.g. full bank statements with account numbers, TFN declarations) until we reach general availability. We will clearly communicate when we consider the platform production-ready.

We may collect the following categories of personal information:

Account information

• Name, email address, login identifiers, and authentication metadata
• Password hashes (we never store plaintext passwords)

Financial & property data you provide

• Property details, rental income, expenses, loan information, and depreciation schedules
• Uploaded documents: receipts, settlement statements, property management reports, bank CSVs
• Tax return preparation data and evidence packs

AI conversation data

• Chat messages, prompts, and instructions you send to the AI assistant
• AI-generated responses, reports, spreadsheets, and calculations
• Tool invocations and sandbox file outputs produced during AI sessions

Technical & usage data

• Device type, browser, operating system, and IP address
• Page views, feature usage patterns, and interaction logs
• Error logs and performance metrics

Communications

• Feedback submissions, support messages, and bug reports

We use personal information to:

• Operate and maintain the platform, including AI assistant functionality
• Generate tax reports, calculations, evidence packs, and projections via AI
• Process your data through third-party AI models to provide responses
• Improve product quality, fix bugs, and develop new features — especially during beta
• Operate security, fraud prevention, and troubleshooting workflows
• Communicate service updates, support responses, and account notices
• Comply with legal obligations

When you interact with the Lodgey AI assistant, your messages, uploaded document contents, and contextual session data are transmitted to third-party AI model providers for processing. Provider and model details are published in our Model Spec.

What is sent to AI providers

• Your chat messages and instructions
• Extracted text from documents you upload (receipts, statements, etc.)
• Session context including property details, financial data, and evidence status
• System prompts that instruct the AI on how to assist you

What AI providers do with your data

• Our AI provider processes your data to generate responses and does not use API inputs to train models (per their commercial API terms)
• Data may be temporarily retained by the provider for abuse monitoring and safety purposes
• We select providers whose terms prohibit using customer data for model training without explicit consent

Persistent memory across sessions

Lodgey can remember useful context across chat sessions — for example, your prior lodgement status or which receipts you have already supplied. Three things to know:

• The AI provider stores no memory data. Persisted memory lives only in our Neon database (Sydney AU region), scoped to your account.
• Australian PII is redacted before storage. Patterns matching TFNs, ABNs and bank account details are stripped automatically before any value is written.
• You control deletion. Memory rows expire by default after 90 days. You can view what Lodgey has stored about you and delete any item or clear everything from the in-app memory page. Deletion is immediate.

Web search restricted to authoritative sources

Lodgey's web search is restricted to a fixed list of Australian government and tax-authority sources — including the ATO, state and territory revenue offices, FIRB, Treasury, AustLII, and the federal register of legislation. Queries that fall outside that list return no results, and Lodgey will tell you the topic is outside its authoritative sources rather than guess from general web content.

Your API key (BYOK)

If you provide your own API key, your data is sent directly under your own agreement with the model provider. Your key is encrypted at rest and never logged in plaintext.

AI transparency & your rights (OAIC Oct 2024 guidance)

• You are told when you interact with AI. Every chat session opens with a notice that Lodgey uses generative AI to respond. Full model details are published in our Model Spec.
• No human in the loop. Lodgey's replies reach you without any staff reviewing them first. Human review happens post-hoc — only when you flag an output via the in-app dialog.
• How Lodgey produces replies. Lodgey uses generative AI models via third-party API providers, augmented with Lodgey-defined tools that read/write your project data and opt-in Gmail/Drive/Xero integrations. All conversation history is stored exclusively in our database — no conversation data is stored on the AI provider's infrastructure. Domain knowledge files tagged by financial year are loaded into the model's context when relevant. See our Model Spec for architecture details.
• No use for training. We do not permit your personal information, chat content, or uploaded documents to be used to train any AI model.
• Accuracy obligations (APP 10). Because AI models can produce inaccurate statements, you should always verify tax figures against ATO or Revenue Office sources before acting on them.
• Sensitive data handling. Before any message is sent to the AI model provider, a server-side redactor masks Australian TFN (mod-11), ABN (mod-89), Medicare (mod-10), BSB + bank account (AU prefix pattern), and credit card (Luhn). Your own saved copy keeps the original text.

We may share personal information with service providers that help us operate the platform:

• AI model providers — third-party generative AI via commercial API (see Model Spec for provider and model details)
• Hosting & edge compute — Vercel (US)
• Database — Neon Postgres (Sydney AU region, ap-southeast-2, AWS)
• Authentication — Neon Auth
• AI observability — Langfuse (EU region, Frankfurt — session traces for debugging and quality monitoring; AI-powered analytics may be processed by AWS Bedrock within the EU data region; your data is not used for model training; GDPR, SOC 2, ISO 27001 compliant)
• Product analytics — PostHog (cookie-consent gated); Vercel Analytics (privacy-focused, no cookies)
• Integration connectors — Composio (Gmail, Drive, Sheets, Docs, Xero — each opt-in, user-granted scopes)

We do not sell your personal information. We do not share your financial data with advertisers or data brokers.

Under Australian Privacy Principle 8 (APP 8), we must tell you where your data goes and what protections apply.

Overseas recipients

• AI model provider — United States. Processes chat messages, uploaded document content, and session context to generate AI responses via commercial API (no server-side session storage on the provider's infrastructure; no model training on API inputs; retention limited to abuse-monitoring purposes). Provider and model details are published in our Model Spec.
• Vercel Inc. — United States. Hosting, edge compute, analytics.
• Neon Inc. — Sydney, Australia (ap-southeast-2, AWS). Managed Postgres database hosting. Data resides in Australian jurisdiction.
• Langfuse GmbH — European Union (Frankfurt). AI observability and session tracing for debugging and quality monitoring. AI-powered analytics may be processed by AWS Bedrock within the EU data region. Your data is not used for model training. GDPR, SOC 2, and ISO 27001 compliant.
• PostHog Inc. — United States / EU. Product analytics, cookie-consent gated. Only active after you accept analytics cookies.
• Composio — United States. Only if you explicitly connect Gmail, Drive, Sheets, Docs, or Xero.

How we meet APP 8

We rely on a combination of (a) contractual protections equivalent to the APPs with each recipient, and (b) your informed consent under APP 8.2(b) when you sign up. You acknowledge and consent to overseas data processing at account creation, with full details of each recipient listed above.

Under s 16C of the Privacy Act, we remain accountable for any act or practice of our overseas recipients that would breach the APPs if done by us — except where you have been expressly informed and have consented under APP 8.2(b). The sign-up consent flow makes that disclosure explicit.

If you do not consent

You can use the website's static calculators and educational pages without overseas AI processing. The AI chat and document-processing features cannot function without sending data to our AI provider.

Following the Office of the Australian Information Commissioner's Guidance on privacy and the use of commercially available AI products (October 2024), we maintain a Privacy Impact Assessment that covers our use of third-party AI APIs and is refreshed annually or when we materially change how personal information flows through the service.

You can download the public summary PIA (PDF) via lodgey.io/request-pia, or email hello@lodgey.io.

The TPB's draft guidance TPB(I) D62/2026 (March 2026) sets expectations for how tax practitioners use AI tools. While this guidance primarily binds registered practitioners — not software providers — Lodgey's consent-based model aligns with the TPB's expectations:

• Explicit opt-in before any data is shared with AI providers (APP 8.2(b) consent at signup)
• Per-session permissions for external integrations (Gmail, Drive, Xero)
• Server-side PII redaction before overseas transmission
• Clear disclosure that outputs are general information, not professional advice
• Full audit trail of AI interactions available for regulatory inquiry

If you are a registered tax practitioner using Lodgey on behalf of clients, you remain responsible for reviewing all AI outputs and obtaining client consent before inputting their information, consistent with Code items 9 and 13 of the Code of Professional Conduct.

We implement reasonable technical and organisational safeguards:

• Encryption in transit (TLS) and at rest for sensitive data
• API keys encrypted using server-side encryption
• Authentication via secure token-based sessions
• Role-based access controls and data isolation per user

Notifiable Data Breaches scheme

If a data breach occurs that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) as soon as practicable and within 30 days of becoming aware, consistent with Part IIIC of the Privacy Act 1988 (Notifiable Data Breaches scheme).

• Account data — retained while your account is active
• Chat & AI session data — retained for the duration of your project; you may delete projects at any time
• Uploaded documents — retained until you delete them or your account
• Audit logs — retained for up to 12 months for security and compliance

You can request deletion of all your data via account settings or by emailing us. Deletion requests are honoured subject to legal retention obligations.

We do not use your personal data or financial information to train AI models. Our commercial API agreement with our AI model provider prohibits the use of API inputs for model training.

We may use anonymised, aggregated usage patterns (e.g. which features are most used) to improve the product. This data cannot be traced back to individual users.

• Authentication token — a secure cookie used to maintain your session
• Theme preference — stored in localStorage
• Vercel Analytics — privacy-focused, does not use cookies or track personal identifiers

We do not use third-party advertising cookies or trackers.

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your data (subject to legal obligations)
• Withdraw consent for optional data processing (e.g. email connectors)
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy

To exercise any of these rights, use the Feedbackform inside the app (profile menu → Feedback) or the account deletion feature in Settings.

Complaints & external review

If you are not satisfied with how we have handled your personal information, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au/privacy/privacy-complaints. Before doing so, please give us 30 days to respond by emailing hello@lodgey.io.

Lodgey is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children.

We may update this policy from time to time, especially during beta. Material changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.

Privacy questions, data-access requests, or complaints? Email us at hello@lodgey.io. By using Lodgey, you also agree to our Terms and Conditions.