Privacy Policy
Lex Etheris (accessible at lexetheris.com.au) is a service operated by Lex Stratus Software Pty Ltd (ACN 633 861 275). In this Privacy Policy, "we", "us" and "our" refer to Lex Stratus Software Pty Ltd trading as Lex Etheris.
Lex Stratus Software Pty Ltd complies with the State and Commonwealth Privacy Laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("Privacy Law"). Lex Stratus Software Pty Ltd is committed to your privacy and to continuing to provide services in a confidential and safe manner.
This Privacy Policy summarises how Lex Stratus Software Pty Ltd handles your personal information.
By choosing to become a customer of Lex Stratus Software Pty Ltd, you can be assured that all personal and sensitive information you provide will be respected and kept secure in accordance with Privacy Law and this Privacy Policy. By engaging with Lex Stratus Software Pty Ltd you acknowledge your acceptance of this Privacy Policy.
Personal Information
Personal information is defined by the Privacy Act 1988 (Cth) as "information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not."
The information collected from clients is required in order to provide the personalised migration-related services and to improve our services at Lex Stratus Software Pty Ltd.
Generally, the only personal information Lex Stratus Software Pty Ltd collects about you is that which you choose to tell us, or which you authorise us to obtain.
The type of information we may collect includes your name, address, telephone number, billing information (if purchasing services) and demographic data (non-sensitive information only).
How Lex Stratus Software Pty Ltd Collects and Holds Your Personal Information
Where possible, Lex Stratus Software Pty Ltd will collect your personal information directly from you.
Personal and sensitive information may be collected from you when you provide it to us directly.
Lex Stratus Software Pty Ltd has established appropriate physical, electronic and managerial procedures to safeguard any information we collect. This helps prevent unauthorised access, maintains data accuracy and ensures that the information is used correctly.
All data transferred to and from Lex Stratus Software Pty Ltd servers is encrypted, and a firewall is in place to prevent intrusion. All data stored within our systems is designed to be accessed only by authorised staff members and the hosting facility.
Automatic Information
Lex Stratus Software Pty Ltd will receive and store certain types of information whenever you interact with us. For example, like many websites, we use "cookies" and obtain certain types of information when your web browser accesses Lex Stratus Software Pty Ltd.
Cookies
Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your web browser to enable our systems to recognise your browser and to provide information such as the country and region you are accessing our website from, the duration of your visit, etc.
Purpose for Collecting, Holding, Using and Disclosing Personal Information
Lex Stratus Software Pty Ltd collects personal information that we consider relevant, and which is outlined in your written authority, for the purpose of providing our services. Sensitive information, in most cases, can only be disclosed with your written consent. Personal information will not be used or disclosed for direct marketing unless you have given Lex Stratus Software Pty Ltd consent to do so.
Some of the ways we use personal information include to:
- personalise your service
- communicate with you and others as part of our core business
- send you information regarding changes to our policies, other terms and conditions, online services and other administrative issues
- enable us to provide a product or service
- allow us to track your service history
- prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks
- verify information you have given to us
- carry out market research and analysis, including satisfaction surveys
- resolve complaints, and handle requests for data access or correction
- comply with applicable laws and regulatory obligations (including laws outside your country of residence)
- comply with legal process and respond to requests from public and governmental authorities (including outside your country of residence)
- establish and defend legal rights, protect our operations, rights or property, you or others, and pursue available remedies or limit our damages
Disclosure of Personal Information
Lex Stratus Software Pty Ltd may disclose your personal or sensitive information (as defined in the Privacy Act):
- to regulatory authorities;
- where the law requires us to do so; and
- where you consent for us to do so.
Google User Data and Gmail Integration
Lex Stratus Software Pty Ltd offers an optional email feature that allows a lawyer using our platform to connect their own Google account (a Google Workspace account or a personal Gmail account) so that client correspondence can be read and managed directly within the relevant matter. Connecting a Google account is entirely optional, requires the lawyer's explicit consent through Google's secure OAuth sign-in, and can be revoked at any time. This section explains how we access, use, store and protect Google user data, and applies in addition to the rest of this Privacy Policy.
Google Account Access We Request
When a lawyer chooses to connect a Google account, we request only the access strictly necessary to provide the email feature. Specifically, we request the following OAuth scopes:
- https://www.googleapis.com/auth/gmail.modify — to read the lawyer's messages (including subject, sender, snippet, body content and attachments) and to update the state of those messages, such as marking them read or unread, starring them, flagging them as important, archiving them, marking them as spam, and moving them to or restoring them from the Trash;
- openid and https://www.googleapis.com/auth/userinfo.email — to identify the email address of the connected Google account so that the lawyer can distinguish between multiple connected mailboxes.
We do not request any broader access than this. We never receive or store your Google account password, as authentication is handled entirely by Google.
How We Use Google User Data
Google user data accessed through these scopes is used solely to provide and operate the in-app email feature for the authenticated lawyer who connected the account. We use this data only to:
- retrieve and display the lawyer's email messages, message bodies and attachments within our platform;
- mark messages as read or unread;
- add or remove stars and "important" markers;
- archive messages (remove them from the Inbox) and mark messages as spam;
- move messages to the Trash and restore messages from the Trash.
We do not use Google user data for any other purpose.
Limited Use Disclosure
Lex Stratus Software Pty Ltd's use and transfer of information received from Google APIs to any other application will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular:
- we only use Google user data to provide and improve the user-facing email features described above;
- we do not transfer or sell Google user data to third parties, except as necessary to provide or improve these features, to comply with applicable law, or as part of a merger, acquisition or sale of assets with notice to users;
- we do not use Google user data for serving advertisements;
- we do not allow humans to read Google user data unless we first obtain your affirmative agreement to view specific messages, it is necessary for security purposes (such as investigating abuse), it is necessary to comply with applicable law, or the data has been aggregated and anonymised; and
- we do not use Google user data to develop, improve or train generalised or non-personalised artificial intelligence or machine learning models.
How We Store and Protect Google User Data
When you connect a Google account, Google issues us a long-lived authorisation credential (a "refresh token"). This token is encrypted using a managed key service and stored securely in our database; it is never exposed to the browser or to any client-side code. Email content and attachments are retrieved from Google on demand to be displayed to the lawyer and are not retained beyond what is necessary to provide the feature. All data transmitted between your browser, our servers and Google is encrypted in transit.
What We Do Not Do
To keep our access to the minimum required, the email feature deliberately does not include certain capabilities. We do not:
- send, compose, draft or reply to email on your behalf;
- permanently delete email — messages can only be moved to the Trash, from which they can be restored, and they continue to follow Gmail's normal Trash retention;
- change your Gmail settings, filters or forwarding; or
- access any Google data outside the scopes listed above.
Revoking Access and Deleting Google User Data
You may disconnect a connected Google account at any time from within our platform. When you do, we attempt to revoke the authorisation with Google and delete the stored credential for that account from our systems. You may also review or revoke our access directly from your Google Account at myaccount.google.com/permissions. Once access is revoked, we can no longer retrieve any data from the affected Google account.
Lex Stratus Forms Manager Browser Extension
Lex Stratus Software Pty Ltd offers an optional Google Chrome browser extension, "Lex Stratus Forms Manager", that helps a lawyer or registered migration agent using our platform auto-fill Australian Department of Home Affairs online forms (ImmiAccount, at online.immi.gov.au) and run VEVO visa-entitlement checks, using client data already held in their Lex Stratus account. Installing and using the extension is entirely optional. This section explains how the extension accesses, uses, stores and protects data, and applies in addition to the rest of this Privacy Policy.
Data the Extension Accesses
To perform its function, and only when you choose to start a form-fill or a VEVO check, the extension accesses:
- Authentication data — the secure session cookie that lexetheris.com.au sets when you log in, which the extension exchanges with our backend for a short-lived access token;
- client application data from your Lex Stratus account — retrieved from our backend on your instruction. This may include personal and sensitive information about your clients, such as names, dates of birth, passport and travel-document numbers, country of birth and country of passport, health-related declarations that some visa applications require (for example whether the applicant has a particular medical condition), and other visa-application field values; and
- the content of the ImmiAccount / VEVO web pages you are working on, so the extension can locate the correct fields and enter the data.
The extension only operates on lexetheris.com.au and online.immi.gov.au. It does not read your browsing history, does not track your activity, and does not access any other website.
How the Extension Uses Data
The data accessed by the extension is used solely to authenticate you to our backend, to retrieve the specific forms and client data you choose to work on, and to enter that data into the corresponding ImmiAccount form fields and VEVO enquiry fields in your browser. The extension acts only on your explicit action.
How the Extension Stores and Protects Data
Only the short-lived access token and the auto-fill progress (which field is next and which fields are completed) are stored locally in your own browser profile, so that you stay signed in and a fill can resume across the page navigations the forms trigger. Client personal data is not retained by the extension — it is held in memory only for the duration of an active session and is discarded when the session ends or the extension window is closed. All communication is encrypted in transit (HTTPS). The extension contains no advertising, analytics or tracking, and we do not sell or rent this data.
Who the Data Is Shared With
The extension transmits data only between your browser, our Lex Stratus backend (lexetheris.com.au), and the Australian Government system you are submitting to (online.immi.gov.au). No data is sent to the extension's developer or to any other third party.
Your Control
You can stop the extension from accessing your data at any time by logging out from within the extension — which clears the data it has stored locally — or by removing the extension from your browser. Once you do, the extension can no longer access your Lex Stratus account or any client data.
Credit Card Details
Lex Stratus Software Pty Ltd does not store credit-card numbers in its systems. Your credit-card details will be passed to the payment gateway as soon as they have been collected.
External Links
Lex Stratus Software Pty Ltd's website may contain links to other websites. When you access these links we recommend that you read the website owner's privacy statement before disclosing your personal information. Lex Stratus Software Pty Ltd does not accept responsibility for inappropriate use, collection, storage or disclosure of your personal information collected outside our website.
Access to Personal Information
If you wish to exercise your rights of access, or if you have any questions or believe that any personal information held by Lex Stratus Software Pty Ltd is incorrect or incomplete, you can write to our Privacy Officer at the address below.
Lex Stratus Software Pty Ltd will take all reasonable steps to correct the information or, if necessary, discuss alternative actions with you. Personal information will only be released directly to you unless we are provided with a written, signed authority to provide it to a third party.
Updating Your Personal Information
You may ask Lex Stratus Software Pty Ltd to update, correct or delete the personal information we hold about you at any time by contacting the Privacy Officer as specified below. We will take reasonable steps to verify your identity before granting access or making any corrections or deletions.
Lex Stratus Software Pty Ltd also has obligations to take reasonable steps to correct personal information we hold when satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purpose for which it is held.
Contacting Lex Stratus Software Pty Ltd Regarding Privacy
If you would like to make further enquiries, complain about a breach of the Australian Privacy Principles, or complain about a registered Australian Privacy Principles code (if any) that may relate to Lex Stratus Software Pty Ltd's business, please contact our Privacy Officer at:
Privacy OfficerLex Stratus Software Pty Ltd
Parcel Locker 10126 26655
37-39 Vesper Drive
NARRE WARREN VIC 3805
AUSTRALIA
Lex Stratus Software Pty Ltd takes all complaints regarding privacy seriously and will respond as soon as possible within a reasonable timeframe.
Policy Changes
Lex Stratus Software Pty Ltd may revise this Privacy Policy from time to time by updating this page. The revised Privacy Policy will take effect when it is posted on our website. We suggest you review this Privacy Policy regularly.