CoeusX
CoeusX
CoeusX
CoeusX
open menu
Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your information.
Last updated: February 2026

1. Introduction and Scope

1.1 About Us

CoeusX Pty Ltd (ABN 19 689 184 361) ("we", "us", "our") operates the Lawg AI legal information service ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information ("Personal Information").

1.2 Scope

This Policy applies to:

  • Our website at lawg.ai
  • The Lawg AI legal information service
  • The Lawg Chrome Extension
  • Our communications with you
  • Any other interactions with our business

This Policy does not apply to third-party websites or services linked from our Service.

1.3 Legal Framework

We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth). If you are located outside Australia, additional rights may apply (see Section 14).

1.4 Agreement

By using the Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: Name, email address, and authentication credentials when you register
  • Chat Data: Queries, questions, and context you submit to Lawg
  • Feedback: Information from surveys, support requests, or feedback forms
  • Third-Party Integration Data: Data you authorize from connected services

2.2 Information We Generate and Collect Automatically

  • AI-Generated Content: Responses produced by our AI systems in response to your queries
  • Session Data: Session identifiers, message timestamps, interaction patterns
  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Features used, pages viewed, time spent on the Service
  • Location Data: Approximate location derived from your IP address

2.3 Information We Receive from Other Sources

  • OAuth Providers: When you authenticate via Google or Microsoft, we receive your name, email, and profile picture
  • Authentication Provider (Clerk): Verification and session management data
  • Connected Services: Data from services you authorize

2.4 Chrome Extension Data

When using the Lawg Chrome Extension, we collect:

  • Selected Text: When you highlight text and use "Ask Lawg", the selected text is sent to our servers for analysis
  • Page Context: The URL and title of the page where you made a selection may be sent to provide relevant context
  • Local Storage: Authentication tokens are stored locally in Chrome's storage to maintain your session

We do NOT collect through the Extension:

  • Your browsing history
  • Activity tracking across websites
  • Any data for advertising purposes

3. How We Use Your Information

3.1 Providing the Service

  • Processing your queries and generating responses
  • Maintaining chat history and session continuity
  • Authenticating your identity and managing your account

3.2 Improving the Service

  • Analyzing usage patterns to improve functionality
  • Debugging technical issues
  • Developing new features based on user feedback

3.3 Safety and Security

  • Filtering harmful or off-topic queries
  • Detecting and preventing fraud, abuse, or unauthorized access
  • Enforcing our Terms of Service

3.4 Communications

  • Responding to support requests
  • Sending service-related notifications
  • Marketing communications (with your consent)

3.5 Legal Compliance

  • Complying with applicable laws and regulations
  • Responding to legal requests and court orders
  • Protecting our legal rights

4. AI Features and Third-Party Data Processing

4.1 How We Use AI

Our Service uses artificial intelligence to analyze your queries and generate informational responses about Australian law. This involves:

  • Converting queries into mathematical representations (embeddings)
  • Searching our legal document database
  • Generating natural language responses
  • Caching responses temporarily for performance

4.2 Third-Party Service Providers

We share data with trusted third-party providers to deliver the Service:

ProviderPurposeData SharedLocation
OpenAIAI inference, embeddingsQueries, conversation contextUnited States
PineconeVector databaseQuery embeddingsUnited States
CohereSearch optimizationQuery text, document excerptsUnited States/Canada
ClerkAuthenticationName, email, OAuth dataUnited States
SupabaseDatabase hostingAccount data, chat historyAustralia (Sydney)
UpstashResponse cachingCached query-response pairsVarious

4.3 Data Sharing Principles

  • We share only minimum necessary data
  • We do not sell your personal information
  • We do not use your conversations to train AI without consent
  • Providers are contractually bound to protect your data

5. Data Retention

5.1 Retention Schedule

Data CategoryRetention PeriodBasis
Account InformationUntil deletion + 30 daysAccount recovery grace period
Chat HistoryIndefinitely unless deletedUser preference, service continuity
Cached AI Responses15 minutesPerformance optimization
Authentication Logs90 daysSecurity, fraud prevention
Support Tickets2 years after resolutionService quality, disputes
Error Logs30 daysTechnical debugging
Anonymized AnalyticsIndefinitelyService improvement
Backup Data30 days after primary deletionDisaster recovery
Chrome Extension QueriesProcessed in real-time, not storedStateless processing
Extension Auth TokensUntil sign-out or uninstallStored locally in browser

5.2 Retention Exceptions

We may retain data longer when:

  • Required by Australian law or regulation
  • Necessary to resolve disputes or enforce our Terms
  • Required for legitimate business purposes
  • Subject to legal hold or investigation

6. Automated Decision-Making

6.1 Content Filtering

We use automated systems (AI-based guardrails) to:

  • Filter queries requesting illegal advice
  • Redirect off-topic queries
  • Detect and prevent misuse

Filtered queries receive an automated response. No human review occurs unless you contact support.

6.2 No Significant Automated Decisions

We do not use automated decision-making for decisions with legal or similarly significant effects. Lawg provides information only.

7. Disclosure of Personal Information

We may disclose your information to:

  • Service Providers: As described in Section 4
  • Professional Advisors: Lawyers, accountants, auditors as needed
  • Law Enforcement: When required by law or court order
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • With Your Consent: For any other purpose with your explicit consent

8. International Data Transfers

8.1 Primary Storage

Your account data and chat history are primarily stored in Australia (Sydney region).

8.2 Overseas Processing

Some providers process data outside Australia:

  • United States: OpenAI, Pinecone, Clerk
  • United States/Canada: Cohere

8.3 Transfer Safeguards

  • Contractual data protection obligations
  • Providers with security certifications (SOC 2, ISO 27001)
  • Encryption in transit and at rest

9. Your Rights

9.1 Rights Under Australian Privacy Law

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion (subject to legal requirements)
  • Opt-out: Unsubscribe from marketing
  • Complaint: Lodge a complaint with us or OAIC

9.2 How to Exercise Your Rights

  • Email: privacy@coeusx.ai
  • Response time: Within 30 days
  • Verification: We may verify your identity

9.3 Chrome Extension Users

If you use the Lawg Chrome Extension, you can:

  • Sign out at any time to clear your authentication data
  • Uninstall the extension to remove all locally stored data
  • Contact us to request deletion of any data associated with your account

9.4 Complaints

If unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992

10. Security

10.1 Technical Measures

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and authentication
  • Regular security assessments
  • Automated threat detection

10.2 Organizational Measures

  • Written data protection policies
  • Employee training on data protection
  • Incident response procedures
  • Vendor security assessments

10.3 Limitations

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Cookies and Tracking Technologies

11.1 Types of Technologies

  • Session Cookies: Maintain login and preferences (expire on browser close)
  • Persistent Cookies: Remember preferences and support security
  • Analytics Cookies: Understand usage patterns and improve our services

11.2 Analytics Services

We use the following analytics services to understand how visitors interact with our website:

ServicePurposeData CollectedProvider
Google Analytics 4Website analyticsPage views, user interactions, traffic sources, device/browser info (anonymized IP)Google LLC (United States)
Microsoft ClarityUser experience analysisSession recordings, heatmaps, click patterns, scroll behaviorMicrosoft Corporation (United States)

These services help us understand how users navigate our website, identify areas for improvement, and optimize the user experience. Data collected is used in aggregate form and is not used to personally identify individual visitors.

11.3 Your Choices

  • Cookie Consent: When you first visit our site, you can accept or decline non-essential cookies via our cookie banner
  • Browser Settings: Configure your browser to block or delete cookies
  • Opt-Out Tools: Use Google's opt-out browser add-on or Microsoft Clarity's opt-out feature
  • Disabling analytics cookies will not affect the core functionality of our website

11.4 Do Not Track

We do not currently respond to Do Not Track browser signals but may update this as standards develop. You can use our cookie consent mechanism to control tracking preferences.

12. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Policy from time to time. When we make material changes:

  • We will update the "Last updated" date
  • We will notify you via email or the Service for significant changes

Continued use after changes constitutes acceptance of the updated Policy.

14. Additional Disclosures for Specific Regions

14.1 European Economic Area, Switzerland, and United Kingdom

If you are located in these regions, you may have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR:

  • Legal Basis: We process data based on contract performance, legitimate interests, legal obligations, or consent
  • Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Supervisory Authority: Lodge a complaint with your local data protection authority

For international transfers, we rely on Standard Contractual Clauses or other approved mechanisms.

14.2 New Zealand

If you are located in New Zealand, you have rights under the Privacy Act 2020 similar to those described in Section 9.

15. Contact Us

For privacy-related inquiries:

CoeusX Pty Ltd (ABN 19 689 184 361)

Privacy Officer

Email: privacy@coeusx.ai

Address: 300 Barangaroo Ave, Sydney, NSW 2000, Australia