DRAFT — For lawyer review before public launch

Privacy Policy

Last updated: June 2026 · Version 2026-06-22 (draft)

1. Who collects your information

Education and Migration Services Australia Pty Ltd, ABN 31 160 156 712 collects your information through the Partner Visa ReadyPack platform. We handle your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). Partner Visa ReadyPack is a self-service software preparation tool; it is not itself a registered migration agent and does not lodge visa applications.

2. Personal information we collect

  • account and contact details
  • visa and relationship intake answers
  • partner/spouse details
  • relationship evidence
  • uploaded documents
  • identity and immigration documents
  • AI prompts, outputs and review notes
  • chat/support messages
  • payment and subscription status
  • consent and audit logs

3. Sensitive information we collect

Some information you provide may be sensitive, including identity information, relationship history, financial information, health-related information, criminal history-related information, immigration history and other personal circumstances. We will only collect and use this information where you provide it to us for the Partner Visa ReadyPack service and where you consent to that collection and use.

4. Why we collect your information

  • operate your Partner Visa ReadyPack account
  • help you prepare and organise a partner visa document pack
  • generate checklists, drafts and summaries
  • provide AI-assisted document and information review
  • provide customer support
  • keep security, audit and consent records
  • facilitate optional migration-agent review if you request it

5. AI processing

Partner Visa ReadyPack uses AI systems to help organise information, generate drafts, identify gaps and summarise uploaded material. AI outputs may be incomplete, inaccurate or unsuitable for your circumstances. You must review all outputs before relying on them. AI processing is a required condition of using the self-service software.

What may be sent to AI

  • text you enter into intake forms
  • extracted text from text-based uploaded documents
  • document names, document categories and metadata
  • relationship timeline answers
  • draft statement content
  • chat messages and instructions

What is not intentionally sent to AI

  • raw uploaded files — only text extracted from text-based files is sent
  • images or scanned documents — these are not read with OCR or image/vision AI
  • passport numbers, dates of birth, or raw criminal/health/family-violence detail
  • raw payment card details, passwords and authentication tokens
  • signed file URLs and storage paths
  • internal admin notes marked as private

6. Overseas processing and subprocessors

Some service providers used to operate the platform may process or store information outside Australia. This may include AI providers, database/storage providers, hosting providers, analytics providers, email providers and payment providers. The current list, their purposes and their data-protection status are on our Subprocessors page. By enabling AI features you consent to the cross-border processing described there.

7. Who can access your information

  • You — full access to your own case data.
  • Optional Registered Migration Agent — only if you request a review. Shannon Semenikow (MARN 0701777) can read your case documents and intake answers for the purpose of providing review notes, under a separate Agreement for Services and Fees.
  • Education and Migration Services Australia Pty Ltd administrators — for support, compliance and security purposes only.
  • Service providers — storage, hosting, AI, payments and email, as listed on the Subprocessors page.

We do not sell, rent or share your personal information with any other third parties.

8. Data security

Documents are stored in a private storage bucket with row-level security. Access is via short-lived signed URLs only — no document is publicly accessible. Intake answers and case data are stored in a row-level-security-enabled database.

[Placeholder: virus scanning is not currently implemented. Documents are validated by type and size but not scanned. To be addressed before public launch.]

9. Data retention

Self-service software users. If you only use the software and do not purchase migration-agent review, we retain your account, consent and transaction records for the period required for business, tax, audit, security and dispute-resolution purposes. You may request deletion of your uploaded documents and intake data, subject to legal, accounting, fraud-prevention and dispute-resolution requirements. [Default retention period: [LAWYER_CONFIRM_RETENTION_PERIODS]]

Migration-agent review clients. If you purchase migration-agent review, the client file — including the service agreement, Consumer Guide acknowledgement, instructions, advice notes, communications, documents, invoices and outcome records — is retained in accordance with Registered Migration Agent professional obligations and any other applicable legal and accounting obligations. These records are not deleted merely because you delete your software account. [Retention periods: [LAWYER_CONFIRM_RETENTION_PERIODS]]

Consent records and audit logs are retained as evidence of lawful basis and accountability.

10. Access, correction and deletion

  • Access and correction — you can view and update your intake answers at any time in the app, and your export pack doubles as an access mechanism.
  • Deletion — you can delete your case and associated data using the self-service deletion tool in the app, or by contacting us. Deletion is subject to the retention rules in section 9 — some records (including migration-agent client files, consent records and audit logs) may be retained where we are required or permitted to keep them.

11. Complaints

If you have a privacy concern, contact us at info@emsaus.com. You may also complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Contact us

Privacy enquiries: info@emsaus.com

Note for lawyer review:Key items requiring confirmation: the privacy contact email and the RMA's MARN (both shown as placeholders), each subprocessor's DPA and data residency (see Subprocessors page), virus-scanning absence disclosure (cl. 8), retention periods (cl. 9), APP compliance review, and whether a separate Privacy Collection Statement is required at signup. See also docs/LEGAL_REVIEW_NEXT.md.