Skip to main content
Back to home

Privacy Policy

Version 2.1. Effective 1 May 2026.

1. Introduction

AfterService.ai ("we", "us", "our") is committed to protecting your privacy and being transparent about how we handle your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform.

We are bound by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy forms part of the agreement between you and us when you use AfterService. You should read it alongside our Terms and Conditions.

2. Who We Are

AfterService is operated by AfterService Pty Ltd (ABN 21 687 135 048), trading as AfterService.ai. AfterService Pty Ltd is an Australian-owned company that uses artificial intelligence to help Australian Defence Force veterans, serving members, and their families navigate Department of Veterans' Affairs (DVA) entitlements, claims, appeals, and support services.

We are not affiliated with, endorsed by, or operated on behalf of the Department of Veterans' Affairs or any other Australian Government agency.

3. Information We Collect

We collect the following categories of information.

3.1 Information you provide directly

  • Account identifiers: email address and password.
  • Identity and contact information: name, date of birth, phone, postal address, emergency contact.
  • Service record: branch, rank, dates of service, postings, deployments, decorations, discharge type.
  • Health information: medical conditions, symptoms, disabilities, DVA claim statuses (sensitive information under the Privacy Act).
  • Entitlement information: DVA card type, service numbers, compensation details.
  • Content you provide to the AI Advocate: chat messages, questions, uploaded documents, generated appeal narratives, and bio text.
  • Consent records: whether you have accepted each version of this Privacy Policy, our Terms and Conditions, and the AI data-use addendum. Each consent record includes a timestamp, the exact version of the document you accepted, and a cryptographic hash of the text shown at acceptance.

3.2 Information we collect automatically

  • Usage data: pages viewed, features used, time spent, referring pages.
  • Technical data: IP address, browser type, device identifiers, session duration.
  • Diagnostic data: error reports, performance metrics.

3.3 Information from third parties

Documents you authorise an organisation (such as an Ex-Service Organisation or healthcare provider) to share with us via the Connect consent framework (see Section 6).

3.4 Sensitive information consent (APP 3.3)

Conversations with the AI Advocate may include "sensitive information" as defined in section 6 of the Privacy Act 1988 (Cth), including health information (including mental-health information), information about your military service, and information about your family. By creating an account and submitting conversation content, you consent to our collection, storage, and processing of any sensitive information you choose to provide, for the purpose of providing the platform. You can withdraw this consent under Section 10. We do not collect sensitive information by any means other than your voluntary submission.

4. How We Use Your Information, Including AI

We use your information to:

4.1 Operate the platform

Provide the AI Advocate, maintain your profile, process claims and entitlements assistance, deliver transition support, and facilitate community features.

4.2 Personalise your experience

Tailor guidance to your service history, conditions, and stated goals.

4.3 Improve the service

Analyse aggregate usage patterns to improve usability, accuracy, and performance.

4.4 Artificial-intelligence training and improvement (IMPORTANT)

We use the content you share with AfterService, including chat messages with the AI Advocate, uploaded documents, and generated narratives, to improve the quality, accuracy, and safety of our own AI models. Specifically:

  • (a) We may use your de-identified, aggregated content for model fine-tuning and evaluation. We apply industry best-practice de-identification techniques. Re-identification is, however, not impossible. We treat de-identified content with care and do not re-identify it unless lawfully required.
  • (b) We may use your content in its original form for limited quality-assurance review by:
    • (i) AfterService employees bound by confidentiality; or
    • (ii) sub-processors listed in our published Sub-processor List, bound by contractual confidentiality and data-protection obligations consistent with the APPs. We do not give unnamed or unpublished contractors access to your content.
  • (c) We do not sell your content to third parties.
  • (d) We do not send your content to third-party AI providers for their own model training. The foundation models we use (currently Anthropic Claude via Amazon Bedrock, hosted in AWS ap-southeast-2 Sydney) do not retain or train on customer inputs, based on Anthropic's published Bedrock service terms in force from time to time.
  • (e) You can withdraw your consent to AI training at any time (see Section 10). Withdrawal means we stop using your new content for training going forward; it does not retroactively remove your content from already-trained model parameters, which is technically infeasible.

4.5 Communicate with you

About your account, security, service changes, and (with separate opt-in) platform news. You may opt out of marketing communications at any time (APP 7).

4.6 Comply with legal obligations

Including retention of consent records for Privacy Act audit purposes.

4.7 Safety and crisis support

If content you share indicates an imminent risk to life, we may surface crisis resources and, in extreme cases, contact emergency services on your behalf under section 16A(1)(c) of the Privacy Act (serious threat to life, health, or safety). We do not routinely disclose your identity to Open Arms, Lifeline, or other support services without your consent.

5. Data Storage, Inference, and Cross-Border Disclosure

5.1 Australian data sovereignty

All personal information is stored exclusively in Amazon Web Services data centres located in Sydney, Australia (ap-southeast-2). We do not transfer your stored data overseas without your explicit consent.

5.2 AI model location

All AI inference is performed on models hosted in AWS Sydney through the Amazon Bedrock Australia-only inference profile. Prompts and responses do not leave Australian AWS infrastructure during processing.

5.3 Cross-border disclosure (APP 8)

Although your data is stored and processed in Australia, certain of our service providers are incorporated outside Australia:

  • Amazon Web Services Inc. (incorporated in the United States), through which AWS Australia provides hosting in Sydney; and
  • Anthropic PBC (incorporated in the United States), with whom we contract for foundation-model service through AWS Bedrock, delivered within Sydney infrastructure.

By using the Platform, and in particular AI features, you consent under APP 8 to the limited disclosure of your personal information to these US-incorporated entities for the purposes of providing the service. We rely on the contractual safeguards these providers commit to (including AWS data-residency commitments and Anthropic Bedrock service terms) as the "reasonable steps" required by APP 8.1.

5.4 Encryption

Your data is encrypted in transit (TLS 1.2+) and at rest (AWS KMS-managed AES-256).

5.5 Access controls

Access to your data is restricted to authorised personnel on a need-to-know basis. All access is logged.

5.6 Retention

  • (a) Account information and profile: retained for the duration of your account, plus up to 30 days after account closure for clean-up, then destroyed or de-identified (APP 11.2).
  • (b) Conversation transcripts and AI artefacts: retained for 12 months from conversation date unless you delete them earlier through your account, or unless retention is required for safety, legal, or regulatory reasons.
  • (c) Consent records: retained for six years (the civil limitation period under the Limitation Act in most Australian states), plus a reasonable audit buffer (Section 7.4), and subject to any longer statutory retention obligation.
  • (d) Diagnostic and security logs: retained for up to 24 months for security investigation, then aggregated or destroyed.

6. Sharing Your Information

6.1 We do not sell, trade, or rent your personal information to any third party for their marketing or commercial use.

6.2 We do not share your information with the Department of Veterans' Affairs, the Australian Defence Force, your employer, or any ex-service organisation without your explicit, case-specific consent, except where disclosure is permitted under Section 4.7 or required by law.

6.3 Trusted service providers. We share data with sub-processors who support our operation, listed in our published Sub-processor List. These providers may only use your data to provide their service to us, under strict confidentiality and data-protection agreements.

6.4 Organisation access via Connect. If you choose to connect an Ex-Service Organisation, advocate, or healthcare provider to your AfterService account, you grant that organisation a revocable permission to view parts of your data. You control:

  • which organisation receives access; and
  • revocation at any time via your Organisations page.

Organisations are contractually bound to use your data only for the purpose for which they requested access, under the Connect Organisation Terms and Data Handling Agreement. We log every grant and revocation.

6.5 Legal compliance. We may disclose your information where required by Australian law (for example, in response to a lawful subpoena).

6.6 Crisis escalation. In cases of imminent risk to life, we may disclose minimum-necessary information to emergency services or crisis support organisations under section 16A(1)(c) of the Privacy Act.

7. Consent Versioning and Re-Acceptance

7.1 You accepted this Privacy Policy when you created your account or on a subsequent material update. Your acceptance is recorded with:

  • a timestamp;
  • the version number of the policy you accepted;
  • a cryptographic hash of the exact text shown to you.

7.2 Material updates. If we materially change how we use your data (for example, a new AI training practice, a new category of data collected, a change in sub-processor, or a change in data location), we will prompt you to review and re-accept the updated policy at your next login.

7.3 Non-material updates. We may make minor editorial corrections (typography, link fixes, clarifications) without requiring re-acceptance.

7.4 Historical consent. We retain your consent records for six years, plus a reasonable audit buffer, and subject to any statutory retention obligation. Consent records are retained separately from your personal profile and are not affected by account deletion except at the end of this retention period.

8. Your Rights Under the Privacy Act

Under the Australian Privacy Act 1988, you have the right to:

8.1 Access. Request a copy of the personal information we hold about you, including your consent history.

8.2 Correct. Request correction of information you believe is inaccurate.

8.3 Erase. Request deletion of your account and associated data, subject to any legal retention obligations.

8.4 Withdraw consent. Withdraw consent to any specific data-use activity, including AI training (see Section 10).

8.5 Anonymity (APP 2). Where lawful and practicable, you may interact with the Platform anonymously or pseudonymously, but doing so will limit functionality (e.g. you cannot use the AI Advocate without identifying information).

8.6 Complain. Lodge a complaint if you believe we have breached the Australian Privacy Principles. You can complain to us at privacy@afterservice.ai. You may also complain at any time to the Office of the Australian Information Commissioner (www.oaic.gov.au or 1300 363 992).

9. Notifiable Data Breaches

If we suffer an "eligible data breach" as defined in Part IIIC of the Privacy Act 1988 (Cth), we will:

  • 9.1 assess the breach as soon as practicable;
  • 9.2 notify affected individuals and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme; and
  • 9.3 co-operate with regulatory authorities and our sub-processors as needed to remediate the breach and prevent recurrence.

10. Withdrawing Consent to AI

You can withdraw consent to AI data-use at any time from your Account Settings page ("Data and AI").

If you withdraw AI consent, the following features will stop working until you re-consent:

  • AI Advocate chat
  • AI-generated appeal letter drafts
  • AI "Expand with AI" for your bio
  • AI-assisted claims narrative generation
  • AI-assisted entitlements guidance
  • AI extraction from uploaded documents

The following features continue to work without AI consent:

  • Document Vault (upload, store, download)
  • Claims list and manual status tracking
  • Entitlements wizard (rule-based)
  • Transition timeline
  • Profile CRUD
  • Community events
  • Crisis resources
  • Find Support directory
  • Organisations (Connect)

Withdrawal is prospective. It stops new uses of your data for AI training, but we cannot remove your historical contributions from already-trained model parameters.

AI-generated outputs you previously created and saved (e.g. in Document Vault) remain yours; we do not purge them on AI consent withdrawal.

11. Children and Vulnerable Users

The platform is intended for adults (18+). If you believe a minor has created an account, please contact privacy@afterservice.ai so we can investigate.

If you have appointed a substitute decision-maker (e.g. enduring power of attorney, guardianship order), they may exercise your rights under this policy on production of valid authority. Contact privacy@afterservice.ai to register.

We recognise that veterans and their families may be experiencing stress, trauma, or mental-health challenges. We design the platform to comply with the Mindframe Australia safe-messaging guidelines and to surface crisis resources prominently.

12. Changes to This Policy

We review this policy periodically. Material changes will trigger a re-acceptance prompt at your next login.

13. Contact Us

Privacy Officer: privacy@afterservice.ai
General enquiries: hello@afterservice.ai
Security: security@afterservice.ai

AfterService Pty Ltd (ABN 21 687 135 048)
73 Lilburne Rd, Duncraig WA 6023

If you are in crisis or need immediate support: