1. What this tool is
AU Privacy is a specialist research assistant for Australian privacy compliance. It retrieves passages directly from a curated corpus of the Privacy Act 1988 (Cth), the Australian Privacy Principles, the Notifiable Data Breaches scheme, and OAIC guidance, and uses an AI language model to synthesise a cited answer — it does not search the open web or draw on general knowledge outside its indexed corpus.
It is designed for professionals: small-business owners, privacy and compliance officers, and the consultants and lawyers who advise them.
2. What this tool covers — and what it does not
This tool is built specifically for Australian privacy law. It covers the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Notifiable Data Breaches scheme, the 2024 reforms (statutory tort, automated-decision transparency), and the OAIC's APP Guidelines and data-breach guidance.
It expressly does not cover the following areas. If your question falls into one of these, the assistant will say so and point you to the right authority:
- Non-Australian privacy law — the EU GDPR, UK GDPR, or US state laws (e.g. CCPA). Consult that jurisdiction's regulator or a specialist adviser.
- State and territory privacy / health-records laws — e.g. NSW PPIP/HRIP, VIC PDP Act, or state health-records Acts. Contact the relevant state privacy commissioner.
- Spam and telemarketing — the Spam Act 2003 or Do Not Call Register Act 2006. Contact the ACMA.
- Consumer Data Right (CDR) — the CDR regime is administered separately. Contact the CDR.
- Legal advice on a specific dispute or a current OAIC complaint/investigation — consult a lawyer.
3. Not legal advice
This tool provides cited research assistance — it can identify obligations, flag risks, and explain what legislation requires in practice. It is not a substitute for formal legal advice or regulatory sign-off. For decisions with significant financial, legal, or regulatory consequences, always consult a qualified privacy lawyer or contact the OAIC or the relevant authority directly.
If a question falls outside the scope of Australian privacy law, the assistant will say so rather than speculate or provide a general answer.
4. The knowledge base
The assistant is indexed on the core Australian privacy corpus: the Privacy Act 1988 (Cth) (Compilation No. 103, incorporating the Privacy and Other Legislation Amendment Act 2024), the OAIC's Australian Privacy Principles Guidelines, and the OAIC's Data breach preparation and response guidance (the Notifiable Data Breaches scheme). The full list is always visible in the Knowledge Base panel on the right of the screen.
The knowledge base was last updated in May 2026. The Privacy Act content reflects Compilation No. 103, current to 10 June 2025. Very recent amendments may not yet be incorporated — always verify against the official source before acting on any answer.
Each answer shows a source pill below the response — for example, Privacy Act 1988 · Jun 2025. This shows which Act was cited and how current the indexed version is. Use these to identify the source and assess its currency before relying on it.
Where retrieved content is older than about eighteen months, answers may include a currency caveat advising you to verify whether amendments have been made since that date. This is a deliberate guardrail — the system flags age rather than silently asserting old content as current. Acts indexed more recently won't trigger it.
5. Asking questions
Type your question in plain English — no legal shorthand is required. The more context you provide, the more targeted the answer. Include the activity type (such as a data breach, a new privacy policy, or an overseas disclosure), your role (e.g. small business, APP entity), your annual turnover, and the kind of personal information involved.
You can ask follow-up questions — the assistant retains context from the conversation above and builds on previous answers. The Explore Further chips that appear after each response suggest related directions worth investigating, and clicking one will populate the question box without automatically submitting it.
You can download any answer as a PDF, Markdown file, or plain text file using the buttons that appear below each response. This is useful for maintaining project records, building audit trails, or sharing findings with colleagues.
6. Expert Interpretation
After any standard answer, an Expert interpretation ↓ button appears below the response. Clicking it produces a deeper, practitioner-style read of the law as it applies to your specific situation — covering what the obligations mean in practice, what a regulator is likely to look for during assessment, and where the key risks and grey areas lie.
The expert view uses exactly the same retrieved sources as the original answer — no additional search is performed. It is generated by a more capable model (Claude Sonnet), which means it may take a few extra seconds to appear. Only one expert view can be requested per answer.
7. Analysing documents
When you open the tool, you have two starting points. You can type a question directly — in which case the assistant searches the indexed legislation and returns a cited answer. Or you can attach a document (a privacy policy, data-breach response plan, collection notice, or similar), which opens a second set of options tailored to that document.
Use the paperclip icon on the landing screen, or the + button in the chat area, to attach a file. Supported formats are PDF, Word (.docx), HTML, and plain text. Only the text content is read — images, charts, and diagrams are not processed.
When a document is attached, a Quick Read runs automatically. This classifies the document type, generates a short summary, and produces a set of suggested questions relevant to what the document contains. You then have three options:
1. Ask your own question — type anything in the question box. The assistant will answer using both the document and the legislation together — so you can ask "does this privacy policy meet APP 1?" and get a response grounded in both.
2. Use a suggested question — click any of the chips generated by the Quick Read to populate the question box, then send.
3. Run an analysis tool — the panel shows the available structured analysis types. Gap Analysis is the first of these; more types are in development and will appear here as they become available.
Gap Analysis reviews your document against the Australian Privacy Principles across the key compliance categories — APP 1 privacy-policy contents, collection and notification (APP 3 and 5), use and disclosure (APP 6), direct marketing (APP 7), cross-border disclosure (APP 8), data quality (APP 10), security (APP 11), access and correction (APP 12 and 13), and data-breach (NDB) readiness. The result is a structured table showing each category as PRESENT, PARTIAL, or ABSENT, followed by a narrative summary of key risks and recommended next steps. For questions and analysis, documents are read up to a substantial word limit; longer documents are read from the beginning, so lead with the most critical content.
Note on running Gap Analysis with a question typed. Gap Analysis reads the uploaded document only — your typed question won't be included. If you've typed a question in the box and click the Gap Analysis button, the tool will confirm this before proceeding. Send the question as a normal query afterwards if you also want a focused answer on top of the analysis.
Some processes — particularly structured analysis tools — can take a minute or two to complete. A progress indicator will show while the system is working. Please be patient and do not close or reload the page. Gap Analysis identifies structural coverage only — it does not assess the depth or quality of what is written, and it does not constitute a compliance certification. Findings should always be verified with the OAIC or a qualified privacy adviser before acting.
Once a document is attached, it remains active for the rest of your session. All follow-up questions will be answered in the context of that document. A banner at the bottom of the screen confirms which document is active, and you can remove it at any time using the ✕ remove button.
8. Saved threads and saved analyses
If you're signed in, you can save conversations and analyses to your account so you can come back to them later. Two distinct types of saved content live in the left sidebar:
Threads are chat conversations. After getting an answer, click the Save thread button next to the download row to save the whole conversation. The button changes to Saved ✓ and a new row appears in the THREADS sidebar section — auto-titled with the date and time you saved it (you can rename). Subsequent follow-up questions on that thread auto-append. The assistant retains context from the previous answers in the thread, so you can pick up where you left off days later.
Click the ⋮ icon on any saved thread to rename, branch (duplicate as a new conversation to take it in a different direction), or delete. Click the thread title to reopen it in the main pane.
Saved analyses are auto-saved when you run a Gap Analysis or Quick Wash on a signed-in account — no button needed. They appear in the SAVED ANALYSES sidebar section. Click a row to reload the structured result. The source document you uploaded is not stored — only the analysis output.
If a thread is older than 60 days when you reload it, a small banner notes that source documents and legal positions may have changed since the conversation was saved. The original answers remain intact for the record — ask a fresh question if you want an up-to-date take.
9. What free vs paid gets you
See the Pricing modal in the left sidebar for the full breakdown — questions, gap analyses, saved threads and analyses per tier. Pricing shown is for Public Beta; go-live pricing will be confirmed before public launch.
10. Glossary & Acronyms
The Glossary & Acronyms button in the left sidebar opens a searchable reference of the terminology used across Australian privacy law. It covers statutory acronyms (APP, NDB, OAIC, PID), agency names (the OAIC), document and concept terms (personal information, sensitive information, APP entity, eligible data breach, collection notice), and the 2024 reform concepts (the statutory tort, automated-decision transparency). Each entry shows the full name, jurisdiction, and a short note on what it is.
Use the search bar at the top of the modal to filter by acronym or by any word in the full name or notes. The glossary is also used internally to disambiguate jurisdictional questions — for example, recognising, for example, that "personal information" under the Privacy Act is broader than the US notion of "PII".
11. Your account and signing in
The left sidebar has an Account section anchored at the bottom. When you're signed out it shows a single Sign in button; when you're signed in it shows your display name with your email address as a subtitle. Click the item at any time to open the account pop-up.
Accounts are free and take about twenty seconds to create. We never ask for a credit card during sign-up.
Checking which email you're signed in with. Look at the Account section of the sidebar — the email appears as the subtitle under your display name. For more detail (current plan, sign out, reset password) click to open the pop-up.
Resetting your password while signed in. Open the Account pop-up and click Reset password. We'll email a single-use, time-limited reset link to the address on your account. Check your inbox and your spam folder.
Forgotten your password and can't sign in? On the sign-in pop-up, click Forgot password? Enter your email address and we'll send the same kind of reset link.
Deleting your saved data. Open the Account pop-up and click Delete all my saved data. This permanently removes every saved thread and saved analysis from your account, and scrubs matching entries from our audit log. Your account itself is not deleted — only the data you've saved. To delete your account entirely, email hello@helpp.site.
Signing out. Open the Account pop-up → Sign out. Useful on a shared computer.