Legal
Privacy Policy
Last updated: July 15, 2026 — Privacy Act 1988 (Cth) & APPs compliant
Preamble
This Privacy Policy describes how Captain.Legal collects, uses, discloses, retains and protects your personal information, in accordance with Australia's Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) set out in Schedule 1 to that Act. It explains the choices available to you regarding your personal information and how you may contact us.
1. Entity and Privacy contact
Captain Legal LLC, the publisher of the site, is the entity responsible for the personal information collected through this website. In accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, we have designated a privacy contact responsible for handling privacy enquiries and complaints and for ensuring our compliance with applicable privacy laws. For any question, to make a request, or to reach our privacy contact, please use our contact form.
2. Personal information we collect
“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable. In accordance with APP 3, we only collect the personal information reasonably necessary for the purposes described below:
- Identification data: email address, first name, last name
- Data entered in forms: information needed to generate a document (which may relate to third parties, under your responsibility)
- Order and billing data: documents purchased, amount, date, history
- Payment data: processed directly by PayPal and Stripe; we never access your full payment card details
- Technical and connection data: IP address, access logs, pages visited, session duration
3. How we collect and notify you (APP 3 & APP 5)
Under APP 3, we collect personal information only by lawful and fair means and, wherever practicable, directly from you. In accordance with APP 5, we take reasonable steps to notify you — or otherwise ensure you are aware — of the matters relating to our collection of your personal information, including the purposes of collection, at or before the time we collect it, or as soon as practicable afterwards.
Where we ask for your consent — for example to send marketing communications or to set non-essential cookies — that consent is voluntary and may be withdrawn at any time, subject to legal or contractual restrictions, by contacting us through our contact form.
4. Purposes of collection and use (APP 6)
In accordance with APP 6, we use and disclose your personal information only for the primary purpose for which it was collected, for a directly related secondary purpose you would reasonably expect, or where you have consented or the law otherwise permits:
- Processing and delivering your order, and sending your invoice
- Managing your account and the customer relationship
- Retaining invoices to meet our legal and tax obligations
- Security, fraud prevention and service improvement
- Marketing communications and non-essential cookies — with your consent, withdrawable at any time
5. Disclosure and service providers
Your personal information is never sold. It may be disclosed to service providers acting on our behalf and bound by confidentiality and data-protection obligations: PayPal and Stripe (payments), OVH SAS (hosting), an email delivery provider, technical and analytics providers. Personal information may also be disclosed where permitted or required under the Privacy Act 1988 (Cth) or any other applicable law, or at the request of a court, regulator or other competent authority.
6. Cross-border disclosure (APP 8)
Where we disclose personal information to an overseas recipient, we comply with APP 8: we take reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to that information, and we remain accountable for it. Hosting is carried out within the European Union by OVH SAS. Before disclosing personal information overseas, we assess the level of protection available in the recipient jurisdiction and put in place appropriate contractual or other safeguards.
7. Retention and destruction of personal information
In accordance with APP 11.2, we retain personal information only as long as necessary to fulfil the identified purposes or to meet legal requirements, after which we take reasonable steps to destroy or de-identify it:
- Account data: up to 3 years after the last activity
- Order and billing data: retained to meet legal and tax record-keeping obligations
- Data entered in forms: for the time of the service, unless linked to an order
- Marketing data: 3 years from the last contact
- Connection data: 12 months
After these periods, personal information is deleted or de-identified.
8. Security and notifiable data breaches
In accordance with APP 11, we take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure (HTTPS/TLS encryption, access control, secure hosting, PCI-DSS compliant payment providers), appropriate to the sensitivity of the information. In the event of an eligible data breach that is likely to result in serious harm, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth), notifying the Office of the Australian Information Commissioner (OAIC) and the affected individuals as soon as practicable.
9. Your rights: access and correction (APP 12 & APP 13)
Under APP 12 you have the right to request access to the personal information we hold about you, and under APP 13 you have the right to request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant or misleading. We will take reasonable steps to correct the information, or to associate a statement with it where we disagree that correction is required.
To exercise these rights, submit a request through our contact form. We will respond within a reasonable period. Access is generally provided at minimal or no cost; we will inform you in advance of any applicable charge, which will not be excessive.
10. Marketing and the Spam Act 2003 (Cth)
We send commercial electronic messages only in accordance with the Spam Act 2003 (Cth): with your express or inferred consent, clearly identifying us as the sender, and including a functional unsubscribe facility in every message. You may opt out of our marketing communications at any time through that unsubscribe facility or through our contact form, and we will action your request within the statutory period.
11. Cookies
Our site uses cookies whose nature, purpose and duration are detailed in our Cookie Policy. Australian law does not require GDPR-style prior opt-in for cookies; we nonetheless disclose our use of cookies transparently and let you manage non-essential cookies through your browser settings and our preference controls.
12. Children's information
The site is not intended for children. We do not knowingly collect the personal information of individuals under the age required to provide valid consent without the consent of a parent or guardian. Where consent is required from a young person, we rely on the consent of the person having parental responsibility.
13. Changes and complaints
This policy may be modified at any time; the date of the latest update is shown at the top of the document. For any question, to reach our privacy contact, or to make a complaint, please use our contact form. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC), the independent regulator responsible for privacy in Australia.