Privacy Policy

1. About this Policy

This Privacy Policy explains how The Colonial Record collects, uses, stores and discloses personal information.

The Colonial Record is a historical research service. We help users search, unlock, transcribe, cite, analyse and lodge historical Australian records.

This Policy applies to ColonialRecord.com.au and related services, including searches, accounts, paid unlocks, subscriptions, alerts, user lodgements, AI-assisted research tools and support.

2. Privacy law

We are an Australian business.

Depending on our size, activities and legal obligations at a given time, we may be required to comply with the Privacy Act 1988 and the Australian Privacy Principles.

Whether or not a specific privacy law applies to every part of our business at a particular time, we aim to handle personal information carefully, transparently and in accordance with this Policy.

3. What personal information we collect

We collect the personal information needed to operate the Service.

This may include:

Account information

• email address;
• password hash and password security information;
• login and session information;
• account plan, membership or institutional access details;
• account preferences; and
• support history.

We do not store your password in plain text.

Purchase and unlock information

• email address used for guest checkout or account checkout;
• unlocked notice or record identifiers;
• payment status;
• receipt and entitlement information;
• re-access links or access tokens;
• Stripe checkout metadata; and
• transaction support records.

We do not receive or store your full payment card details.

Search and usage information

• search queries;
• clicked records;
• preview and unlock funnel events;
• page views;
• saved searches;
• alert terms;
• visitor identifiers;
• account identifiers;
• approximate referral and campaign information; and
• technical event logs.

Alerts

• email address;
• alert query or standing enquiry terms;
• confirmation status;
• unsubscribe status;
• email delivery information; and
• alert limits and abuse-prevention information.

Ask the Record and AI-assisted features

If you use AI-assisted features, we may collect:

• your question;
• generated answers;
• retrieved source evidence;
• citations;
• tool steps;
• model, cost and quota information;
• feedback such as thumbs up or thumbs down; and
• related account and usage metadata.

Lodged documents

If you upload or lodge documents, we may collect:

• the uploaded file;
• file name;
• file hash;
• file metadata;
• source, provenance or context information you provide;
• extracted text;
• searchable PDF files;
• cropped images;
• page images;
• extracted names, places, dates and entities;
• review, quarantine, rejection or publication status; and
• account and upload history.

You must not upload modern private information about living people or material you do not have the right to provide.

Technical and security information

We may collect:

• IP address in server logs;
• browser and device information;
• date and time of access;
• referrer information;
• error logs;
• security events;
• rate-limit and abuse-prevention data;
• cookie identifiers; and
• diagnostic information.

4. Cookies

We currently use first-party cookies to operate the Service.

We do not currently use third-party advertising cookies, ad pixels, external analytics scripts or fingerprinting.

If this changes, we will update this Policy.

5. How we collect personal information

We collect information when you:

• visit the website;
• search records;
• click search results;
• unlock or purchase records;
• create or use an account;
• subscribe to alerts;
• confirm or unsubscribe from emails;
• lodge documents;
• use AI-assisted features;
• contact support;
• respond to feedback tools; or
• otherwise interact with the Service.

We may also collect technical information automatically through first-party cookies, logs and event tracking.

6. Why we use personal information

We use personal information to:

• provide the Service;
• process searches, accounts, unlocks, downloads, alerts and lodgements;
• deliver purchased or unlocked records;
• send receipts, access links and transactional emails;
• operate standing enquiries and alerts;
• process, OCR, review and index lodged documents;
• run AI-assisted research features;
• maintain source citations, audit trails and research integrity;
• prevent fraud, abuse, scraping, unauthorised access and security incidents;
• troubleshoot bugs and improve performance;
• understand demand for records and features;
• respond to support, correction, refund and takedown requests;
• comply with legal, tax, accounting, consumer law and regulatory obligations; and
• develop, test and improve the Service.

7. Historical records and personal information

The Service contains historical records. Some records may name individuals, including people who are deceased and, occasionally, people who may still be living.

We aim to focus on historical material and avoid modern private data about living people.

If you believe a record contains sensitive information about a living person, contact us at privacy@colonialrecord.com.au.

We may remove, redact, quarantine, relabel or retain material depending on the nature of the record, its source, age, public interest, privacy impact, legal status and our rights and obligations.

8. User-lodged material

When you lodge material, you choose to provide the document and any provenance or context information.

We may process lodged documents using OCR, AI-assisted review, entity extraction, indexing, manual review and other archival tools.

Accepted lodged documents may become part of the public Record. If published, the document, transcript, source note, contributor credit, extracted entities and related metadata may be visible to other users.

Borderline or rejected documents may be quarantined, withheld, deleted or retained for review, security, legal or audit reasons.

Do not lodge documents containing modern private information about living people, confidential material, official secrets, unlawful material, infringing material or documents you are not entitled to provide.

9. Disclosure to service providers

We may disclose personal information or uploaded content to service providers who help us operate the Service.

These may include:

• hosting and infrastructure providers;
• OCR providers, including AWS Textract;
• AI providers, including Google Vertex AI / Gemini and, if enabled, Anthropic;
• payment providers, including Stripe;
• email providers, including AWS SES or another SMTP provider;
• backup and storage providers, including AWS S3;
• security, logging and support providers;
• professional advisers; and
• contractors who help operate, review, moderate, support or improve the Service.

We disclose only what is reasonably needed for the relevant function.

For OCR and AI processing, user identity information is not intentionally sent with OCR jobs unless needed for the relevant feature. However, uploaded documents or questions may themselves contain personal information if you include it.

10. Overseas disclosure

Some providers may process or access information outside Australia.

Likely locations may include Australia, the United States and other countries where our providers or their subprocessors operate.

Where required by law, we take reasonable steps to ensure overseas recipients handle personal information appropriately.

11. Payments

Payments are processed by third-party payment providers such as Stripe.

When you pay, Stripe may collect and process payment card details, billing details, email address, payment metadata and fraud-prevention information under its own terms and privacy policy.

We receive payment status, transaction identifiers, email address and entitlement information needed to provide access and support.

12. Emails and alerts

We send transactional emails, such as receipts, unlock links, login emails, support emails, account emails, upload emails and service notices.

If you subscribe to alerts or standing enquiries, we use your email address and alert terms to send matching record notifications.

Alert emails include a way to stop that alert or unsubscribe where required.

We do not currently operate a marketing newsletter. If we add marketing emails, we will only send them where we have a lawful basis and will include unsubscribe options.

13. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.

Our security measures may include HTTPS, secure cookies, password hashing, access controls, rate limits, login lockouts, CSRF protections, encrypted backups, audit logs, provider controls and operational security checks.

No system is perfectly secure. You are responsible for keeping your account credentials and unlock links safe.

14. Retention

We keep personal information for as long as reasonably needed for the purposes described in this Policy, including providing the Service, maintaining unlock access, preserving research integrity, handling disputes, complying with law, maintaining security and improving the Service.

In particular:

• unconfirmed alert subscriptions may be deleted after about 30 days;
• confirmed alert subscriptions are kept until you unsubscribe or we close the alert;
• unlock and transaction records may be retained so we can maintain access, receipts, support and accounting records;
• account records are kept while the account remains open and for a reasonable period afterwards;
• uploaded documents and derived records may be retained under the lodgement licence, including after account closure;
• search logs and AI audit records may be retained to maintain, audit, secure and improve the Service;
• server logs may be retained for security and operational reasons; and
• backups may retain information for a period after deletion from live systems.

We do not currently provide an automated self-service deletion tool. You can contact us to request access, correction, deletion or de-identification, and we will take reasonable steps to respond.

Some information may not be fully deleted if we need to retain it for legal, accounting, security, audit, dispute, research-integrity, backup, archival, public-record or licence reasons.

15. Access and correction

You may contact us to request access to personal information we hold about you or to ask us to correct inaccurate information.

We may need to verify your identity before responding.

We may refuse or limit access where permitted by law, including where access would affect another person’s privacy, reveal security information, breach legal obligations, or be frivolous, vexatious or impracticable.

16. Deletion and account closure

You may ask us to close your account or delete or de-identify personal information.

We will take reasonable steps to comply where appropriate.

However, closing an account does not automatically remove:

• transaction records;
• unlock records;
• records needed for security, tax, accounting or legal purposes;
• lodged documents covered by the lodgement licence;
• records already included in the public Record;
• backups not yet overwritten;
• records needed to investigate misuse or disputes; or
• de-identified or aggregated data.

17. Data breaches

If we become aware of a data breach, we will assess it and take appropriate steps.

Where required by law, we will notify affected individuals and the Office of the Australian Information Commissioner.

18. Complaints

If you have a privacy question or complaint, contact us first:

Email: privacy@colonialrecord.com.au
Postal address: 98 Wills St, Bendigo VIC 3550, Australia

Please include enough information for us to understand and respond to your concern.

We will aim to respond within a reasonable time.

If you are not satisfied, you may be able to contact the Office of the Australian Information Commissioner.

19. Changes to this Policy

We may update this Policy from time to time.

The updated version applies when posted on the website.

If we make material changes to how we handle personal information, we will take reasonable steps to notify affected users where required by law or where reasonably practicable.

20. Contact