Privacy Policy

Last updated: March 2026

1. Introduction

Habeas is a legal research, intelligence and drafting platform built for Australian legal professionals.

This Privacy Policy explains what information we collect, how we use it, and the commitments we make to keep your data safe and under your control.

2. What We Collect

Account Information

Your name, organisation-affiliated email address and login credentials — i.e. the minimum of what we need architecturally to create and maintain your account.

Usage Information

How you interact with the platform, including search queries, features used, and any feedback you provide. This helps us understand what's working and where to improve.

Content You Provide

The prompts, questions and conversations you submit to Habeas, as well as any documents you choose to upload for analysis or research.

Technical Information

Standard technical data such as IP address, browser type, device information and application logs. This is used solely for security monitoring and platform performance - it is never used for advertising or profiling.

3. How We Use Your Information

We use the information described above for a limited set of purposes, all directly related to delivering and improving the Habeas platform:

  • To provide the service and software: Powering your research, drafting, and document analysis workflows.
  • To improve the platform: Understanding how features are used by our customers so we can improve them.
  • To provide support: Responding to your questions and resolving issues in a short turnover period. This data is also imperative in identifying bugs and resolving them, given the inherently complex nature of the software.
  • To maintain security: Detecting and preventing unauthorised access or misuse of the platform.
  • To meet legal obligations: Complying with applicable laws and regulations in Australia

What we do not do with your information:

With our system and data retention design, we are accutely aware of the importance of privacy and siloing of user data. Unlike other Legal AI companies, we have also decided not to utilise client data for model fine-tuning and retraining.

We do not sell, license or share your data with third parties for marketing or advertising purposes. We do not use your queries, conversations or uploaded documents to train or fine-tune any AI or language model — ours or anyone else's. We do not use your data for behavioural targeting or any purpose unrelated to delivering the Habeas service. We do not retain your content beyond what is necessary to provide the service and meet our legal obligations.

4. Document Uploads & Confidentiality

Habeas allows users to upload documents for analysis and research. We understand that these documents may contain sensitive or privileged material, and we treat them accordingly.

  • Uploaded documents are stored in encrypted, access-controlled environments with strict separation between organisations
  • Your documents are never shared with, visible to, or accessible by other users or organisations on the platform. However, users are permitted to share access with other members of their organisation if they choose for efficiency of collaboration on complex matters. In such a case, we encourage users to make sure their approach complies with the firm's internal AI policy.
  • Retrieved document contents are never used to train any AI model
  • You can delete uploaded documents and associated data at any time and this will permanently delete files from our database.

Habeas is also designed so that you can use the platform's research capabilities without uploading confidential material at all. You can choose to use it strictly as a research and information-gathering service, and anonymise any query sent to the platform. The choice is yours, and both workflows are fully supported and secure.

5. Third-Party AI Providers

Habeas uses third-party AI providers to power certain features such as answer synthesis and research support.

  • We use enterprise-tier API agreements with all providers, which include contractual guarantees that data is not stored, logged or used for model training. For example, if we utiliise models from an external provider like Anthropic, these are deployed through services like Azure/Amazon Bedrock, or through Anthropic's own enterprise tier.
  • All communication with AI providers is encrypted and does not include persistent personal identifiers

The subprocessors we utilise such as AWS and Google Cloud maintain independent security certifications. A full list of our subprocessors and their compliance status is available on request for firms engaged in a detailed procurement process.

6. How We Protect Your Data

We take a security-first approach to platform design and operations:

  • All data is encrypted in transit and at rest
  • Our databases are hosted in Australia with strict access controls and per-organisation data isolation
  • We conduct regular security reviews, vulnerability assessments, and maintain automated backup and recovery procedures
  • Access to production systems is restricted to authorised personnel and governed by role-based permissions on the platform.
  • We implement session management controls including automatic timeouts and suspicious activity detection.
  • We implement firewalls on frontend and backend services.

7. Legal Industry Compliance

Habeas is designed with the professional obligations of Australian legal practitioners in mind.

The platform is built to comply with NSW Supreme Court Practice Note SC GEN 23, which permits the use of dedicated legal research software that uses AI to search across legislation, case law and legal publications — provided appropriate confidentiality and non-training safeguards are in place. Habeas satisfies these requirements.

We also align with Law Society confidentiality and data protection requirements across Australian jurisdictions, and implement technical controls to support conflict prevention and the protection of legal professional privilege.

8. Data Retention & Deletion

  • Account information is retained while your account remains active
  • You can delete individual conversations, uploaded documents, or your entire account at any time from within the platform
  • Anonymised, aggregated usage data may be retained to help us understand platform performance and key trends.

9. Your Rights

You have the right to:

  • Correct any inaccurate information or edit your account information any time through the Habeas interface.
  • Delete your data or account - including past conversation history or search queries (ensure you have managed your subscription via the Habeas dashboard accordingly).
  • Object to or restrict how we process your data

To exercise any of these rights, please contact us using the details below. We will respond within a reasonable timeframe.

10. International Data Transfers

Our core infrastructure is hosted in Australia. Where data is processed outside Australia — for example, when communicating with a third-party AI provider — we ensure appropriate safeguards are in place, including enterprise-tier agreements with contractual data protection commitments.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the revised policy on this page and updating the date above. We encourage you to review this page periodically.

12. Contact

If you have any questions about this Privacy Policy, how we handle your data, or would like to exercise your rights, we'd like to hear from you. Support can be contacted via support@habeas.ai

Have More Questions? Get in touch!
support@habeas.ai
0482 553 973
Surry Hills, Sydney Australia
Book a Demo
All rights reserved, Habeas 2026
See our Privacy Policy