Privacy Policy

Introduction and Company Overview

3Lines Holdings Pty Ltd ("3Lines", "we", "us", "our") is an Australian-based web application company that provides a platform for Australian Financial Services Licensees (AFSLs) to manage compliance. We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our services, including our website (www.3lines.com.au) and platform (collectively, the "Service"). It also outlines your rights and how you can contact us about privacy concerns.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), which set out how we should handle personal information. In this policy, "personal information" has the same meaning as in the Privacy Act – essentially, information about an identifiable individual. By using our Service, you agree to the collection and use of your information in accordance with this Privacy Policy.

Personal Information We Collect

Information You Provide

When you sign up for 3Lines, we collect basic personal information from you such as your name and email address. This information is necessary to create your account and allow you to log in and use the platform. We may also collect other information you voluntarily provide to us, including:

• Contact details (such as phone number and job title)
• Account preferences and settings
• Organisational information relevant to compliance management
• Communication content when you contact us for support or provide feedback

This information helps us provide and personalise our services to meet your compliance management needs. We only collect information that is reasonably necessary for providing our services and supporting your use of the platform.

Optional Uploads

As part of our compliance platform, you may choose to upload your internal company policies or other documents to our system (for example, to use with our AI-assisted tools). This is completely optional and requires your explicit opt-in. These documents may include:

• Internal compliance policies
• Procedures and guidelines
• Compliance registers and records
• Other documents relevant to AFSL compliance

Any documents you upload are treated as confidential and are only used to provide services to you (such as allowing you to search within your policies or enabling AI-powered compliance assistance). They are not accessible to any other 3Lines customer or third party without your permission.

Information We Collect Automatically

When you use our website or platform, we collect some information automatically about your visit. This includes:

• Basic analytics data (browser type, device information, operating system)
• IP address (anonymised where possible)
• Pages visited and features used
• Dates and times of access
• Session duration and interaction metrics
• Referring websites or sources

We use cookies and similar technologies to gather this usage information. This data helps us understand how users interact with our Service and improve functionality. Importantly, this usage data is generally not linked to your name or identity, and we do not use it to personally identify you. It is used in aggregate or pseudonymously for technical and analytical purposes.

We do not collect any sensitive personal information about you (such as information about race, religion, health, or finances) as part of our standard platform usage. The personal details we request are limited to what is necessary to provide our compliance management services.

How We Use Your Personal Information

We use the personal information we collect for the following purposes:

Providing and Operating the Service

We use your name and email to create your account, authenticate your login, and allow you to use the 3Lines platform to manage compliance. Your information enables us to:

• Maintain your user profile and account
• Authenticate your access to the platform
• Deliver the features and functionality you request
• Personalise your experience based on your preferences
• Track your usage for billing purposes (if applicable)

Communication

We use contact information (like your email address) to communicate with you about the Service. This includes:

• Sending account confirmations and setup instructions
• Providing important announcements and service updates
• Notifying you about new features or platform changes
• Informing you about changes to this Privacy Policy or our Terms of Service
• Responding to enquiries or support requests you send us

We will not send you marketing emails unrelated to the compliance services unless we have your consent. If you subscribe to any newsletter or updates, you can opt out at any time.

Compliance and Legal Obligations

As a company operating in the financial services compliance sector, we may use your information to comply with our own legal obligations. For example, we may retain certain records if required by law or regulatory requirements. We also use personal information to:

• Enforce our agreements and policies
• Prevent fraud or misuse of our Service
• Ensure the security of our platform
• Comply with legal and regulatory obligations
• Respond to legal requests from authorities where required by law

Service Improvement

We may analyse aggregated usage data to improve our Service. This helps us understand what features are useful and how to enhance user experience. When doing so, we use de-identified or aggregate information whenever possible. Examples include:

• Tracking overall login rates and active user statistics
• Analysing feature usage patterns and common workflows
• Identifying performance bottlenecks or usability issues
• Monitoring common questions asked to our AI system
• Evaluating overall platform stability and reliability

Optional AI Features

If you choose to use our AI-powered features (such as uploading documents for analysis or asking our chatbot "Regi" compliance questions), we will use your information as described in the AI and Machine Learning Features section below. In summary, any such use is solely to deliver the requested feature to you and not for any independent purpose by us or by our AI technology providers.

We will not use your personal information for purposes other than those you would reasonably expect in the context of using 3Lines, unless we obtain your consent or are required/allowed by law to do so.

Disclosure of Personal Information to Third Parties

3Lines respects the confidentiality of your personal information. We do not sell, rent, or share your personal details with third-party companies for their own marketing or advertising purposes. In fact, as a rule we do not disclose your personal information to any third parties except in the limited circumstances described below:

Service Providers (Processors)

We use a few trusted third-party service providers to help us deliver our Service to you. These providers may process or handle personal information on our behalf, but only for the purposes of providing their services to us. Key examples include:

• Amazon Web Services (AWS) - Our cloud hosting provider, which stores our databases and files in Australia
• Google Analytics - Helps us track website usage and platform performance
• Google Cloud Vertex AI (using the gemini-embedding-exp-03-07 model) - Helps power our document understanding capabilities
• OpenAI (for GPT-4.1) - Powers our Regi chatbot for compliance assistance
• Outseta – Provides user authentication, subscription management, and CRM functionality
• Stripe – Handles secure payment processing and billing infrastructure

Whenever we share data with service providers, we ensure they are bound by appropriate privacy and confidentiality obligations. They are not permitted to use your information for anything other than assisting us in running 3Lines according to our instructions.

Legal Requirements and Protection

We may disclose personal information if we are required to do so by law or valid legal process (for example, in response to a subpoena, court order, or regulatory request). We may also disclose information if necessary to:

• Prevent or investigate possible wrongdoing in connection with the Service
• Protect against legal liability
• Protect the rights, property, or safety of 3Lines, our users, or the public
• Enforce our terms and conditions
• Comply with a regulatory or legal obligation

We will only do this in accordance with the law and, whenever feasible, with notice to you.

Aside from the above, your personal information remains with 3Lines and under our control. In particular, we do not share your personal information with any third parties for their own use. The internal documents or data you upload (if any) will not be disclosed or accessible to any other clients of 3Lines or any external party, unless you explicitly instruct us to or as required by law.

Overseas Disclosure

Our policy is to host and process personal information within Australia whenever possible. All of our primary user data is stored on servers located in Australia. However, some of our service providers are international organisations. For example, when you use our AI features, limited data may be sent to:

• Google Cloud (for Vertex AI embeddings) - May process data in the United States or other countries
• OpenAI (for the Regi chatbot) - Processes data in the United States

We have carefully chosen providers that have strong privacy safeguards, and any transfer of personal information overseas is done in compliance with Australian Privacy Principle 8 (APP 8). This means we will take reasonable steps to ensure the overseas recipient does not breach the APPs in relation to your information. In practice, this includes:

• Using providers that offer privacy commitments consistent with Australian standards
• Implementing data minimisation practices to limit what is shared
• Ensuring providers do not use your data to train their models
• Obtaining your consent where appropriate

By using the 3Lines platform (particularly the features that involve these third-party services), you consent to this limited overseas transfer for the purposes described. We provide more specific information about these services and their privacy commitments in the AI and Machine Learning Features section below.

Data Hosting and Security

Data Location

3Lines stores all primary customer data on secure servers located in Australia. We use a reputable cloud hosting provider (AWS) with Australian data centres to host our application and database. This means that personal information like your account details and any documents you upload are stored within Australia under Australian jurisdiction. Keeping data local is one way we ensure compliance with Australian privacy requirements and reduce exposure to foreign surveillance or laws.

Security Measures

We take the security of your personal information seriously. 3Lines has implemented a range of technical and organisational measures to protect your data from loss, misuse, unauthorised access, or disclosure. These measures include, for example, encryption of data in transit (so that when data is sent between your device and our servers, it is encrypted via HTTPS/TLS), encryption of data at rest in our databases, firewalls and network security controls to prevent external intrusions, and access controls ensuring that only authorised personnel with a valid business need can access sensitive information. We also maintain audit logs and monitoring to detect any suspicious activity in our systems.

Our security approach includes:

• Encryption: We implement industry-standard encryption for data in transit and sensitive data at rest.
• Access controls: We follow the principle of least privilege, ensuring staff members only have access to the information they need to perform their roles.
• Infrastructure security: We utilise cloud service providers with strong security credentials and implement appropriate network security controls.
• Security assessment: We conduct regular security reviews as part of our development and maintenance processes.
• Monitoring: We utilise systems to detect and alert us to potential security events.
• Incident response: We maintain procedures to address security incidents promptly should they occur.

We regularly update our software and infrastructure to apply security patches and follow industry best practices for cybersecurity. Our team members receive training on the importance of data protection and privacy. While no method of transmission over the Internet or electronic storage is 100% secure, we strive to use commercially acceptable means and best practices to protect your personal information. In the unlikely event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

Data Retention

We only retain your personal information for as long as it is needed to fulfil the purposes described in this policy (unless a longer retention period is required by law). For example, as long as you have an active account with 3Lines, we will retain the information associated with your account. If you choose to delete your account or request deletion of your data, we will take reasonable steps to erase or de-identify your personal information, except where we need to keep it for legal reasons (such as record-keeping obligations or to resolve disputes). Usage data (analytics) that is aggregated may be kept for longer to help us with trend analysis, but that data cannot be linked back to an individual.

Cookies and Analytics

Cookies

A "cookie" is a small text file that our site may place on your computer or device when you visit. We use cookies to support and improve your user experience. For example, cookies may remember your login session so you remain signed in as you navigate through the platform. Cookies are also used for our analytics (described next). The cookies we use do not contain personal details about you; they typically collect identifiers and information like your device's IP address and browsing behaviour on our site. You can adjust your browser settings to refuse cookies or alert you when cookies are being used. However, note that some parts of our Service (like the login or certain features) may not function properly if you disable all cookies.

We may use different types of cookies on our website, which could include:

• Essential cookies: These are necessary for the website to function and enable you to navigate around the site and use its features. Without these cookies, certain services you have asked for cannot be provided.
• Functional cookies: These cookies allow the website to remember choices you make and provide enhanced, more personal features.
• Performance/Analytics cookies: These cookies collect information about how visitors use a website, for instance which pages visitors go to most often. They are used to improve how a website works.
• Session cookies: These temporary cookies expire when you close your browser and do not remain on your computer or device after you end your browsing session.

Most web browsers allow you to manage your cookie preferences. You can set your browser to refuse cookies or delete certain cookies. Generally, you should also be able to manage similar technologies in the same way that you manage cookies. Please note, if you choose to block cookies, this may impair or prevent the functionality of our services.

Google Analytics

We use Google Analytics, a common web analytics service, to gather standard internet log information and details of visitor behaviour on our website. Google Analytics uses cookies to collect information such as how often users visit our site, what pages they visit, and what other sites they used prior to coming to our site. This information is sent to Google and aggregated to create reports for us on website activity. We use these reports to understand website traffic and improve our site and services.

The data we get from Google Analytics does not include personally identifiable information like your name or email. For example, Google Analytics might tell us that a certain percentage of users visited the "Features" page or how long users on average spend on the site, but it does not reveal who those users are. We do not combine the analytics information with other data we hold to try to identify individuals. Google Analytics may collect your IP address, but we have configured it (where possible) to anonymise IPs, meaning the last digits of your IP are masked to further protect your privacy.

Opt-Out

If you wish, you can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on in your browser, which prevents your browser data from being used. However, even if you do not opt out, please be assured that analytics data is used in a very limited way (only to improve our site) and is handled in accordance with Google's privacy policies. Google is based in the United States, so analytics data may be processed in the US. Google is obliged to protect this information and not share it with others except as required by law. For more details on how Google Analytics handles data, you can refer to Google's Privacy Policy.

By using our website, you agree to the use of cookies and analytics as described above.

AI and Machine Learning Features

3Lines offers optional artificial intelligence-powered features to enhance your compliance management experience. These features include our compliance assistant chatbot ("Regi") and a document search function that can retrieve answers from a knowledge base. To provide these AI features, 3Lines integrates with two third-party AI services: Google Vertex AI (for embeddings) and OpenAI (for the chatbot). We understand that you may have concerns about how your data is handled when these AI services are used. This section explains what data is sent to these services and the safeguards in place to protect your privacy.

Use of Google Vertex AI (Embeddings and Vector Store)

Our platform utilises Google Vertex AI with the gemini-embedding-exp-03-07 model for generating embeddings of text data. Embeddings are numerical representations of text that help our system understand and compare the content of documents and queries. We use embeddings to power our vector database (hosted in Australia) which stores information for quick retrieval during chatbot queries (a technique known as Retrieval-Augmented Generation or RAG).

What data goes to Google Vertex AI?

If you opt to use our AI features, certain textual data is sent to Google Vertex AI for processing. This can include:

• Portions of publicly available reference materials we use (like regulatory guides from ASIC)
• The text of any documents you explicitly choose to upload into our system
• The questions or queries you pose to our Regi chatbot

For example, when you upload an internal policy document to 3Lines (with your consent), our system may send excerpts of that document to Google Vertex AI to generate an embedding using the gemini-embedding-exp-03-07 model, which then gets stored in our vector database for your organisation. Similarly, if you ask the chatbot a question, the text of your question might be sent to Google's AI service to create an embedding, so that our system can find relevant information to help answer your question. These embedding requests are handled in real-time by the Vertex AI API.

Privacy protections with Google Vertex AI

We have ensured that any use of Google Vertex AI is done under Google's enterprise-grade terms and privacy commitments. According to Google Cloud's terms, any data we send to their AI services is treated as our Customer Data, and Google will not use Customer Data to train or improve their own AI models without our (or your) permission. In other words, Google does not keep or use the content of your documents or queries to refine Google's general AI knowledge. The AI models simply process the input we send and return the embedding results to us. Google has publicly committed that for AI services on Google Cloud (including Vertex AI), "we don't use data that you provide us to train our own models without your permission."

Google Vertex AI is an enterprise service with strong security and privacy controls. All data sent to Google's AI API is encrypted in transit using industry-standard TLS protocols, and Google maintains strict data privacy measures aligned with international standards. We understand that Google does not retain the contents of the requests beyond the immediate need to process them – once the embedding is generated and returned to 3Lines, the textual content you submitted is not stored by Google in a way that can identify you or your organisation. Google may keep some transient logs for a short period (typically up to 14 days) for service reliability and abuse detection, but this is covered by their privacy commitments and not used for any purpose beyond maintaining service quality.

All AI processing happens under our Google Cloud account in a controlled environment with restricted access. We have implemented additional security measures like API keys, service account restrictions, and network security policies to further protect data in transit. Furthermore, we have configured our integration to minimise the amount of data sent to Google – only sending the specific text needed for generating embeddings rather than entire documents where possible.

The output we receive from Google Vertex AI is an embedding (a list of numbers) that represents the essence of the text; it is stored in our vector database in Australia on Supabase servers. This database contains:

1. Public reference data that 3Lines has added – for example, information from public regulatory resources such as ASIC documents or common compliance guidelines. This helps the AI provide answers based on general knowledge relevant to financial compliance.
2. Your uploaded data – if you choose to upload your own internal compliance policies or documents, those will also be stored (as embeddings and text snippets) in the vector database for your private use.

Each customer's data is isolated and tagged using secure multi-tenancy principles, so that any document you upload is only accessible to you (and those in your organisation who are authorised on our platform). We implement strict access controls including database-level permissions and row-level security in Supabase to ensure complete segregation of customer data. No other 3Lines customer can ever access your uploaded documents or their embeddings, and 3Lines personnel will not access them except with your permission when assisting with support issues or unless required by law. Our systems are designed with "privacy by design" principles, maintaining separation between different clients' data throughout the entire processing pipeline.

In summary, Google Vertex AI helps us process text to enable powerful search and answer capabilities, without exposing your data for Google's own use. Google has an industry-leading AI/ML Privacy Commitment to enterprise customers, ensuring you maintain control over your data. All data from these processes is stored securely in Australia within our control.

Use of OpenAI GPT (Regi Chatbot)

One of the key features of 3Lines is our AI chatbot, referred to as "Regi", which can answer compliance questions and assist users by generating responses using AI. This chatbot functionality is powered by OpenAI's advanced language model, which we access through OpenAI's API. OpenAI is a leading AI provider (the creator of ChatGPT), and we use their language model to provide helpful answers based on the context from your documents and our knowledge base.

How the Regi Chatbot Works

Our Regi chatbot implementation includes both single query responses and ongoing conversation capabilities. When you interact with either of these features:

1. Your question is processed to identify the key information needed
2. Our system uses AI to find relevant information in our database (which contains both public compliance resources and any documents you've uploaded)
3. The most relevant context is retrieved and combined with your query
4. This combined information is sent to OpenAI's API to generate a helpful, contextually relevant response
5. For conversational interactions, the chat history is maintained to provide continuity as you ask follow-up questions

What data goes to OpenAI?

When you ask a question or interact with the Regi chatbot on 3Lines, our system will compile a prompt that may include:

• Your specific query or question
• Previous messages in the conversation (for ongoing chat interactions)
• Relevant excerpts of information (context) to help answer that query

This context may come from the public data we have (like regulatory guides) or from your own uploaded documents, if they are relevant and you have opted to use them. This compiled prompt is then sent to OpenAI's API. OpenAI's servers take this input and generate a response (an answer or advice from the chatbot), which we then display to you in the application.

For example, if you ask "What are the record-keeping requirements for financial advisors?", our system might pull a snippet from an ASIC guideline about record-keeping and include it (along with your question) in a request to OpenAI. The OpenAI model will then produce an answer which we show back to you.

Privacy protections with OpenAI

We use OpenAI's enterprise API under terms that ensure your data is handled confidentially and not used for any purpose other than to give you an answer. According to OpenAI's documentation, data submitted through the OpenAI API is not used to train OpenAI models or improve their services. This means that any information you send in a chatbot query will not be used to train OpenAI's underlying AI or otherwise be incorporated into OpenAI's knowledge.

OpenAI may briefly retain the data for a short period (up to 30 days) for trust and safety monitoring (e.g., to detect abuse or technical issues), but it is not stored long-term and is not used in training the AI. Moreover, OpenAI offers a Business or Enterprise level API setting where data is not retained at all beyond processing, which we utilise.

In line with OpenAI's commitments, your conversations with the Regi chatbot through our platform remain private to you and 3Lines. Neither OpenAI nor 3Lines uses those chat contents to improve general AI models. We have also put in place contractual agreements (and rely on OpenAI's published API policies) to protect any personal information that might incidentally be included in AI queries.

Storage of Conversation History

For the conversational chat feature of Regi, which allows for ongoing conversations with the chatbot, we may store your conversation history temporarily to maintain context between your messages. This history is:

• Stored securely in our Australian-based Supabase servers
• Accessible only to you and authorised members of your organisation
• Retained only for the duration needed to maintain the conversation context
• Not used for any purpose other than providing you with a coherent conversation experience

You can request deletion of your conversation history at any time.

Location of Processing

OpenAI is a U.S.-based company, so API requests are processed on servers in the United States (or another country where OpenAI operates). As mentioned in the "Overseas Disclosure" section, by using the chatbot feature you consent to this transfer. OpenAI implements security measures to protect data; data in transit to OpenAI is encrypted, and OpenAI maintains access controls and complies with applicable privacy regulations.

We do not store the full text of your queries or the context we send to OpenAI except temporarily as needed to process your request. The answer returned is displayed to you, and we may store the answer temporarily in your session for your convenience, but we do not use your specific question-answer pairs for any purpose beyond delivering the service to you.

Important Note on AI-Generated Content

The AI-generated responses are provided to assist you, but they should not be taken as legal advice. While we strive to ensure the AI provides accurate information, the technology has limitations and may occasionally produce incorrect, incomplete, or outdated information. We encourage users to use the AI outputs as guidance and always double-check important compliance decisions with a qualified professional or the original source material.

AI models like those from OpenAI and Google Vertex AI are trained on general data and, even with our custom compliance context, they cannot substitute for the judgement of a qualified compliance professional or legal advisor. The AI features are best used as a starting point or reference tool to help you navigate compliance questions more efficiently, not as the final authority on compliance matters.

Using the AI features is completely optional – if you prefer not to send any data to OpenAI or Google Vertex AI, you can choose not to use the Regi chatbot or document upload features. You will still be able to use other aspects of the 3Lines platform (e.g., manual compliance tracking, document management) without engaging the AI functionality.

By using the AI features of 3Lines, you acknowledge that your query and relevant data may be processed by Google Vertex AI and OpenAI as described above. We have implemented these features with privacy in mind, leveraging the providers' special privacy commitments for AI services (for example, Google's AI/ML Privacy Commitment and OpenAI's API data policies) to ensure your data remains yours and is not misused. Our aim is to provide helpful AI-driven functionality without compromising the confidentiality of your information.

Opt-In and Control

Using the AI features in 3Lines is completely optional. By default, we do not take any of your internal documents for use in our AI system unless you choose to use that feature. If you do opt in and upload documents, you retain control: you can request deletion of any or all uploaded documents from our system at any time (for example, if you leave the service or simply no longer want them stored). We will promptly remove them from our vector store upon request. The AI embedding process will only be applied to content you provide with consent or to public data we have pre-loaded.

For the Regi chatbot features, you have the following controls:

• Single Queries: When you use the standard Regi feature, your query is processed to provide a one-time answer without storing conversation history.
• Conversational Chat: If you use the conversational chat feature, you can view your conversation history within your session, and you can choose to start a new conversation at any time, effectively clearing the previous conversation context.
• Data Deletion: You can request that we delete any of your chat history or queries at any time by contacting us.

If you prefer not to use the AI features at all, you can still use the core compliance management features of the 3Lines platform without sending any data to our AI providers.

Your Rights to Access, Correct, and Delete Information

We respect your control over your personal information. Under the Australian Privacy Principles, you have the right to request access to the personal information we hold about you, to request corrections if that information is inaccurate, out-of-date, or incomplete, and to request deletion of your personal data in certain circumstances.

Accessing Your Information

You may contact us at any time to request what personal information we hold about you. For example, you might want to know what data is associated with your account or what documents you have uploaded. We will provide you with access to your information, generally within a reasonable time (usually within 30 days of your request).

In some cases, we might need to verify your identity before releasing the information to ensure we don't accidentally share your data with someone else. There is no fee for making an access request, but in rare cases we might charge you a reasonable administrative cost if providing the data incurs significant expense (we will inform you of any fee and get your agreement before proceeding).

There may be legal exceptions under which we cannot give you certain information (for example, if it would unreasonably affect someone else's privacy or if it relates to legal proceedings), but we will explain any such situation if it arises.

Correcting Your Information

If you believe any personal information we hold about you is incorrect, incomplete, or not up-to-date, you have the right to request that we correct it. You can do this by contacting us at the email address provided in the "Contact Us" section below.

We encourage you to keep your account information current (for instance, if your email changes, please let us know or update it in your profile). Upon your request, we will take reasonable steps to correct any information found to be inaccurate.

If for some reason we are unable to correct your information in the way you asked (for example, if we disagree that the existing information is wrong), we will provide you with an explanation and you have the right to have a statement of the requested correction noted alongside the information.

Deleting Your Information

You also have the option to request that we delete your personal information. For example, if you decide to discontinue using 3Lines, you can ask us to delete your account and remove your personal details from our records. We will honour deletion requests wherever possible.

Note that we may need to retain certain information if required for legal reasons or for legitimate business purposes (e.g., we might keep a record that you had an account for accounting, audit, or regulatory compliance purposes). However, if it's not necessary for us to keep your information, we will delete it upon request.

Deletion of your data means you may lose access to the services associated with that data (for instance, if you delete your account, you will no longer be able to log in). As mentioned in the AI features section, if you have uploaded documents to the platform, you can request that those be deleted at any time, and we will remove them from our systems.

Data Portability

While not currently a specific requirement under Australian privacy law, we recognise the importance of providing you with control over your data. Upon request, and where technically feasible, we will endeavour to provide you with your personal information in a structured, commonly used format.

This may include information you have directly provided to us (such as account details) and data you have generated through your use of the platform (such as uploaded documents). Where possible, we will provide this information in a format that allows you to transfer it to another service provider if desired.

To enquire about obtaining a copy of your data, please contact us using the details in the "How to Exercise Your Rights" section below.

How to Exercise Your Rights

To exercise any of these rights, or if you have any questions regarding your personal information, please contact us at [email protected]. We may ask for certain information to verify your identity before fulfilling the request (this is to protect your privacy). We will respond to your enquiry or request as quickly as we can, and certainly within the timeframes required by Australian privacy law.

Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal information, please contact our privacy officer at [email protected]. You can also reach out to us at this email if you wish to exercise your access/correction/deletion rights, or if you need any further clarification on our privacy practices.

We take all privacy enquiries seriously and will do our best to address your concerns promptly and effectively.

In your communication, please provide detail about your question or issue, and any relevant information so we can assist you better. We will confirm receipt of your query and respond as soon as possible. If you make a complaint about a potential breach of your privacy rights, we will investigate the matter and respond to you in writing on the outcome or steps we will take to resolve it.

If you are not satisfied with our response to a privacy-related concern or complaint, you have the right to contact the Office of the Australian Information Commissioner (OAIC). The OAIC is the independent regulator for privacy in Australia. They can be reached at www.oaic.gov.au or by telephone at 1300 363 992. We hope, however, that we can resolve any issue directly with you through our internal process.

Changes to This Privacy Policy

From time to time, we may update or amend this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will post the updated Privacy Policy on our website (at www.3lines.com.au or within the platform interface) and update the "last updated" date if applicable. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If we make material changes to how we handle personal information, we may also notify you directly via email or via a prominent notice on our Service, especially if required by law. By continuing to use the Service after those changes become effective, you are deemed to have accepted the updated Privacy Policy. Rest assured, we will not reduce your rights under this Privacy Policy without your consent, and any changes will remain in compliance with the Privacy Act and APPs.

Children's Privacy

Our Service is designed for use by businesses in the financial services industry and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

Given the professional nature of our platform for Australian Financial Services Licensees, we do not expect children to access or use our services. If we become aware that we have inadvertently collected personal information from a person under the age of 18, we will take reasonable steps to delete such information promptly.

If you believe we might have collected information from a child under 18, please contact us at [email protected].