Privacy Policy

LEXYLON (ABN 81 834 713 796) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, professional services, and products including VOLT.

This policy applies to lexylon.com.au, all associated subdomains, consulting and development services, and the VOLT macOS application and its associated cloud services.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also comply with the GDPR (EU) and CCPA (California).

We collect the following categories of information:

3. Information We Do NOT Collect

We are committed to a privacy-first architecture across all our services. We explicitly do not collect, transmit, or have access to:

We process personal information under the following lawful bases, in accordance with Australian Privacy Principles 3 and 6:

• Consent — Where you have given explicit consent for a specific purpose (e.g., marketing communications).
• Contractual Necessity — Where processing is necessary to perform a contract with you or take pre-contractual steps at your request.
• Legitimate Interests — Where processing is necessary for our legitimate business interests, provided these do not override your privacy rights.
• Legal Obligations — Where processing is necessary to comply with Australian law, including tax and regulatory requirements.

• Service Delivery — To provide, maintain, and improve our consulting services, software development, and products including VOLT.
• Analytics — To understand usage patterns, optimise performance, and develop new features and services.
• Customer Support — To respond to enquiries, troubleshoot issues, and provide technical assistance.
• Product Improvement — To analyse aggregated, anonymised data for product and service development.
• Communications — To send service updates, security alerts, and (with your consent) marketing communications.
• Legal Compliance — To comply with applicable laws, regulations, and legal processes.
• Automated Decision-Making — We do not use personal information for automated decision-making that produces legal or similarly significant effects without human review.

• Australian Infrastructure — Where applicable, data is hosted on Australian infrastructure. We prioritise Australian-based providers for primary data storage.
• Encryption — Data is encrypted at rest using AES-256 and in transit using TLS 1.3. VOLT API keys are encrypted via macOS Keychain and never leave your device.
• Access Controls — We implement industry-standard security measures including role-based access, audit logging, and regular security reviews.
• Notifiable Data Breaches — In the event of an eligible data breach, we comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988, notifying affected individuals and the OAIC as required.
• Security Programme — Our 2024-2025 enhanced security regime includes regular penetration testing, vulnerability scanning, and security awareness training.

We share personal information only in the following circumstances:

We do not sell, rent, or trade your personal information to third parties.

As an Australian business, your data may be processed in Australia and other countries where our service providers operate (e.g., the United States for Stripe and Apple services).

We ensure that any international data transfers comply with Australian Privacy Principle 8. Where data is transferred to countries without equivalent privacy protections, we implement appropriate safeguards including contractual protections and data processing agreements.

Depending on your location, you may have the following rights:

To exercise any of these rights, contact us at hello@lexylon.com.au. We will respond within 30 days (or sooner as required by applicable law).

Our cookie practices differ between our website and products:

Our services and products are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at hello@lexylon.com.au.

• Active Engagements — We retain client and project data for the duration of active engagement plus 7 years as required by Australian Taxation Office (ATO) record-keeping obligations.
• Product Accounts — Account data and usage metadata are retained for as long as your account is active and as needed to provide the service.
• Deletion Requests — Upon request, we will delete your personal data within 30 days, subject to legal retention requirements. Some anonymised, aggregated data may be retained for analytics.
• Local Data — Data stored locally on your devices (including VOLT API keys in Keychain) is under your sole control and is not affected by account deletion.

We may update this Privacy Policy from time to time. We will provide at least 30 days' notice of material changes via email, website notification, or in-app notification where applicable.

The "Effective" date at the top of this policy indicates when it was last revised. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

If you have a complaint about our handling of your personal information:

• Internal Process — Contact us at hello@lexylon.com.au. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
• Escalation — If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

If you have questions about this Privacy Policy or our data practices: