Privacy Policy
Effective: 1 February 2026 | Version 1.3
This is a living document, reviewed and updated regularly as our practices evolve. The online version is always the most current.
GetPost Labs Pty Ltd (ABN 82 634 520 924) operates Lex-AML, an AML/CTF workspace for Australian businesses. We are committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
GetPost Labs collects limited commercial and contact information directly for sales, billing, onboarding and support. Separately, Lex-AML may process organisation and customer compliance records entered into the platform by reporting entities. These records are handled within organisation-specific data boundaries and used only to operate, secure, maintain and support the service, or as otherwise required by law.
This policy explains what personal information GetPost Labs collects, how we handle it, and how you can access, correct or make a complaint about our handling of your information.
No legal advice. Lex-AML supports compliance workflows and record keeping. It does not provide legal advice, does not guarantee compliance, and does not replace professional judgement or advice from a qualified AML/CTF adviser or legal professional.
1. Who We Are
GetPost Labs Pty Ltd operates Lex-AML, an AML/CTF workspace for Tranche-2 organisations regulated under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. Lex-AML is being developed to help lawyers, accountants, real estate professionals, conveyancers and dealers in precious metals and stones manage AML/CTF readiness, customer onboarding, customer due diligence, evidence collection, review workflows and audit-ready records.
- Name: Sumit Arora, Founder & Director
- Email: sumit@getpostlabs.io
- Address: 9 Parolin Parade, Rochedale, Queensland 4123
- Website: https://lex-aml.com.au
2. Our Data Architecture and Privacy Principles
Lex-AML is designed with the following data principles, which govern how information is handled:
- Separated organisation workspaces — Lex-AML is designed to separate organisation workspaces and customer compliance records, so each organisation’s records are handled within organisation-specific data boundaries.
- Application-level protections — records are protected through access controls, authentication, audit logging and operational safeguards.
- Encryption — data is encrypted in transit (TLS 1.2+) and at rest. Internal services operate within a secured private network.
- Limited operational metadata — GetPost Labs may process limited operational metadata needed to operate, monitor, secure and support the platform (for example workspace identifiers, service status, integration status, usage counts, timestamps, error categories and support references).
- Restricted access — GetPost Labs does not use organisation or customer compliance records for unrelated marketing purposes. Access to organisation/customer records, where technically available, is restricted to authorised operational, security, support or legal purposes and is controlled and logged.
- Data portability — customers can request an export of their data.
- Future deployment options — Lex-AML may support stronger customer-controlled deployment options for organisations with specific data-governance requirements. Such options are described and applied only when agreed and implemented for the relevant customer.
3. What Personal Information GetPost Labs Collects
GetPost Labs collects and retains only the personal information necessary to establish and manage the commercial relationship with reporting entities. This is limited to:
- Name and contact details of the authorised representative
- Organisation name, ABN/ACN, and registered address
- Billing and subscription information
This information is collected as part of the sales contract process and is stored in our internal billing platform. We do not collect or retain any other personal information from reporting entities or their staff beyond what is required for the commercial relationship.
Platform configuration, user roles, activity logs, preferences, CDD data, compliance records and customer information entered into the platform are handled within organisation-specific data boundaries in the Lex-AML platform and protected through access controls, authentication and audit logging. GetPost Labs may process limited operational metadata needed to run, monitor, secure and support the service. Access to organisation/customer records, where technically available, is restricted to authorised operational, security, support or legal purposes and is controlled and logged.
We do not collect sensitive health or medical information. We do not collect personal information for marketing purposes without express consent.
4. How We Collect Personal Information
The limited personal information we hold is collected directly from the authorised representative of the reporting entity during the sales and onboarding process — specifically through the execution of the sales contract.
Information entered into the platform by reporting entities and their staff is handled within organisation-specific data boundaries in the Lex-AML platform, with access restricted, controlled and logged as described in Section 2.
5. Why We Collect Personal Information
We collect sales contract information for the following purposes only:
- To establish and manage the commercial relationship with the reporting entity
- To process billing and subscription payments
- To communicate with the authorised representative regarding the service
- To comply with our own legal and regulatory obligations as a business
6. Use and Disclosure of Personal Information
We use sales contract information only for the purposes described in Section 5. We do not use it for any other purpose.
We may disclose this information to:
- Our billing and payment processing providers, under strict data processing agreements
- Professional advisors such as lawyers and accountants, where necessary
- Government regulators where required by applicable Australian law
We do not sell, rent, or trade personal information to third parties for any purpose.
7. How We Handle Compliance and Customer Data
Organisation and customer compliance records processed through Lex-AML are handled within organisation-specific data boundaries. These records:
- Are handled within organisation-specific data boundaries in the Lex-AML platform
- Are protected through access controls, authentication, audit logging and operational safeguards
- Are encrypted in transit and at rest
- Remain the responsibility of the reporting entity as data controller — the organisation makes all customer due diligence decisions
The reporting entity remains responsible for its customer due diligence decisions and for handling customer information in accordance with its own legal and privacy obligations, including the Privacy Act 1988 (Cth) and its obligations under the AML/CTF Act 2006.
Where GetPost Labs accesses organisation or customer records — for example to operate, support, secure or maintain the service, or where required by law — such access is restricted to authorised purposes, controlled, and logged. We do not use these records for unrelated marketing purposes.
8. Third-Party Services
Lex-AML may use configured third-party providers to support DVS identity verification and Australian PEP checks. These services are used only where enabled for the relevant organisation and subject to provider setup, credentials and agreed configuration.
GetPost Labs thoroughly reviews the privacy policies of all third-party service providers before integration. Where those providers handle personal information on behalf of our customers, their privacy practices are governed by their own published privacy policies. We reference relevant third-party privacy policies within our platform documentation and update these references as providers change or as new integrations are added.
We do not integrate with any third-party service whose privacy practices we consider inconsistent with the Australian Privacy Principles or the standards we apply to our own operations.
9. Disclosure of Information Outside Australia
Sales contract information is stored within Australia on our billing platform. In limited circumstances, billing or payment processing providers engaged by us may operate outside Australia. Where this occurs, we take reasonable steps to ensure those recipients handle personal information consistently with the Australian Privacy Principles.
Where the Lex-AML platform or its service providers process data outside Australia, GetPost Labs takes reasonable steps to ensure that data is handled consistently with the Australian Privacy Principles. We do not use organisation or customer compliance records for unrelated purposes.
10. Data Storage and Security
The limited sales contract information held by GetPost Labs is stored securely on our internal billing platform with the following protections:
- Data is encrypted in transit between client devices and Lex-AML servers
- Production data storage is configured to use provider-managed encryption at rest
- Platform environments are protected through access controls, logging and operational safeguards
- Customer and compliance records are handled within organisation-specific data boundaries and protected through access controls, authentication, audit logging and operational safeguards
- Where GetPost Labs has technical access for operational, support, security or legal purposes, access is restricted, controlled and logged
- Regular security assessments and monitoring
- System and application logs do not contain personally identifiable information — logs capture operational metadata only such as actions performed, timestamps, and system events, for debugging and platform reliability purposes
Sales contract information is retained for the duration of the commercial relationship and for as long as required by applicable legal and tax obligations, after which it is securely deleted.
11. Data Breach Response
In the event of a data breach involving personal information held by GetPost Labs, we will promptly assess the situation in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). If a breach is likely to result in serious harm, we will:
- Notify affected individuals as soon as practicable
- Notify the Office of the Australian Information Commissioner (OAIC) as required
- Take immediate steps to contain the breach
Where a data incident involves organisation or customer records handled within the Lex-AML platform, GetPost Labs and the reporting entity will work together to assess and respond in line with the service agreement and each party's obligations under the NDB scheme. Reporting entities remain responsible for their own obligations as data controller.
12. Website and Cookie Usage
When you visit https://lex-aml.com.au, we may collect technical information including your IP address, browser type, and pages visited, solely to improve our website experience. We use cookies (including Google Analytics) for this purpose. You may adjust your browser settings to manage or disable cookies. We do not use cookies to collect personally identifiable information for marketing purposes.
13. Access and Correction
You have the right to request access to the sales contract information we hold about you, and to request corrections if it is inaccurate or out of date. To make a request, contact us at sumit@getpostlabs.io. We will respond within 30 days at no charge.
For personal information held within the Lex-AML platform, your organisation can access and manage its data through the platform, and may request access to or export of its organisation data in accordance with the service agreement and applicable law.
14. Complaints
If you have a concern about how GetPost Labs has handled your personal information, please contact us in the first instance:
- Email: sumit@getpostlabs.io
- Post: GetPost Labs Pty Ltd, 9 Parolin Parade, Rochedale, Queensland 4123
We will acknowledge your complaint within 5 business days and provide a full response within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
15. Changes to This Policy
This is a living document. As Lex-AML evolves and our information handling practices develop, this policy is reviewed and updated regularly to reflect those changes. Updates will be published at lex-aml.com.au/privacy with an updated effective date. Where changes are material, we will notify existing customers directly.
GetPost Labs Pty Ltd ABN 82 634 520 924 | Last updated: 19 March 2026 | Version 1.3