This Cybersecurity Policy applies to all information and systems managed by Click Legal Pty Ltd (referred to as "we", "us", "our", or “our practice”) to ensure the protection of our digital environment. We are committed to safeguarding data and ensuring the integrity and confidentiality of our operations in accordance with applicable laws and industry standards.
(a) This Cybersecurity Policy provides the basis of cybersecurity management within our practice.
(b) Effective protection of business information creates a competitive advantage, both in the ability to preserve the reputation of our practice and in reducing the risk of the occurrence of negative events and incidents.
(c) This Policy aims to balance the following priorities:
(i) Meeting the Australian legislative requirements applies to our practice.
(ii) Keeping data and documents confidential as required by our practice, law cover and our clients.
(iii)Ensuring the integrity of our data and IT systems.
(iv) Upholding our practice reputation as a trusted firm.
(v) Maintaining storage and back-up systems that meet the needs of our practice, law cover, our employees, clients, contractors and anyone else who may have any type of access to our systems, software, hardware, data and/or documents (collectively referred to as a “Participant”).
(a) This policy applies to all Clints and Participants who interact with Click Legal’s systems, software, hardware, data and/or documents.
(b) All Participants are responsible for safeguarding the information and systems they use. Any doubts or concerns about cybersecurity should be promptly addressed with caution, and Participants must report potential risks to the Cybersecurity Officer at hello@clicklegal.com.au.
(a) Access to our systems is strictly controlled based on the principle of least privilege.
(b) Managers should authorise access only on a need-to-know basis.
(c) API keys and credentials for platforms and services are securely stored and restricted to authorised systems.
(d) Participants must follow proper authentication protocols when accessing our systems.
(i) Our website backend gateway is (Medusa), manages all e-commerce operations, including products, payments, orders, and customer data.
(ii) Medusa is hosted securely on (Railway), with robust access control measures in place.
(i) Customer Information is stored in a PostgreSQL database on Vercel. And our website Images and legal documents are stored securely in Supabase file storage.
(ii) All payments are processed through Stripe, ensuring that no card details are stored by us.
(iii) Emails are sent securely using SendGrid for notifications such as order confirmations.
(i) Customer actions (e.g., browsing, purchasing) on the Storefront are communicated to the Medusa backend.
(ii) Sensitive data is processed and stored by Vercel (database), Supabase (file storage), and Stripe (payments).
(iii) Multi-layered authentication protects all platforms and services.
(a) To prevent unauthorised access, the following best practices are enforced:
(i) Passwords must be uniquely generated and immediately changed upon first use.
(ii) Use at least 8 characters, including uppercase letters, lowercase letters, numbers, and symbols.
(iii) Multifactor authentication (MFA) tools are mandatory for critical systems.
(iv) Regular updates and changes to passwords are required.
Emails can contain malicious content and malware. To reduce harm, Participants should employ the following strategies:
(i) Avoid opening attachments or clicking links from unknown senders.
(ii) Verify the authenticity of email requests, especially those involving financial payments or login credentials.
(iii) Report suspicious emails to the Cybersecurity Officer immediately at hello@clicklegal.com.au
(iv) Block Junk, spam and scam emails.
(v) If an email request financial payment, confirmation of password, or prompts to login to our system, extreme care should be taken to ensure that it is genuine, such as by calling the sender.
Personal devices such as mobile phones, tables or laptops can put our data at risk. And must be authenticated prior to accessing the data for work and must follow these practices:
(a) Keep devices secure and password protected.
(b) Use two factor authentication.
(c) Use only secure networks for logging in.
(d) Regularly update security software and install updates.
(e) Segregate unauthorised IT devices from our systems.
Your personal information will not be disclosed to recipients outside Australia unless expressly requested by you. If you request such a transfer, the overseas recipient will not be required to comply with the Australian Privacy Principles, and we will not be liable for any mishandling of your information.
(i) Share personal information only over authorised networks.
(ii) Destroy sensitive data when it is no longer needed in compliance with legal requirements.
(i) All cybersecurity policies apply when working remotely.
(ii) Participants must ensure their devices are secure and their networks are trusted.
Participants must immediately report any cybersecurity breaches or suspicious activity to the Cybersecurity Officer.
(i) All new Participants will receive cybersecurity training during onboarding.
(ii) Regular updates and refresher training sessions are mandatory.
This policy will be reviewed periodically to address new cybersecurity challenges and technologies. Updates will be communicated promptly.
Breaches of this policy will result in disciplinary measures, ranging from warnings to termination of employment or services, depending on the severity of the breach.
If you have any questions regarding this policy or need to report a cybersecurity concern, please contact the Cybersecurity Officer at hello@clicklegal.com.au.
