LifeReady Privacy Policy
Privacy Policy
Last updated April 2026
This is the Privacy Policy of LifeReady Pty Ltd including a copy of the collection information required by Australian Privacy Principle 5.
1 Encrypted information
Our Privacy Policy explains how we collect, hold, use and disclose personal information.
The heart of our service is KeyCrypt™ encryption, which takes place on your computer. This encrypted information is only a meaningless string of characters. Under the way the service is currently designed, our systems do not hold the keys required to decrypt it. It is not ‘personal information’ within the meaning of the Privacy Act in our hands.
2 Personal information that we collect and hold
(a) Under the Privacy Act, ‘personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(i) whether the information or opinion is true or not; and
(ii) whether the information or opinion is recorded in a material form or not.
(b) We collect and hold:
Basic information
This includes some or all of the following: your name, email address, gender, real world address, date of birth, payment metadata (we do not store full card numbers; these are handled by our payment processor), device and connection information (such as IP address, browser type and access times), account creation details, (if applicable) account deletion details, and particulars of Trusted Parties (persons you nominate) associated with your account.
Other information
System access information e.g. access logs and cookie data, plan type selected.
3 How we collect and hold personal information
(a) We normally collect personal information over the internet e.g. when you complete an application form or notify us of a Trusted Party.
(b) We hold personal information in a computer system that uses industry-leading administrative, physical and technical protections to safeguard its security, privacy, confidentiality and integrity, including encryption in transit and at rest for plaintext personal information, multi-factor authentication for administrative access, role-based access controls, and routine review of access logs.
4 Security, data breaches and retention
We keep plaintext personal information for the life of your account and for a reasonable period afterwards (typically up to 24 months) to meet billing, support, audit and legal-retention obligations. After that period we destroy or de-identify it. We keep encrypted vault contents for the life of your account; on account closure we destroy the associated key material, which renders any remaining ciphertext permanently unreadable. Backup-rotation periods of up to 90 days apply.
If we have reasonable grounds to believe an eligible data breach has occurred in relation to personal information we hold in plaintext (for example, your name, email address and other Basic Information), we will notify you and the Office of the Australian Information Commissioner in accordance with Part IIIC of the Privacy Act 1988 (Cth) (the Notifiable Data Breaches scheme). Because we do not hold the keys required to decrypt your vault contents, the unauthorised acquisition of ciphertext alone is unlikely to be an eligible data breach within the meaning of Part IIIC.
5 Why we handle personal information
- to operate our services;
- to operate, provide and improve our website, the services and our business;
- to enable you to grant secure access to your private information;
- to contact you e.g. to send you information about the services;
- to record your instructions e.g. certain email unsubscribes;
- to create de-identified data;
- to assist ‘Partner Providers’ e.g. your financial advisor, an employer or a benefits administrator;
- to follow your instructions e.g. make information available to a person following your death;
- to deal with an acquirer or potential acquirer of our business or company;
- to comply with law;
- to send you marketing communications about the services (you may opt out at any time, including by following the unsubscribe instructions in any marketing email);
- to investigate any suspected or alleged misuse or abuse of our services.
6 Direct marketing
We may use your email address to send you information about the LifeReady service, including new features, security advisories and product updates. We do not sell or rent your details to third-party marketers. Every marketing email contains an unsubscribe link, and you can opt out at any time by emailing privacy@lifeready.io. Some emails are necessary to operate your account (for example, password change confirmations, billing notices, and changes to this Privacy Policy) and you cannot unsubscribe from those while your account is active.
7 Other privacy matters
Anonymity and pseudonymity. Where it is lawful and practicable, you may interact with us anonymously or under a pseudonym. Creating a LifeReady account is not one of those circumstances: we need to know who you are in order to authenticate you and your Trusted Parties.
Unsolicited information. If we receive personal information we did not ask for and could not have collected under this policy, we will destroy or de-identify it as soon as practicable, unless we are required by law to retain it.
Government identifiers. We do not adopt, use or disclose any government identifier (such as a Tax File Number, Medicare number or driver licence number) as our own identifier for you. If you store such an identifier in your encrypted vault, we cannot read it.
Accuracy. We take reasonable steps to keep the personal information we hold accurate, up to date and complete. You can help by updating your account details whenever they change.
Sensitive information. Your encrypted vault may contain ‘sensitive information’ within the meaning of section 6 of the Privacy Act (such as health information, or information about your membership of a professional or trade association). We cannot read your vault. We do not use any information stored in your vault for any purpose beyond storing it and making it available to you and the Trusted Parties you nominate.
8 Accessing and correcting your personal information
(a) You may access personal information we hold about you and seek its correction.
(b) Email privacy@lifeready.io to request access. We may require identity validation. We will respond within a reasonable time (typically within 30 days) and will provide access free of charge. If we refuse access in whole or in part — for example, on a ground listed in APP 12.3 — we will explain why in writing and tell you how to complain.
(c) Email the same address to seek correction of information. We will correct it if that is warranted. If we decline to correct, we will note your view in our records on request, and tell you why we declined.
9 Complaints
(a) This applies if you have a complaint that we have breached the Australian Privacy Principles.
(b) You may complain to us in writing to privacy@lifeready.io. If possible, you should specify the item(s) of personal information your complaint relates to and the act(s) or omission(s) which constitute the breach, and the Australian Privacy Principle(s) which apply.
(c) Our Privacy Officer will acknowledge your complaint within 7 days and issue you a written decision within 30 days, unless we tell you we need additional time and explain why.
(d) If you are not satisfied with our response, you may escalate the matter to the Office of the Australian Information Commissioner – see www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us. (You can do this at any time, including before complaining to us; the OAIC will usually expect you to have given us 30 days to respond first.)
10 Overseas disclosures
If you nominate a Trusted Party (person you nominate) who is overseas, we shall give them the same information as we would give an Australian-resident Trusted Party.
Attachment 1 – Collection Statement
1 About this Collection Statement
This is a Collection Statement for the purposes of Australian Privacy Principle 5.
2 Information collector
The collector is LifeReady Pty Ltd (ABN 33 696 736 928 of 80/485-489 St Kilda Rd,
Melbourne VIC 3004). Email is privacy@lifeready.io
3 Third party collections
As well as from you, we may collect personal information about you from your Partner Providers e.g. your financial advisor, an employer or a benefits administrator.
4 Purposes of collection
The purposes we collect personal information are:
- to operate our services;
- to operate, provide and improve our website, the services and our business;
- to enable you to grant secure access to your private information;
- to contact you e.g. to send you information about the services;
- to record your instructions e.g. certain email unsubscribes;
- to create de-identified data;
- to assist ‘Partner Providers’ e.g. your financial advisor, an employer or a benefits administrator;
- to follow your instructions e.g. make information available to a person following your death;
- to deal with an acquirer or potential acquirer of our business or company;
- to comply with law;
- to investigate any suspected or alleged misuse or abuse of our services.
5 Consequences of non-collection
If we cannot collect some of the personal information we seek, we may be unable to provide our services.
6 Third party disclosures
We will give access as authorised by you to Partner Providers.
7 Privacy Policy
Our Privacy Policy contains information about how you may access the personal information that we hold and seek its correction.
8 Complaints
Our Privacy Policy contains information about how you may complain about a breach of the Australian Privacy Principles, and how we will deal with it.
9 Overseas disclosures
If you nominate a Trusted Party who is overseas, we shall give them the same information as we would give an Australian-resident Trusted Party.