Privacy Policy
Last updated: May 2025
Digital Law Lab ("we", "us") operates CourtSA Calendar. This policy explains what personal information we collect, how we use it, and how we protect it. It applies to all users of the Service and to anyone who submits an invite request.
We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Who we are
Digital Law Lab
ABN: [to be inserted]
Contact: mark@digitallawlab.org
2. What information we collect
| Information | How it is collected | Purpose |
|---|---|---|
| Name, email address, law firm, ABN, mobile number | Invite request form | To assess and process your access request |
| Email address | Account setup | To send sign-in links and service notifications |
| CourtSA username and password | Entered in the Settings page | To log in to CourtSA on your behalf and retrieve hearing data |
| Hearing data retrieved from CourtSA | Automated scraping of CourtSA | To generate your private calendar feed |
| Session token (browser cookie) | Automatically on sign-in | To keep you signed in for up to 30 days |
We do not collect payment information or run advertising of any kind.
3. How we store and protect your information
CourtSA credentials
Your CourtSA password is encrypted using Fernet (AES-128-CBC with HMAC-SHA256) before being written to disk. The encryption key is stored separately on the server with restricted file permissions (readable only by the service account). The plaintext password is never logged or transmitted except to CourtSA during a scrape.
Administrator access: The service administrator (Digital Law Lab) holds the server-side encryption key and can decrypt stored credentials for the purpose of diagnosing technical issues. We will only do this when necessary and will not access your credentials for any other purpose.
Calendar data
Hearing data is stored in an ICS file on the server. The file is accessible only via your private calendar URL, which contains a 256-bit random token. You can invalidate and regenerate this URL at any time from the Status page.
Server and data location
Data is stored on a virtual server operated by BinaryLane, hosted in Australia. Email delivery is handled by Amazon Web Services Simple Email Service (SES), which may process email metadata on servers outside Australia.
4. How we use your information
- To send sign-in links to your email address;
- To run automated scrapes of CourtSA using your credentials;
- To generate and serve your private calendar feed;
- To notify you of material changes to the Service or these policies;
- To assess and process invite requests.
We do not use your information for marketing purposes or share it with third parties, except as described below.
5. Disclosure to third parties
We do not sell or share your personal information. Limited disclosure occurs only in these circumstances:
- Amazon Web Services (SES): email addresses are transmitted to AWS SES solely for the purpose of delivering transactional emails (sign-in links). AWS is bound by its own privacy policy and data processing terms.
- CourtSA: your username and password are transmitted to CourtSA (courtsa.courts.sa.gov.au) during each scrape. This is the same transmission that occurs when you log in manually.
- Legal obligation: if we are required to disclose information by law or court order, we will do so.
6. Retention
We retain your personal information for the duration of your account. On account deletion, your user record is removed from the server. Hearing data (ICS files) and server logs may be retained for a short period thereafter as part of standard backup and operational procedures.
Invite request submissions are retained in email for as long as we reasonably require them for business purposes.
7. Your rights
Under the Australian Privacy Principles you have the right to:
- Request access to the personal information we hold about you;
- Request correction of inaccurate or incomplete information;
- Request deletion of your account and associated data;
- Complain about a privacy breach.
To exercise any of these rights, contact us at mark@digitallawlab.org. We will respond within a reasonable time, and no later than 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
8. Changes to this policy
We may update this policy from time to time. Material changes will be communicated by email. The current version is always available at this URL.
9. Contact
Privacy enquiries: mark@digitallawlab.org