Legal
Privacy policy
How Lodgeable collects, uses, secures, and discloses personal information when registered migration agents prepare subclass 407 Visa training plans.
Last updated: 31/05/2026
Who we are
Lodgeable is operated by Lodgeable Pty Ltd (ABN to be confirmed), incorporated in Australia. Registered MARA agents use Lodgeable to prepare subclass 407 Visa training plans lodged with the Department of Home Affairs.
This policy explains how we handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to the agents who hold accounts and to the trainees and employers whose details are entered to prepare a plan.
What we collect
To prepare a training plan, we collect the information needed for the document and for the record of consent that supports it:
- Trainee identity. Name, date of birth, nationality, and passport number.
- Contact details. Address, email, and phone number.
- Background. Education, certifications, and employment history.
- Position and training. Proposed position, ANZSCO code, salary, and training milestones.
- Consent record. The consent text together with the time and IP address of acknowledgement.
How we use it
We use personal information to:
- Draft the training plan and supporting documents.
- Keep an auditable record of consent and actions, as required under MARA obligations and the Australian Privacy Principles.
- Authenticate agents and enforce access to your firm's records.
- Monitor and improve the reliability of the service.
We do not use personal information for advertising, profiling, or sale.
Where it goes
Every PII field is encrypted with AES-256-GCM before it is written to the database, which runs in Sydney (ap-southeast-2). Encryption happens at the application layer, so identifying fields are never written to disk in the clear.
Cross-border disclosure (APP 8)
Cross-border disclosure - Anthropic, Inc. (United States). Generating the narrative sections of a training plan requires transmitting a redacted version of intake data to Anthropic, Inc., a company incorporated in the United States of America. The redacted payload replaces every identifying field (name, date of birth, passport number, residential address, contact details, salary, and prior employer names) with a non-reversible placeholder before transmission. The original identifying fields are not sent to Anthropic, Inc.
Anthropic, Inc. processes the redacted data solely to generate training plan content; retention and handling of that data are governed by Anthropic's enterprise data handling terms. Because Anthropic, Inc. is domiciled in the United States, this constitutes a cross-border disclosure under the Privacy Act 1988 (Cth). We take reasonable steps to ensure Anthropic, Inc. handles the data in a way that is consistent with the Australian Privacy Principles.
Platform infrastructure is also operated by Vercel, Inc. (United States) for web hosting purposes. Vercel, Inc. processes request data as part of normal hosting operations and does not access training plan content.
Authentication services are provided by Clerk, Inc. (United States). Clerk processes the email addresses and names of migration agents and firm administrators for the purpose of identity verification and session management only.
Data retention
We keep information only as long as it is needed for the purpose it was collected and for our record-keeping obligations.
- Personal information
- Kept while the account and plan are active. Purge windows after deletion are being finalised and will be confirmed in a future revision of this policy.
- Audit-log entries
- Retained for the life of the organisation's account. A fixed minimum retention period aligned to MARA record-keeping obligations is being confirmed and will be published here.
Cookies and analytics
Only essential authentication-session cookies are used, so that you stay signed in and your firm's records stay scoped to your organisation. There is no advertising, tracking, or third-party analytics.
Your rights
Under the Privacy Act 1988 (Cth) you may request access to your personal information (APP 12) and correction of it (APP 13), and make a complaint about how it has been handled.
If you are a trainee, your migration agent is your primary point of contact for exercising these rights within Lodgeable. If you are a migration agent or firm administrator, you may contact us directly.
You may also withdraw consent and ask to have your record deleted at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
If you are not satisfied with how we handle your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Changes to this policy
We will post any changes here and update the date shown at the top of this page. Where a change is significant, we will take reasonable steps to make it visible before it takes effect.
How to contact us
For any privacy question, access or correction request, or complaint, contact our Privacy Officer:
Privacy Officer, Lodgeable Pty Ltd
privacy@lodgeable.com.auSydney, Australia
We aim to respond to all privacy enquiries within 30 days of receipt.