Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last updated: April 2026

1. Introduction and Scope

1.1 About Us

CoeusX Pty Ltd (ABN 19 689 184 361) ("we", "us", "our") operates the Lawg AI-powered tax research and legal information service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information ("Personal Data") when you access or use the Service.

1.2 Scope

This Policy applies to:

Our website at lawg.ai
The Lawg AI tax research and information service
The Lawg Chrome Extension
Our communications with you
Any other interactions with our business

This Policy does not apply to third-party websites or services linked from our Service.

1.3 Legal Framework

We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth). If you are located outside Australia, additional rights may apply (see Section 14).

1.4 Agreement

By using the Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide to Us

Account Information: Name, email address, and authentication credentials when you register
User Content: Queries, inputs, documents, and other data you submit to the Service
Feedback: Survey responses, support requests, and user feedback
Third-Party Integration Data: Data you authorise from connected services

2.2 Information We Generate and Collect Automatically

AI-Generated Content: Responses generated by the Service's artificial intelligence systems in response to your queries
Session Data: Session identifiers, timestamps, and interaction data
Technical Data: IP address, browser type, device information, operating system
Usage Data: Features used, pages viewed, time spent on the Service
Location Data: Approximate location derived from your IP address

2.3 Information We Receive from Other Sources

OAuth Providers: When you authenticate via Google or Microsoft, we receive your name, email, and profile picture
Authentication Provider (Clerk): Verification and session management data
Connected Services: Data from services you authorise

2.4 Chrome Extension Data

When using the Lawg Chrome Extension, we collect:

Selected Text: When you highlight text and use "Ask Lawg", the selected text is sent to our servers for analysis
Page Context: The URL and title of the page where you made a selection may be sent to provide relevant context
Local Storage: Authentication tokens are stored locally in Chrome's storage to maintain your session

We do NOT collect through the Extension:

Your browsing history
Activity tracking across websites
Any data for advertising purposes

3. How We Use Your Information

3.1 Providing the Service

We use your Personal Data and User Content to:

process queries and generate AI-Generated Content;
maintain chat history and session continuity; and
authenticate users and manage Accounts.

3.2 Improving the Service

Analysing usage patterns to improve functionality
Debugging technical issues
Developing new features based on user feedback

3.3 Safety and Security

We use your information to:

enforce our Terms of Service;
detect and prevent fraud, abuse, or unauthorised access; and
apply automated safeguards, including filtering of prohibited or non-compliant queries.

3.4 Communications

Responding to support requests
Sending service-related notifications
Marketing communications (with your consent)

3.5 Legal Compliance

Complying with applicable laws and regulations
Responding to legal requests and court orders
Protecting our legal rights

4. AI Features and Third-Party Data Processing

4.1 How We Use AI

The Service uses artificial intelligence to analyse User Content and generate AI-Generated Content for informational purposes only. This includes:

transforming queries into structured representations (embeddings);
retrieving relevant Australian legal and tax materials; and
generating natural language outputs.

AI-Generated Content may contain errors or inaccuracies and should not be relied upon as professional advice.

4.2 Third-Party Service Providers

We share data with trusted third-party providers to deliver the Service:

Provider	Purpose	Data Shared	Location
OpenAI	AI inference, embeddings	Queries, conversation context	United States
Pinecone	Vector database	Query embeddings	United States
Cohere	Search optimisation	Query text, document excerpts	United States/Canada
Clerk	Authentication	Name, email, OAuth data	United States
Supabase	Database hosting	Account data, chat history	Australia (Sydney)
Upstash	Response caching	Cached query-response pairs	Various

4.3 Data Sharing Principles

We share Personal Data only to the extent reasonably necessary to provide the Service.
We do not sell Personal Data.
We do not use User Content to train AI models without your consent.
All Third-Party Providers are contractually required to implement appropriate data protection measures.

5. Data Retention

5.1 Data Retention

Chat History is stored in our database and retained unless and until deleted by you.
You may delete individual sessions or your entire Account at any time.
Temporary processing data, such as intermediate query results, may be held in short-term cache and is automatically purged within 24 hours.
Following deletion of your Account, your Personal Data will be removed within 30 days, subject to any legal or operational retention requirements.
Anonymised usage data may be retained for service improvement and analytics.

5.2 Retention Exceptions

We may retain certain data where necessary to:

comply with legal obligations;
enforce our Terms of Service;
resolve disputes; or
satisfy legitimate business or operational requirements.

6. Automated Decision-Making

6.1 Content Filtering

We use automated systems (AI-based guardrails) to:

Filter queries requesting illegal advice
Redirect off-topic queries
Detect and prevent misuse

Filtered queries receive an automated response. No human review occurs unless you contact support.

6.2 No Significant Automated Decisions

The Service does not make decisions that have legal or similarly significant effects. It provides Legal Information only and does not provide legal, tax, or financial advice.

7. Disclosure of Personal Information

We may disclose Personal Data to:

Third-Party Providers: Solely for the purpose of delivering the Service
Professional Advisors: Including legal and accounting advisors
Regulatory Authorities: Where required by law
Business Transfers: In connection with mergers, acquisitions, or asset sales
With Your Consent: For any other purpose with your explicit consent

8. International Data Transfers

8.1 Primary Storage

Your account data and chat history are primarily stored in Australia (Sydney region).

8.2 Overseas Processing

Core user data, including Account information and Chat History, is stored exclusively in Australia. Personal Data is only transferred outside Australia to the extent necessary for AI inference and related processing, to the following jurisdictions:

United States: OpenAI, Pinecone, Clerk
United States/Canada: Cohere

8.3 Transfer Safeguards

Contractual data protection obligations
Selection of providers with recognised security practices
Industry-standard encryption in transit and at rest

9. Your Rights

9.1 Rights Under Australian Privacy Law

Access: Request a copy of your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion (subject to legal requirements)
Opt-out: Unsubscribe from marketing
Complaint: Lodge a complaint with us or OAIC

9.2 How to Exercise Your Rights

Email: privacy@coeusx.ai
Response time: Within 30 days
Verification: We may verify your identity

9.3 Chrome Extension Users

If you use the Lawg Chrome Extension, you can:

Sign out at any time to clear your authentication data
Uninstall the extension to remove all locally stored data
Contact us to request deletion of any data associated with your account

9.4 Complaints

If unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992

10. Security

10.1 Technical Measures

Industry-standard encryption in transit and at rest
Access controls and authentication
Automated prompt injection detection and content moderation screening on all user inputs
Periodic security reviews
Automated threat detection

10.2 Organisational Measures

We take reasonable steps to protect Personal Data, including maintaining internal data handling practices, incident response capabilities, and assessing the security posture of our Third-Party Providers.

10.3 Limitations

While we implement industry-standard security measures, no method of transmission or storage is completely secure. We do not guarantee absolute security of your Personal Data.

11. Cookies and Tracking Technologies

11.1 Types of Technologies

Authentication Cookies: Set and managed by our authentication provider, Clerk, to maintain your login session
Analytics Cookies: Set by Google Analytics and Microsoft Clarity to understand usage patterns and improve our services
Local Storage: Used to store your cookie consent preference and UI state; this data remains in your browser and is not transmitted to our servers

11.2 Analytics Services

We use the following analytics services to understand how visitors interact with our website:

Service	Purpose	Data Collected	Provider
Google Analytics 4	Website analytics	Page views, user interactions, traffic sources, device/browser info (anonymised IP)	Google LLC (United States)
Microsoft Clarity	User experience analysis	Session recordings, heatmaps, click patterns, scroll behavior	Microsoft Corporation (United States)

These services help us understand how users navigate our website, identify areas for improvement, and optimize the user experience. Data collected is used in aggregate form and is not used to personally identify individual visitors.

11.3 Your Choices

Cookie Consent: When you first visit our site, you can accept or decline non-essential cookies via our cookie banner
Browser Settings: Configure your browser to block or delete cookies
Opt-Out Tools: Use Google's opt-out browser add-on or Microsoft Clarity's opt-out feature
Disabling analytics cookies will not affect the core functionality of our website

11.4 Do Not Track

We do not currently respond to Do Not Track browser signals but may update this as standards develop. You can use our cookie consent mechanism to control tracking preferences.

12. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Policy from time to time. When we make material changes:

We will update the "Last updated" date
We will notify you via email or the Service for significant changes

Continued use after changes constitutes acceptance of the updated Policy.

14. Additional Disclosures for Specific Regions

14.1 European Economic Area, Switzerland, and United Kingdom

If you are located in these regions, you may have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR:

Legal Basis: We process data based on contract performance, legitimate interests, legal obligations, or consent
Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Supervisory Authority: Lodge a complaint with your local data protection authority

Where applicable, we rely on Standard Contractual Clauses or other approved transfer mechanisms.

14.2 New Zealand

If you are located in New Zealand, you have rights under the Privacy Act 2020 similar to those described in Section 9.

15. Contact Us

For privacy-related inquiries:

CoeusX Pty Ltd (ABN 19 689 184 361)

Privacy Officer

Email: privacy@coeusx.ai