Privacy Policy

AusWitness provides on-demand online witnessing of statutory declarations, affidavits, and certain contracts and deeds by an Australian lawyer, conducted over a live audio-visual link ("AVL"). To deliver this service safely and lawfully, we necessarily collect sensitive personal information about the people who use it.

We are an APP entity for the purposes of the Privacy Act and we are bound by the Australian Privacy Principles. This Privacy Policy applies to all personal information we collect through our website, our web application, and our witnessing service, regardless of how that information is collected or stored. By using AusWitness, you acknowledge that you have read and understood this Privacy Policy.

In this Privacy Policy, "personal information" and "sensitive information" have the meanings given to them in the Privacy Act. Sensitive information is a subset of personal information that attracts a higher level of protection and includes, among other things, biometric information and biometric templates used for the purpose of automated biometric verification or identification.

The personal information we collect depends on how you interact with us, but in connection with a witnessing session it may include all of the categories below.

• Identity and contact details – your full name, date of birth, residential or postal address, email address and telephone number.
• Government identifiers and identity documents – images and data from your Australian driver licence, passport or other government-issued identity documents, including the identifying numbers shown on those documents. We collect these because the witnessing practitioner has a legal duty to be reasonably satisfied of your identity.
• Sensitive information and biometric data – a "liveness" selfie and the biometric facial-match data derived from comparing that selfie to your identity document. This information is sensitive information and, where it is biometric, is collected only with your explicit consent for the purpose of verifying that you are the person you claim to be.
• Video and audio recordings – a recording of the witnessing AVL session, including your image and voice and anything visible or audible during the call. These recordings form part of the evidentiary record of the witnessing.
• Document contents – the statutory declaration, affidavit, contract, deed or other document you upload to be witnessed, including any personal information about you or third parties contained in it.
• Payment information – billing details necessary to process your payment. Card details are collected and processed directly by our payment provider, Stripe, and are not stored by us. We retain only limited transaction records such as the amount, date and a payment reference.
• Technical and usage data – information generated automatically when you use our website and application, including your IP address, device and browser type, operating system, log data, timestamps, and information about how you navigate and use the service.

Wherever it is reasonable and practicable to do so, we collect personal information directly from you. We collect personal information in the following ways.

• Directly from you – when you create an account, enter your details, upload a document, capture your identity documents and selfie, and participate in the witnessing call.
• Via our identity-verification provider – when our third-party identity-verification provider performs document authentication and biometric facial matching, and returns the results of those checks to us.
• Automatically – through cookies and similar technologies, and through server and application logs, when you visit our website or use our application.

If we receive personal information about you that we did not request and could not lawfully have collected, we will deal with it in accordance with our obligations under the APPs, including by destroying or de-identifying it where appropriate.

We collect, hold and use your personal information for the following purposes.

• To provide the witnessing service, including arranging and conducting the AVL session and producing the witnessed document.
• To enable the witnessing practitioner to verify your identity and to meet their legal duty to be reasonably satisfied of who you are before witnessing your document.
• To create and maintain a reliable evidentiary record of the witnessing, consistent with the requirements of the oaths, statutory declarations, evidence and electronic transactions legislation applicable in the relevant jurisdiction.
• To detect, prevent and investigate fraud, impersonation and other misuse of the service.
• To process payments and maintain financial and transaction records.
• To provide customer support, respond to your enquiries, and administer your account.
• To comply with our legal and professional obligations, and to establish, exercise or defend legal claims.

We will not use or disclose your personal information for a purpose other than the purpose for which it was collected (or a directly related secondary purpose you would reasonably expect), unless you have consented or we are otherwise permitted or required to do so under the Privacy Act.

Before we collect sensitive information about you – including your identity documents, your liveness selfie, the biometric facial-match data, and the audio-visual recording of the witnessing session – we will seek your express, explicit consent. You will be asked to consent specifically to the recording of the AVL call before the recording begins.

You may decline to provide this consent or to provide the information we request. However, because verifying your identity and recording the session are essential to witnessing your document lawfully and reliably, we will generally be unable to provide the witnessing service to you if you do not consent. You may withdraw your consent at any time by contacting us, although withdrawing consent will not affect the lawfulness of anything done before the withdrawal, and we may still need to retain certain records to meet our legal obligations.

We disclose your personal information only where it is necessary to provide the service, where you have consented, or where we are permitted or required to do so by law. We may disclose personal information to the following recipients.

• The witnessing practitioner – the Australian lawyer who conducts your witnessing session and who must review your identity documents and your document.
• Identity-verification provider – a provider such as IDVerse or FrankieOne, which performs document authentication and biometric facial matching.
• Payment processor – Stripe, which securely processes your card payment.
• Video platform – Daily.co, which provides the audio-visual calling technology used to conduct and record the session.
• Hosting and storage providers – Supabase and Amazon Web Services, which host our application and store our data and recordings in Australia.
• Courts, regulators and authorities – where disclosure is required or authorised by law, such as in response to a court order, subpoena or a lawful request from a regulator or law enforcement agency.
• Professional advisers – our legal, accounting and insurance advisers, where reasonably necessary.

We require our service providers to handle personal information consistently with the Privacy Act and to use it only for the purposes for which we engage them. We do not sell your personal information, and we do not disclose it to third parties for their own marketing purposes.

Your personal information and the witnessing recordings are stored in Australia, on cloud infrastructure located in the AWS Asia Pacific (Sydney) region (ap-southeast-2), including via our hosting provider Supabase's Sydney region. We have designed the service so that your most sensitive information remains onshore.

Some of our service providers may be located overseas, or may process limited personal information outside Australia in the course of providing their services to us. Where we disclose personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles that information in a way consistent with the APPs, as required by APP 8. Before disclosing personal information overseas, we consider the protections in place and, where appropriate, put in place contractual safeguards. We will identify, where we are reasonably able to do so, the countries in which such recipients are likely to be located.

We take the security of your personal information seriously and take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include encryption of data in transit and at rest, role-based access controls so that information is accessible only to those who need it, network and application security measures, logging and monitoring, and staff confidentiality obligations.

While we strive to protect your personal information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. If you believe the security of your information may have been compromised, please contact us immediately using the details below.

We retain personal information only for as long as it is needed for the purposes set out in this Privacy Policy, or for as long as we are required to keep it by law or professional obligation. Witnessing records and AVL recordings are generally retained for approximately seven (7) years, mirroring standard legal file retention periods and supporting the evidentiary value of the witnessing.

When personal information is no longer required and we are not required by law to retain it, we will take reasonable steps to securely destroy it or to permanently de-identify it.

You have the right to request access to the personal information we hold about you, and to request that we correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading. To make a request, please contact us using the details in the "Contact us" section below. We may need to verify your identity before acting on your request.

We will respond to your request within a reasonable period. In most cases access and correction are free, although we may charge a reasonable fee for giving access where permitted by law. If we decline a request, we will give you written reasons (except where it would be unreasonable to do so) and information about how you can complain.

We may, where permitted by law, send you communications about our service, including updates and promotional material. You can opt out of receiving direct marketing communications from us at any time by using the unsubscribe facility in the relevant message or by contacting us. Once you opt out, we will stop sending you direct marketing, although we may still send you communications that are necessary to administer the service. We will not use your sensitive information for direct marketing without your consent.

We use cookies and similar technologies to operate our website and application, to remember your preferences, to keep you signed in, and to understand how the service is used. We may use analytics tools to collect aggregated information about usage so that we can improve the service. You can configure your browser to refuse or delete cookies, but some features of the service may not function properly if you do.

Our service is intended for adults aged 18 years and over. Witnessing documents such as statutory declarations and affidavits requires legal capacity, and the service is not directed at children. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, please contact us so that we can take appropriate steps to delete it.

We maintain procedures to detect, contain, assess and respond to data breaches. If we experience an eligible data breach that is likely to result in serious harm to any individual whose personal information is involved, we will notify the affected individuals and the Office of the Australian Information Commissioner ("OAIC") in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

If you have a concern or complaint about how we have handled your personal information, please contact us first using the details below so that we can try to resolve it. We will acknowledge your complaint, investigate it, and respond to you within a reasonable period.

If you are not satisfied with our response, you may escalate your complaint to the OAIC. The OAIC can be contacted at GPO Box 5288, Sydney NSW 2001, by telephone on 1300 363 992, or via its website at www.oaic.gov.au.

We may update this Privacy Policy from time to time to reflect changes in our practices, our service providers, or the law. The current version will always be available on our website and the "Last updated" date at the top of this page will be revised. Where changes are significant, we will take reasonable steps to notify you. We encourage you to review this Privacy Policy periodically.

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or want to make a complaint, please contact our privacy officer at privacy@auswitness.com.au.