LodgeyLodgey
Last updated · May 2026

Privacy policy

How Lodgey collects, holds, uses, and discloses personal information, under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

01Introduction

Lodgey Pty Ltd (ABN 51 698 017 597) (“Lodgey”, “we”, “us”, “our”) is bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy describes how we collect, hold, use, and disclose personal information, and how individuals can access or correct their personal information or make a complaint.

This policy applies to two categories of personal information:

  • Personal information collected from agency users of Lodgey (our customers).
  • Personal information uploaded by, or relating to, an agency’s clients via Lodgey’s services.

For the second category, the agency that engaged Lodgey is the primary entity responsible for that personal information. Lodgey acts on the agency’s instructions to provide the service. Data subjects in this category should direct access, correction, or deletion requests to the agency in the first instance (see Access & correction below).

02Information we collect and how we collect it

We collect the following kinds of personal information, by the following means:

  • Account information from agency users (name, email, business name, ABN, billing contact details), collected when an agency signs up or updates account settings.
  • Client documents uploaded by clients of agencies through the Lodgey client portal (identity documents, passports, visas, payslips, financial statements, certificates, contracts, and other documents requested by the agency’s checklist).
  • Data extracted from client documents by our AI processing (structured field values such as names, dates of birth, document numbers, addresses).
  • Communications between users and Lodgey (support emails, in-app messages).
  • Usage data and system logs (page views, action audit records, IP addresses, browser information), used to operate and secure the service.

We do not collect personal information through third-party advertising trackers or cross-site behavioural tracking.

03Sensitive information

Some categories of information handled on behalf of agencies are “sensitive information” under the Privacy Act, including health information disclosed in visa medical declarations, racial or ethnic origin reflected in identity documents, and criminal record information attached to character requirements. We collect sensitive information only where it is necessary to provide the service the agency has engaged us for, and we apply the same security controls described below to all sensitive information.

04How we use personal information

We use personal information for the following purposes:

  • To provide and operate the Lodgey service, including document collection, AI extraction, review, and form-filling.
  • To communicate with agency users about their account, billing, service updates, and security notices.
  • To meet our legal, regulatory, and tax obligations.
  • To investigate and respond to security incidents, abuse, or suspected misuse of the service.

We do not use client document data, or data extracted from client documents, to train AI models, our own or any third party’s. We do not sell, rent, or trade personal information.

05Data storage & security

All client documents and extracted data are stored in Australian data centres (AWS Sydney, ap-southeast-2). We apply AES-256 encryption at rest with per-agency keys, TLS 1.3 in transit, role-based access controls, multi-factor authentication, and a tamper-evident audit trail of every action. Full technical detail is on our Security page.

06Disclosure of personal information

We disclose personal information only as follows:

  • To service providers we engage to deliver the Lodgey service (listed below). Each is bound by written contract to handle personal information consistently with this policy and the Privacy Act.
  • To law enforcement, regulators, or courts where required by Australian law.
  • In connection with a corporate transaction (merger, acquisition, sale of assets), subject to the same protections set out in this policy.

We do not sell, rent, or trade personal information.

07Service providers and overseas disclosure

Lodgey engages the following service providers:

  • Amazon Web Services (Sydney, ap-southeast-2), for hosting, database, object storage, key management, and AI inference.
  • Airwallex, for payment processing of subscription billing.

All client documents, extracted data, audit logs, and other operational data are stored and processed exclusively in Australia.

08Access & correction

If you are an agency user of Lodgey, you can access and correct your account information in Settings, or email privacy@lodgey.com.au.

If you are a client of an agency that uses Lodgey to handle your documents, please contact that agency directly. The agency holds the relationship with you, can verify your identity, and uses Lodgey’s in-app tools to provide a copy of your data or make corrections on your behalf.

09Retention & deletion

Personal information is retained while the agency’s account is active. After cancellation, data is retained for 30 days before permanent deletion. An agency may request deletion of specific client data at any time. Deletion is immediate at the encryption layer, the per-applicant data key is destroyed, so any residual ciphertext in encrypted backups is permanently unreadable.

10Complaints

If you believe Lodgey has breached the Australian Privacy Principles or otherwise mishandled personal information, please contact us at privacy@lodgey.com.au. We will:

  • Acknowledge your complaint within 7 business days.
  • Investigate the complaint and provide a substantive response within 30 days.

If you are not satisfied with our response, or if Lodgey does not respond within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.

11Changes to this policy

We review this Privacy Policy at least annually and whenever our practices change. Material changes will be notified to agency account holders by in-app notice and email at least 14 days before they take effect. The date at the top of this policy reflects the most recent revision.

12Contact

Questions about this Privacy Policy or about how Lodgey handles personal information can be directed to privacy@lodgey.com.au.

Lodgey · privacy@lodgey.com.au