top of page

Terms & Privacy

Effective Date: 26 May 2026

PART A - TERMS OF USE

Parties, Acceptance and Agreement

These Terms of Use ("Terms") are between you and 3Lines Holdings Pty Ltd ABN 26 642 300 285 ("3Lines", "we", "us", "our"), Western Australia.

RegiReview is a product owned and operated by 3Lines Holdings Pty Ltd.

By creating an account, purchasing credits, uploading documents, or otherwise using the Services, you:

  • agree to be bound by these Terms;

  • acknowledge where and how your data may be stored and processed as described in these Terms and in Part B (Privacy Policy);

  • acknowledge that AI processing forms part of the Services; and

  • warrant that you have authority to bind yourself and, where applicable, the organisation on whose behalf you are acting.

 

If you are using the Services on behalf of an organisation, these Terms bind both you individually and that organisation. You represent that you have authority to do so.

If you do not agree to these Terms, you must not use the Services.

Definitions

In these Terms, the following words have the meanings set out below:

Account Owner Data Documents, data and information uploaded by you to the Services, including Statements of Advice and supporting documents.

APPs The Australian Privacy Principles contained in Schedule 1 of the Privacy Act.

Credits Prepaid units purchased by users and consumed when submitting assessments through the Services.

Effective Date The date shown on the cover page of this document.

Personal Information Has the meaning given in the Privacy Act — information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Privacy Act The Privacy Act 1988 (Cth), as amended from time to time.

RegiReview The AI-assisted compliance review platform operated by 3Lines Holdings Pty Ltd, accessible at www.3lines.com.au.

Services The RegiReview platform, including all features, tools, outputs, APIs and related services provided by us.

SoA Statement of Advice as defined in the Corporations Act 2001 (Cth).

Subprocessor A third-party service provider engaged by us to process data on our behalf in connection with the Services.

User An individual who has created an account and is authorised to access the Services.

Purpose and Scope of RegiReview

RegiReview is an AI-assisted compliance review tool designed to support financial services professionals and compliance teams in assessing Statements of Advice (SoAs) and related supporting documents.

RegiReview uses artificial intelligence to:

  • identify the type of advice provided in uploaded documents;

  • determine relevant compliance review scope areas;

  • assess uploaded documents against tailored compliance review questions; and

  • generate automated commentary, observations, references and suggested remediation actions.

 

RegiReview is a decision-support tool only. It does not provide legal advice, compliance advice, financial product advice, or professional consulting services of any kind.

Only Statements of Advice (SoAs) and directly related supporting documents are supported by the Services at this time. Uploading a Record of Advice (RoA) or other unsupported document type may produce inaccurate or unreliable outputs.

​

IMPORTANT: Where a user uploads an RoA or unsupported document type, account credits will still be deducted and credits will not be refunded. An in-app warning will be displayed before credits are consumed. You should read this warning carefully before proceeding.

Important Disclaimer About AI Outputs

RegiReview uses current-generation large language models provided via Microsoft Azure OpenAI services, which may be updated from time to time. The specific model version in use at any time is available on our website.

You acknowledge and agree that:

  • RegiReview outputs are automated and may contain inaccuracies, omissions, misinterpretations, hallucinations, incomplete analysis, incorrect references, or outdated information;

  • RegiReview may incorrectly identify compliance issues or fail to identify relevant compliance issues;

  • RegiReview does not guarantee compliance with the Corporations Act, ASIC guidance, the Financial Planners and Advisers Code of Ethics, licensee standards, or any other legal or regulatory requirements;

  • repeated reviews of the same document set or materially similar inputs may produce different outputs, findings, observations, commentary, remediation suggestions or compliance assessments due to the probabilistic nature of artificial intelligence models and ongoing model updates;

  • RegiReview outputs must always be independently assessed, verified and reviewed by a suitably qualified human reviewer exercising professional judgement; and

  • you remain solely responsible for all decisions, actions, advice, reviews, remediation activities, compliance assessments and regulatory obligations arising from or connected with your use of the Services.

​​

RegiReview is designed to assist human reviewers - not replace them. You must not rely solely on RegiReview outputs when making compliance, legal, supervisory, remediation, audit or advice-related decisions.

Eligibility

To use the Services, you must:

  • be at least 18 years old;

  • have legal capacity to enter into binding agreements; and

  • use the Services only for lawful business or professional purposes.

 

You must not use the Services if doing so would breach any applicable law, regulation, professional obligation, confidentiality obligation, or your licensee's policies.

User Accounts

You must create an individual user account to access the Services. Only users who have agreed to these Terms may create and maintain an account.

You are responsible for:

  • maintaining the confidentiality of your login credentials;

  • all activity occurring under your account;

  • ensuring your account information remains accurate and current; and

  • restricting access to your account to authorised individuals.

 

You must not:

  • share accounts between users;

  • allow another person to access the Services using your credentials;

  • impersonate another person or entity; or

  • attempt to gain unauthorised access to the Services or related systems.

 

We may suspend or terminate accounts where we reasonably suspect misuse, unauthorised access, fraudulent activity, security risks, or breaches of these Terms.

Credits, Pricing and Payments

RegiReview operates on a prepaid credit model. Users may purchase credits using a valid credit card or other payment method made available through the website.

Credits are used to submit RegiReview and RegiVet assessments. Pricing, credit allocation and inclusions are published on the RegiReview website and may be updated from time to time.

Unless otherwise stated:

  • credits are non-transferable;

  • credits are non-refundable once purchased;

  • credits are not redeemable for cash;

  • unused credits expire 12 months after purchase; and

  • all fees are stated in Australian dollars and inclusive of GST unless otherwise specified.

 

RegiReview uses Stripe and other third-party payment providers to process payments securely. We do not store full payment card details.

If a payment is declined or reversed, we may suspend access to the Services or cancel associated credits.

Free Credits and Promotions

RegiReview may offer free credits, promotional offers, discounts or trial access from time to time. Unless otherwise stated:

  • promotional offers may be withdrawn at any time;

  • promotions cannot be combined;

  • free credits have no cash value;

  • we may impose eligibility criteria or usage limits; and

  • promotional credits issued but not yet used may be cancelled where misuse, fraud or abuse is suspected, but we will not claw back credits that have already been consumed.

Review Outcomes, Disputed Findings and Indeterminate Results

Delivery of Services

A review is considered delivered, and the relevant credits are consumed, at the point RegiReview generates and presents an output to the user. Delivery of a review output constitutes delivery of the Services for the purposes of these Terms, irrespective of the content, completeness or accuracy of that output.

Disputed Findings

Disagreement with, or dissatisfaction with, AI-generated review findings, observations, commentary, compliance assessments or suggested remediation actions is not grounds for a refund, credit reversal, account credit or any other remedy. This applies whether the user believes the output to be:

  • incorrect, incomplete or inaccurate;

  • inconsistent with their own professional assessment;

  • overly conservative or overly permissive in identifying compliance issues; or

  • otherwise not useful or not aligned with their expectations.

 
Users are reminded that all RegiReview outputs must be independently assessed and verified by a suitably qualified human reviewer exercising professional judgement. RegiReview is a decision-support tool only. 

Indeterminate or Partial Results

There are circumstances in which RegiReview may be unable to generate a complete or meaningful review output. These include, without limitation, where:

  • the uploaded document is corrupted, unreadable or in an unsupported file format;

  • the document contains insufficient content for the AI to perform a meaningful assessment;

  • the document is structured or formatted in a way that prevents reliable processing; 

  • ​the document contains handwriting, images, scanned content, annotations, signatures or other visual elements that cannot be reliably interpreted by RegiReview's AI visioning or document extraction technologies, or which result in content being incorrectly extracted, misread or misinterpreted; or

  • the content of the document is outside the scope of what RegiReview is designed to assess.

 
In these circumstances, credits will still be consumed and will not be refunded. Users acknowledge that the quality, structure and readability of uploaded documents directly affect RegiReview's ability to generate meaningful outputs. RegiReview does not guarantee that handwriting or visually complex documents will be accurately interpreted. Credits will not be refunded where outputs are affected by AI vision limitations, document quality issues, or where content is incorrectly extracted, misread or misinterpreted.

Platform Failure Exception

Where a review fails entirely due to a verified platform or system error attributable solely to RegiReview (and not to document quality, user error, or any factor within the user's control), we may at our absolute discretion issue replacement credits to the affected user. This is a discretionary remedy only. It does not constitute an entitlement to a refund, credit reversal or any other compensation, and does not create a binding obligation on RegiReview to issue replacement credits in any circumstance. 

Credits are non-refundable in all circumstances, including where a user disagrees with review findings, where outputs are partial or indeterminate due to document quality, or where an uploaded document is an unsupported type such as a Record of Advice.

Uploaded Documents and Account Owner Data

You retain ownership of documents and information you upload to the Services (Account Owner Data).

You grant RegiReview a non-exclusive, worldwide, royalty-free licence to host, process, transmit, analyse and use Account Owner Data solely for the purpose of providing the Services to you. We do not use Account Owner Data for any other purpose.

You warrant that:

  • you have all necessary rights, consents and authority to upload Account Owner Data;

  • your upload and use of Account Owner Data does not breach any law, privacy obligation, confidentiality obligation, professional obligation or third-party right; and

  • where personal information is uploaded, you have provided all notices and obtained all consents required under applicable privacy laws, including the Privacy Act and APPs.

 

You must not upload:

  • unlawful, defamatory or misleading material;

  • malicious code, malware or harmful files;

  • content that infringes intellectual property rights; or

  • sensitive information where you are not authorised to disclose or process that information.

 

We may remove or restrict access to Account Owner Data that we reasonably believe breaches these Terms or creates legal, regulatory or security risks.

Data Retention and Deletion

We retain Account Owner Data and associated AI outputs as follows:

  • Uploaded documents (SoAs and supporting materials): retained for 90 days after the relevant review is completed, then permanently deleted.

  • AI-generated review outputs and observations: retained for 24 months from the date of review to support audit and record-keeping needs, unless you request earlier deletion.

  • Account information: retained for the life of your account and for 7 years after account closure to satisfy our legal and regulatory obligations.

  • Usage and analytics data: retained in de-identified or aggregate form for up to 5 years.

 

On account closure, we will permanently delete or de-identify your personal information and Account Owner Data within 30 days, except where we are required by law to retain it. You may request an export of your completed review history within 30 days of closing your account.

You may request deletion of specific Account Owner Data or review outputs at any time by contacting us at support@3lines.com.au. We will action deletion requests within 14 days.

Backup copies may be retained for up to 30 days after deletion requests are actioned before being permanently purged from backup systems.

Confidentiality

Each party acknowledges that in the course of using the Services, it may receive or have access to confidential information of the other party.

We treat all Account Owner Data as confidential. We will not disclose your Account Owner Data to any third party except:

  • as required to provide the Services (including disclosure to authorised Subprocessors in accordance with Part B);

  • as required by law, court order or regulatory authority; or

  • with your prior written consent.

 

You must keep confidential any proprietary information, systems, workflows, prompts or outputs provided by us that are not publicly available.

Confidentiality obligations survive termination of these Terms for a period of 3 years.

Privacy, Security and AI Processing

Privacy Obligations

​

Each party will comply with applicable privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), in connection with the Services.

Our full privacy practices are set out in Part B (Privacy Policy) of this document, which forms part of these Terms.

​

APP 8 Reasonable Steps

​

In accordance with APP 8, RegiReview has taken reasonable steps in its capacity as a discloser of personal information to Subprocessors. These steps include:

  • only permitting users who have accepted these Terms and acknowledged where and how data may be processed to create and maintain accounts;

  • requiring users, on a per-review basis through an in-app attestation, to acknowledge that: (a) AI processing is run on Microsoft Azure infrastructure in Australia; (b) Account Owner Data is stored at rest in Microsoft Azure data centres located in Australia; (c) processing may on occasion take place in Microsoft Azure regions outside Australia where Microsoft routes requests based on available capacity; and (d) the user has considered their own licensee's AI usage, privacy, confidentiality and information security policies before proceeding.

​​

Data Hosting and AI Infrastructure

​

Account Owner Data is stored in Australia, including Amazon Web Services (AWS) and Microsoft Azure. AI processing is performed using Azure OpenAI services provided by Microsoft.

Some processing may involve international subprocessors:

  • Microsoft Azure OpenAI: AI inference processing occurs primarily in Australia East (Azure). Microsoft may route requests to other Azure regions for capacity reasons. Such processing is transient and not persisted outside Australia.

  • User authentication and payment processing are handled by established international providers under data processing agreements, which may process account and billing information (such as name, email, and payment details) in the United States. No client advice documents (Statements of Advice or supporting files) are stored outside Australia.

RegiReview does not use Account Owner Data to train, retrain or fine-tune foundation AI models operated by RegiReview, Microsoft, OpenAI or any third party.

Microsoft's Azure OpenAI services operate under Microsoft's applicable terms and data processing commitments, including commitments regarding data residency in the Australia East region.

​

Subprocessors

​

Our current Subprocessors, their purpose and data location are:

​

Microsoft Azure (Container Apps)Cloud hosting of the Regi AI service - Australia East

Azure OpenAI Service - AI processing (LLM inference for scoping, assessment, vision OCR) - Australia East (transient cross-region possible during peak load)

Amazon Web Services (S3) - File storage for uploaded client documents - Australia (ap-southeast-2)

Amazon Web Services (SES) - Transactional email delivery (reminders, completion notices, password resets) - Australia (ap-southeast-2)

Vercel - Hosting of the Regi web applications and API gateway - Australia (Sydney)

Supabase - PostgreSQL database (review metadata, account info, assessment results) - Australia (Sydney)

Clerk - User authentication (sign-up, sign-in, session management) - United States / global

Stripe - Payment processing (top-ups, saved cards) - United States / global

​

We will notify account holders of material changes to our Subprocessors by email at least 14 days before the change takes effect. 

Security Measures

​

We implement reasonable technical and organisational security measures to protect Account Owner Data, including:

  • encryption of data in transit (HTTPS/TLS) and at rest;

  • access controls based on the principle of least privilege;

  • network security controls and firewalls;

  • audit logging and monitoring for suspicious activity;

  • regular security assessments and patch management; and

  • staff training on data protection obligations.

 

No platform or transmission method can be guaranteed completely secure. You are responsible for assessing whether the Services are appropriate for your own privacy, regulatory and risk requirements, including your licensee's AI usage, privacy, confidentiality and information security policies.

​

Notifiable Data Breaches

​

We are subject to the Notifiable Data Breach (NDB) scheme under Part IIIC of the Privacy Act. In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

  • notify affected individuals as soon as practicable;

  • notify the Office of the Australian Information Commissioner (OAIC) as required by law; and

  • take all reasonable steps to contain and remediate the breach.

 

We maintain an incident response procedure to ensure prompt identification, assessment and notification of data breaches.

Availability and Service Performance

We aim to make the Services available on an ongoing basis but do not guarantee uninterrupted or error-free operation. The Services may occasionally be unavailable due to maintenance, upgrades, outages, third-party service failures, internet disruptions, or events beyond our reasonable control.

We may modify, suspend or discontinue parts of the Services at any time. Where we make material changes to the Services that affect your ability to use them, we will provide you with reasonable notice.

Intellectual Property

All intellectual property rights in the Services — including software, workflows, prompts, branding, design, models, output formatting and interfaces developed by RegiReview — remain the property of RegiReview or its licensors.

You must not:

  • copy, reverse engineer or attempt to extract source code from the Services;

  • reproduce or commercially exploit the Services;

  • resell or sublicense access to the Services;

  • use the Services to build competing products or datasets; or

  • use automated means to scrape or harvest platform content.

 

Subject to these Terms, we grant you a limited, non-exclusive, revocable licence to access and use the Services for your internal business purposes.

Acceptable Use

You must not use the Services:

  • for unlawful, misleading or fraudulent purposes;

  • to upload malicious software or harmful content;

  • to test or probe system vulnerabilities;

  • to overload or disrupt the platform;

  • to infringe another person's rights;

  • to generate misleading regulatory or compliance outcomes; or

  • in any manner that could damage RegiReview's reputation, systems or users.

 

We may suspend or terminate access immediately where misuse is identified.

Third-Party Services

The Services incorporate or rely on third-party providers, including cloud hosting, payment processors and AI providers. Third-party services are subject to their own terms and availability. RegiReview is not responsible for outages, errors or failures caused by third-party providers.

Limitation of Liability

To the maximum extent permitted by law:

  • the Services are provided "as is" and "as available";

  • RegiReview disclaims all warranties, guarantees and representations not expressly stated in these Terms; and

  • RegiReview does not warrant that the Services will identify all compliance issues or produce accurate or complete outputs.

 

To the maximum extent permitted by law, RegiReview will not be liable for any:

  • indirect, consequential, incidental or special loss;

  • loss of profits, revenue, opportunity, goodwill or reputation;

  • regulatory action, remediation costs, licensee action, enforcement action or compliance breach;

  • loss arising from reliance on AI-generated outputs; or

  • loss of data, business interruption or cybersecurity incidents.

 

Our total aggregate liability arising out of or connected with the Services will not exceed the greater of: (a) the total amount paid by you to RegiReview in the 12 months preceding the event giving rise to the claim; or (b) AUD $500.

Nothing in these Terms excludes rights that cannot lawfully be excluded under the Australian Consumer Law.

Indemnity

You indemnify RegiReview and its officers, employees and contractors against any loss, claim, liability, cost or expense (including reasonable legal costs) arising from:

  • your misuse of the Services;

  • your breach of these Terms;

  • your uploaded content or Account Owner Data;

  • your breach of privacy, confidentiality or regulatory obligations; or

  • your failure to obtain required consents before uploading personal information.

 

This indemnity does not apply to the extent that the loss, claim or liability arises from our own negligence or breach of these Terms.

Force Majeure

We are not liable for any failure or delay in performing our obligations under these Terms where such failure or delay is caused by circumstances beyond our reasonable control, including acts of God, war, terrorism, pandemic, natural disaster, government action, failure of third-party infrastructure, or widespread internet outages (Force Majeure Event).

If a Force Majeure Event continues for more than 30 days, either party may terminate these Terms on written notice without liability (other than for amounts already owing).

Suspension and Termination

We may suspend or terminate your access immediately if:

  • you breach these Terms;

  • payment is overdue or reversed;

  • we suspect fraud, misuse or security risks; or

  • we are legally required to do so.

 

You may stop using the Services at any time. Termination does not affect accrued rights or obligations. On termination, data handling will occur as described in Data Retention and Deletion.

Changes to the Services or Terms

We may update the Services or these Terms from time to time. Where we intend to make material changes, we will:

  • notify account holders by email at least 14 days before the changes take effect;

  • publish the updated Terms on our website; and

  • update the version number and effective date on the cover page.

 

Your continued use of the Services after updated Terms are published constitutes acceptance of the revised Terms.

Dispute Resolution

If a dispute arises out of or in connection with these Terms, the parties agree to:

  • Step 1 — Negotiation: The party raising the dispute will notify the other in writing. Both parties will attempt to resolve the dispute through good-faith negotiation within 14 days of the notice.

  • Step 2 — Mediation: If the dispute is not resolved through negotiation, either party may refer the dispute to mediation administered by a mediator agreed by the parties, or if not agreed, appointed by the Law Society of Western Australia.

  • Step 3 — Litigation: If mediation fails to resolve the dispute within 30 days of the mediator's appointment, either party may commence court proceedings.

 

Nothing in this clause prevents a party from seeking urgent injunctive or other interim relief.

Governing Law and Jurisdiction

These Terms are governed by the laws of Western Australia and the Commonwealth of Australia. The parties submit to the exclusive jurisdiction of the courts of Western Australia.

General

Entire Agreement
​
These Terms (including Part B) constitute the entire agreement between you and RegiReview in respect of the Services and supersede all prior representations, agreements and understandings.
​
Severability
​
If any provision of these Terms is found to be invalid or unenforceable, that provision will be severed and the remainder of the Terms will continue in full force.
​
Waiver
​
Failure to enforce any provision of these Terms does not constitute a waiver of that provision.
​
Assignment
​
You may not assign your rights under these Terms without our prior written consent. We may assign our rights and obligations to a related entity or in connection with a merger, acquisition or sale of substantially all assets.
​
Notices
​
Notices under these Terms may be sent by email. Notices to us should be sent to support@3lines.com.au. Notices to you will be sent to the email address associated with your account.

Contact Details

Questions regarding these Terms, privacy, or the Services can be directed to:

 

3Lines Holdings Pty Ltd

Email: support@3lines.com.au

Website: www.3lines.com.au

Privacy enquiries: comply@3lines.com.au

PART B - PRIVACY POLICY

This Privacy Policy forms part of your agreement with RegiReview and explains how we collect, use, store and disclose your personal information.

Overview and Commitment

3Lines Holdings Pty Ltd ("3Lines", "we", "us", "our") is bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We are committed to handling personal information responsibly, transparently and consistently with the APPs.

This Privacy Policy applies to all personal information we collect through the RegiReview platform and our website (www.3lines.com.au). By using the Services, you agree to the collection and use of your information in accordance with this Privacy Policy.

In this policy, "personal information" has the same meaning as in the Privacy Act — information or an opinion about an identified individual or an individual who is reasonably identifiable.

Personal Information We Collect

Information You Provide

​

When you register for and use RegiReview, we collect:

  • name and email address (required to create and maintain your account);

  • contact details such as phone number and job title (optional);

  • account preferences and settings;

  • organisational information relevant to compliance management; and

  • communication content when you contact us for support or provide feedback.

​​

Account Owner Data (Optional Uploads)

​

As part of the compliance review functionality, you may upload Statements of Advice, Records of Advice and supporting documents. These documents may contain personal information about your clients, colleagues and other third parties.

Uploading documents is optional and requires your explicit in-app acknowledgement on each submission. Any documents you upload are:

  • treated as confidential;

  • used only to provide the Services to you;

  • not accessible to any other 3Lines customer; and

  • not disclosed to any third party except as set out in this Policy or as required by law.

​​

Information Collected Automatically

​

When you use the platform, we automatically collect:

  • basic analytics data (browser type, device information, operating system);

  • IP address (anonymised where possible);

  • pages visited, features used and session duration;

  • dates and times of access; and

  • referring websites or sources.

 

This data is used in aggregate or pseudonymous form for technical and analytical purposes. It is not linked to your name or identity for individual profiling.

We do not collect sensitive information (such as information about race, religion, health or finances) as part of standard platform usage.

How We Use Your Personal Information

Providing the Services

​

We use your personal information to create and maintain your account, authenticate your access, deliver review functionality, personalise your experience and track usage for billing purposes.

​

Communication

​

We use your contact information to send account confirmations, service updates, new feature notifications, policy change notifications and responses to support requests. We will not send marketing emails unrelated to the compliance services without your consent. You may opt out of marketing communications at any time.

​

Compliance and Legal Obligations

​

We may use personal information to enforce our agreements and policies, prevent fraud or misuse, ensure platform security, comply with legal and regulatory obligations, and respond to lawful requests from authorities.

​

Service Improvement

​

We analyse aggregated usage data to improve the Services. Where possible, we use de-identified or aggregate information. We do not use Account Owner Data (uploaded SoAs and documents) to improve the Services.

​

AI Features

​

If you use our AI-assisted review features, your data will be processed as described in section 7 of this Privacy Policy. All such use is solely to deliver the requested feature to you.

Disclosure of Personal Information to Third Parties

We do not sell, rent or share your personal information with third parties for their own marketing or advertising purposes. We disclose personal information only in the limited circumstances described below.

​

Subprocessors

​

We use trusted third-party service providers (Subprocessors) who may process personal information on our behalf. Each Subprocessor is bound by contractual obligations to protect your information and use it only for the purposes for which we have engaged them. Our current Subprocessors are listed in Part A - Terms of Use.

​

Legal Requirements

​

We may disclose personal information if required by law, valid legal process, court order or regulatory request. We may also disclose information to prevent wrongdoing, protect against legal liability, protect the safety of individuals, enforce our terms, or comply with regulatory obligations. We will only do this in accordance with the law and, where feasible, with notice to you.

Overseas Disclosure

Our policy is to host and process personal information within Australia whenever possible. All primary user data is stored on servers located in Australia (AWS Australia).

However, some processing involves international Subprocessors:

  • Microsoft Azure OpenAI: AI inference processing occurs primarily in Australia East (Azure). Microsoft may route requests to other Azure regions for capacity reasons. Such processing is transient and not persisted outside Australia.

  • Stripe: Payment processing data may be processed in the United States and other countries where Stripe operates.

 

In accordance with APP 8, we have taken reasonable steps to ensure that overseas recipients do not breach the APPs in relation to your information. This includes:

  • using providers with privacy commitments consistent with Australian standards;

  • implementing data minimisation practices to limit what is shared;

  • ensuring providers do not use your data to train their AI models; and

  • maintaining contractual data protection obligations with each Subprocessor.

 

By using the Services, you acknowledge and consent to this limited overseas processing as described above.

Data Hosting and Security

Data Location

​

3Lines stores all primary customer data on secure servers in Australia using AWS with Australian data centres. Your account details and uploaded documents are stored within Australia under Australian jurisdiction.

​

Security Measures

​

We implement the following security measures:

  • Encryption: industry-standard encryption for data in transit (HTTPS/TLS) and at rest;

  • Access controls: least-privilege principles ensuring staff access only data necessary for their role;

  • Infrastructure security: network controls, firewalls and cloud security configurations;

  • Security assessment: regular security reviews as part of our development and maintenance processes;

  • Monitoring: systems to detect and alert us to potential security events; and

  • Incident response: documented procedures to address security incidents promptly.

 

While no method of transmission or storage is 100% secure, we strive to use commercially reasonable best practices to protect your information. In the event of a notifiable data breach, we will act in accordance with Part A.

​

Data Retention

​

We retain personal information only as long as necessary for the purposes described in this Policy or as required by law. Specific retention periods are set out in Part A. You may request deletion of your personal information at any time as described in section Your Privacy Rights.

AI and Machine Learning Features

Overview

RegiReview uses current-generation large language models (LLMs) provided via Microsoft Azure OpenAI services to power AI-assisted compliance reviews. This section explains what data is sent to AI services and the safeguards in place.

RegiReview does not use your Account Owner Data to train, retrain or fine-tune any foundation AI model. Your uploaded documents are processed solely to generate the review output requested by you.

What Data Is Sent to AI Services

When you submit a review, the following data is sent to Azure OpenAI services for processing:

  • the text content of your uploaded document (or relevant portions thereof);

  • structured review prompts and compliance frameworks maintained by RegiReview; and

  • metadata necessary to generate and structure the review output.

 
This data is processed transiently. Azure OpenAI does not retain input data beyond the immediate processing need. Outputs are returned to our systems and stored in Australia.

Model Training

Microsoft's Azure OpenAI service operates under Microsoft's enterprise data processing commitments. Consistent with those commitments:

  • your data is not used by Microsoft or OpenAI to train or improve general AI models;

  • your data is not stored by Microsoft beyond the processing of the immediate request; and

  • Microsoft maintains strict access controls and encryption for all data in transit and at rest.

 
You can review Microsoft's Azure OpenAI data, privacy and security commitments at Microsoft's trust documentation portal.

Cross-Region Processing

AI inference requests are processed primarily in the Microsoft Azure Australia East region. Azure may route requests to other regions based on capacity availability. Where this occurs:

  • processing is transient — input data is not persisted outside Australia;

  • the routing is governed by Microsoft's Azure service terms and data residency commitments; and

  • the per-review in-app attestation explicitly discloses this possibility to you before credits are consumed.

 
Some licensee policies prohibit any offshore processing, even transient. You are responsible for assessing whether the Services are consistent with your licensee's AI, privacy and data security policies before using the platform.

AI Output Disclaimer

AI-generated review outputs are provided to assist qualified human reviewers. They should not be taken as legal, compliance or professional advice. AI models may produce inaccurate, incomplete or outdated content. All outputs must be independently reviewed by a suitably qualified professional. See Part A for the full AI disclaimer.

Cookies and Analytics

Cookies

​

We use cookies and similar technologies to support and improve your experience on the platform. Cookies may remember your login session and collect analytics data. They do not contain personal details about you.

We use the following types of cookies:

  • Essential cookies: necessary for the website to function and to keep you logged in;

  • Functional cookies: allow the website to remember your preferences;

  • Performance/Analytics cookies: collect information about how visitors use the website to improve functionality; and

  • Session cookies: temporary cookies that expire when you close your browser.

 

You can adjust your browser settings to refuse or delete cookies, but some features may not function properly if you do so.

​

Google Analytics

​

We use Google Analytics to collect standard internet log information and visitor behaviour data. Google Analytics uses cookies to collect information such as how often users visit our site and which pages they visit. This data is aggregated and does not include personally identifiable information.

Google Analytics data may be processed in the United States. Google is contractually bound to protect this data and not share it except as required by law.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. Analytics data is used solely to improve our site and services.

Your Privacy Rights

Access
 
You may request access to the personal information we hold about you at any time. We will respond to access requests within 30 days. In some cases, we may need to verify your identity before releasing information. There is generally no charge for access requests.
 
Correction
 
If you believe any personal information we hold is incorrect, incomplete or out of date, you have the right to request correction. We will take reasonable steps to correct inaccurate information upon request. If we are unable to make the correction you request, we will explain why and note your request alongside the existing information.
 
Deletion
 
You may request deletion of your personal information. We will honour deletion requests where possible, subject to any legal or regulatory requirement to retain information. See Part A for retention periods and data deletion processes.
 
Data Portability
 
While data portability is not currently a specific requirement under Australian privacy law, we recognise its importance. Upon request and where technically feasible, we will provide your personal information in a structured, commonly used format. To request a data export, contact us at comply@3lines.com.au.
 
How to Exercise Your Rights
 
To exercise any of these rights, or for questions about your personal information, contact our privacy officer at comply@3lines.com.au. We may request identity verification before fulfilling requests. We will respond within the timeframes required by the Privacy Act.

Complaints and the OAIC

If you have a complaint about how we have handled your personal information, please contact our privacy officer at comply@3lines.com.au. We take all privacy complaints seriously and will investigate and respond in writing.

If you are not satisfied with our response, you have the right to contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

Children's Privacy

Our Services are designed for use by businesses in the financial services industry. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected information from a person under 18, we will promptly delete it. Contact us at comply@3lines.com.au if you believe this has occurred.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time for operational, legal or regulatory reasons. Material changes will be notified to account holders by email at least 14 days before they take effect, consistent with Part A. The updated Policy will be posted on our website with a new version number and effective date.

By continuing to use the Services after updates are published, you accept the revised Policy. We will not reduce your rights under this Policy without your consent.

Contact Us

For all privacy enquiries, please contact:

 

Privacy Officer — 3Lines Holdings Pty Ltd

Email: comply@3lines.com.au

General enquiries: support@3lines.com.au

Website: www.3lines.com.au

bottom of page