Introducing IMMI-PULSE: AI-powered immigration intelligence for Australian consultants.See the Platform
Legal

Privacy Policy

Effective date · 8 May 2026 · Version 1.0

We handle some of the most sensitive information a person can share — visa histories, identity documents, family details. This policy describes how we collect, hold, use, and disclose personal information, and the standards we hold ourselves to under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Data residency

Hosted in Australia (Sydney region)

Encryption

End-to-end, in transit and at rest

Regulatory

Privacy Act 1988 (Cth) aligned

1. About this policy

This policy describes how IMMI-PULSE, operated by The Apps Company Pty Ltd (“we”, “us”, “our”), collects, holds, uses, and discloses personal information. It is written to comply with the Privacy Act 1988 (Cth) (the “Privacy Act”) and the Australian Privacy Principles set out in Schedule 1 of that Act (the “APPs”).

For any question about this policy, or about how we have handled your personal information, please contact our Privacy Officer at privacy@immi-pulse.com.au.

2. Who this policy applies to

This policy applies to:

  • Consultants — Australian-registered migration agents and legal practitioners who use the Consultant Workspace;
  • Applicants — visa applicants who interact with the Platform directly or whose information is uploaded by a Consultant; and
  • Visitors — anyone who browses the public website, subscribes to the newsletter, or contacts us.

Where a Consultant uploads a client's personal information to the Platform, the Consultant remains the principal handler of that information under their professional obligations. We process it on the Consultant's behalf, in line with these terms and our agreement with them.

3. What we collect

We collect only the personal information that is reasonably necessary to provide the Platform.

Account information. Name, business name, email, phone number, OMARA registration number or legal practising-certificate number, hashed password, and preferred timezone.

Client and case information (uploaded by Consultants). Identity details, contact details, immigration history, qualifications, employment history, family composition, identity documents, supporting evidence, correspondence, file notes, and any other information necessary to assess or progress a visa matter.

Email and document content. Where you connect a Microsoft 365 mailbox by OAuth, or upload a document, the Platform processes the content of those emails and documents to classify, summarise, and extract structured information.

Sensitive information. The Platform may handle sensitive information within the meaning of section 6 of the Privacy Act, including health information, biometric information contained in identity documents, criminal history, and information about a person's race, religion, or political opinion where this is relevant to a visa matter. We collect sensitive information only with consent and only where it is reasonably necessary for the migration matter at hand.

Usage and technical data. IP address, device and browser information, log data, and aggregated usage analytics. We do not sell this data.

Newsletter and contact information. If you subscribe to our newsletter or contact us, we collect your email address and the content of your message.

4. How we collect it

We collect personal information directly from you when you create an account, subscribe to the newsletter, contact us, or upload data. We collect information about clients indirectly through the Consultants who use the Platform, and we rely on the Consultant to have obtained any necessary consents.

We also collect technical information automatically through cookies and analytics — see section 11.

5. Why we use it

We use personal information to:

  • provide, secure, and improve the Platform;
  • authenticate users and prevent fraud or abuse;
  • run the AI-assisted features (classification, drafting, document analysis, checklist generation);
  • communicate with you about your account, support requests, or service changes;
  • send marketing communications you have asked to receive; and
  • meet legal, regulatory, and audit obligations.

We do not use your data, or your clients' data, to train general-purpose AI models. The AI providers we use are contracted not to retain or train on the inputs we send them.

6. Disclosure of personal information

We disclose personal information only to:

  • service providers and sub-processors that help us run the Platform — see section 9;
  • a Consultant's authorised team members where they share access to the Workspace;
  • a regulator, court, or law-enforcement body where we are legally required to do so; and
  • a successor entity in connection with a sale, merger, or restructure, subject to equivalent privacy obligations.

We do not sell personal information.

7. Where your data is stored

Customer Data is hosted in Australia, in the Amazon Web Services Sydney region (ap-southeast-2). Backups are kept in the same Australian region. We do not routinely transfer Customer Data overseas.

The AI models that power some of our features run within the same Sydney region. Where a future feature requires processing in another region we will tell you before that feature is enabled, and seek your consent in accordance with APP 8.

8. Security and breach notification

We protect personal information with administrative, technical, and physical safeguards, including:

  • encryption in transit (TLS 1.2 or higher) and encryption at rest;
  • least-privilege access controls and audit logging for staff access;
  • multi-factor authentication for administrative access;
  • regular security reviews, dependency monitoring, and patching;
  • a documented incident-response plan; and
  • staff confidentiality agreements and privacy training.

No system is perfectly secure. If a data breach is likely to result in serious harm to an affected individual, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act).

9. Sub-processors and AI providers

We use a limited number of trusted service providers:

  • Amazon Web Services (Sydney region) — application hosting, database, file storage, and AI inference via Amazon Bedrock.
  • Anthropic, via Amazon Bedrock — large-language-model inference for classification, drafting, and document analysis. Bedrock does not retain prompts or use them for model training.
  • Microsoft (Azure / Microsoft 365) — only where a Consultant connects their own Microsoft 365 mailbox by OAuth.
  • A payment provider — engaged once paid plans go live, for processing subscription payments.
  • Email and analytics providers — for transactional email and product analytics.

A current list of sub-processors is available on request from privacy@immi-pulse.com.au.

10. Retention

We retain personal information for as long as your account is active and for as long as we need it to provide the Platform. After termination we will make Customer Data available for export for thirty (30) days. After that period it is deleted from active systems and retained only:

  • in encrypted backups for up to ninety (90) days, after which it is overwritten in the ordinary course; and
  • where law requires longer retention (for example, financial or tax records).

You may ask us to delete personal information sooner. We will do so unless we are required to keep it.

11. Cookies and analytics

The Platform uses essential cookies for authentication and session management, and a small number of analytics cookies to understand usage patterns. You can disable non-essential cookies in your browser. We do not use cross-site advertising trackers.

12. Direct marketing

We will only send you marketing communications if you have asked us to — for example, by subscribing to our newsletter or opting in during sign-up. Every marketing email contains a one-click unsubscribe; you can also opt out by emailing us. We will never market to a Consultant's clients without the Consultant's instruction.

13. Your rights

Under the Privacy Act you have the right to:

  • access the personal information we hold about you (APP 12);
  • ask us to correct information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading (APP 13);
  • withdraw consent for processing that depends on consent;
  • complain about how we have handled your information.

To exercise any of these rights, email privacy@immi-pulse.com.au. We will respond within thirty (30) days. We may need to verify your identity before acting.

If a request relates to information held in a Consultant's Workspace, we will refer the request to the Consultant, who is the appropriate first point of contact.

14. Complaints

If you are unhappy with how we have handled your personal information, please contact our Privacy Officer at privacy@immi-pulse.com.au. We will acknowledge your complaint within five (5) business days and aim to resolve it within thirty (30) days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner:

  • web — oaic.gov.au
  • phone — 1300 363 992
  • post — GPO Box 5288, Sydney NSW 2001

15. Children

The Platform is not directed to children. A Consultant may upload information about a minor where the minor is the subject of a visa matter; in that case the Consultant is responsible for obtaining any required consents from a parent or guardian.

16. Changes to this policy

We may update this policy from time to time. Material changes will be notified to account holders by email or in-product at least thirty (30) days before they take effect. The version date at the top of this page will always show the current effective date.

17. Contact our Privacy Officer

The Apps Company Pty Ltd — IMMI-PULSE
Attn: Privacy Officer
Perth, Western Australia
Email: privacy@immi-pulse.com.au

A privacy question we haven't answered?

Our Privacy Officer reads every email and aims to reply within two business days.

Email the Privacy Officer