Compliant. Secure. Off your list.

Lodgey publishes a privacy policy that sets out how personal information is collected, used, stored, and disclosed. See the privacy page. The policy is reviewed whenever practices change.

Lodgey processes identity documents for applications to government bodies that require verified identity. Anonymity and pseudonymity are not practicable for the core service, so the lawful-and-practicable exemption applies.

Lodgey only collects information the agent has asked the client to upload via their checklist. Nothing is collected passively.

If a client uploads a document not requested by the agent's checklist, the agent can delete it directly in-app. Lodgey does not retain unsolicited material as part of the case record.

Clients see, on every upload, what's being collected, by whom, and the purpose. Collection notices are part of the upload flow.

Client information is used only to deliver the service the agent has engaged Lodgey for, extraction, review, and form-fill against the agent's checklist. Lodgey does not sell, rent, or share client data, and never uses it to train AI models.

Lodgey does not market to the clients of agencies. Product communications go only to agency account holders, who can unsubscribe at any time.

No cross-border transfer. Data is stored and processed exclusively in AWS Sydney (ap-southeast-2). Lodgey will not send client data offshore.

Lodgey handles documents containing government identifiers (passport, visa, Medicare numbers) but does not use them as the internal identifier for any client, application, or record. Lodgey's primary keys are UUIDs.

Every AI-extracted field is reviewable side-by-side with the source document. If a field reads wrong or confidence is low, the agent rejects the document and the client re-uploads a clearer copy; extraction re-runs against the new file. Nothing is submitted until the agent has approved each document.

AES-256 at rest with per-agency keys, TLS 1.3 in transit, MFA available for every user, role-based permissions, and a tamper-evident audit trail of every action.

Agents manage their clients' data directly in the workspace and can export a full copy of any client's record in one click. Data subjects requesting access should contact the agency that engaged them.

If extracted data is wrong, the agent rejects the document and the client re-uploads a corrected version; the field set re-derives from the new file. Data subjects requesting correction or deletion contact the agency directly, the agency makes the change in Lodgey. Deletion is immediate at the encryption layer, the per-applicant key is destroyed, so any residual ciphertext in encrypted backups is permanently unreadable.