Privacy Policy

1. About This Policy

LodgeHQ (“we”, “us”, “our”) is operated by LodgeHQ Pty Ltd (ABN 52 696 192 677). We are committed to protecting the privacy of our users and their clients in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

This policy explains how we collect, use, store, and disclose personal information through the LodgeHQ platform at app.lodgehq.com.au.

2. Information We Collect

We collect the following categories of personal information:

• Account information: Name, email address, phone number, business name, business address, MARN (for migration agents).
• Client data: Information entered by migration agents about their clients, including names, dates of birth, passport numbers, visa application details, and other immigration-related data.
• Documents: Files uploaded by agents or their clients, including identity documents, qualifications, and supporting evidence.
• Payment information: Billing details processed securely through Stripe. We do not store credit card numbers on our servers.
• Usage data: Log data, IP addresses, browser type, and interaction patterns for security and service improvement.

3. How We Use Your Information

We use personal information to:

• Provide and maintain the LodgeHQ platform and its features.
• Process subscription payments and manage billing.
• Send transactional emails (verification codes, signature requests, questionnaire invitations).
• Respond to support enquiries.
• Ensure platform security, detect fraud, and prevent unauthorised access.
• Comply with legal obligations, including OMARA regulatory requirements.

4. Data Security

We implement industry-standard security measures including:

• AES-256-GCM encryption for sensitive personal identifiers (passport numbers, TRN numbers, DHA file numbers).
• HMAC-signed session tokens and CSRF protection.
• Two-factor authentication (2FA) support.
• Content Security Policy headers and rate limiting.
• All data transmitted over HTTPS/TLS.
• Regular automated security audits of dependencies.

5. Data Storage & Retention

Your data is stored on secure servers. Database backups are performed daily and encrypted. We retain your data for as long as your account is active. Upon account closure, we will delete your data within 90 days, unless retention is required by law or for legitimate business purposes.

Migration agents are reminded of their independent obligations under the Migration Agents Regulations 1998 to maintain client records for a minimum of 7 years.

6. Disclosure of Information

We may share personal information with:

• Stripe: For payment processing.
• Resend: For transactional email delivery.
• Service providers: Infrastructure and hosting providers who process data on our behalf under strict confidentiality agreements.
• Law enforcement: Where required by law, court order, or regulatory authority.

We do not sell personal information to third parties.

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your data (subject to legal retention requirements).
• Export your data in a portable format.
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

8. LodgeHQ eLodge Chrome Extension

LodgeHQ also publishes an optional Chrome browser extension called LodgeHQ eLodge, which allows registered migration agents to auto-fill Australian Department of Home Affairs ImmiAccount visa application forms using client data they have previously entered into their LodgeHQ account.

What the extension accesses:

• The currently open tab on online.immi.gov.au — only to read the form field structure and write the user’s selected client data into those fields. The extension does not activate on any other website.
• The user’s LodgeHQ account at app.lodgehq.com.au — to fetch the list of the user’s clients, their completed questionnaire answers, and the user’s agent profile (via the same authenticated session that the user has already signed into).
• Chrome local storage — to remember the selected client and server URL between side-panel sessions.

How extension data is handled:

• Client data fetched from LodgeHQ is held in memory inside the side panel only for the duration of the browser session. It is cached in Chrome local storage for convenience but never transmitted to any third party.
• The extension communicates only with app.lodgehq.com.au (the user’s own LodgeHQ account) and online.immi.gov.au (the active visa form being filled). There are no analytics, tracking pixels, or third-party SDKs.
• No data is collected by LodgeHQ Pty Ltd purely as a result of the extension being installed. All data handled by the extension is data the user already owns inside their own LodgeHQ account.
• The extension does not sell, rent, or share user data. It is provided as a productivity feature of the LodgeHQ subscription.

Uninstalling the extension removes all locally cached data from the browser. No data is retained by LodgeHQ specifically as a consequence of extension use.

9. Cookies & Tracking

LodgeHQ uses essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. Usage analytics are collected in aggregate form only.

10. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or in-app notification. Continued use of LodgeHQ after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or wish to make a privacy-related request, contact us at: