Privacy Policy

Last updated: 18 April 2026. Effective: 18 April 2026.

Who we are

Graham Marsland Pty Ltd (ABN 97 691 274 905) (“we”, “us”, “our”) is an Australian company providing a document preparation service that helps consumers affected by the collapse of the Shield Master Fund and the First Guardian Master Fund prepare AFCA complaint documents to lodge themselves. Director: Graham Marsland. Registered office: Melbourne, Victoria, Australia.

We are an APP entity under the Privacy Act 1988 (Cth).

This Privacy Policy explains how we handle your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

What personal information we collect

We collect the personal information you provide directly to us through the intake form and subsequent correspondence:

Name, email address, Australian mobile phone number, date of birth (optional), retirement date (optional)
Details of your superannuation rollover: platform, fund, adviser firm, approximate rollover amount, approximate rollover date
Approximate annual salary or working or retirement status (used to calculate projected earnings impact)
Your description of how the matter has affected you (free-text fields used to support a non-financial loss claim)
Optional: transaction listing documents you upload, compensation details, AFCA case numbers, representation details
Records of email correspondence between you and us
Records of SMS one-time codes for phone verification (retained for 30 minutes only for that verification purpose)

We do not ask for your date of birth, tax file number, driver's licence, or bank details. Stripe handles any payment directly if you purchase the paid complaints bundle — we never see your card details.

Why we collect your personal information

We collect your personal information for the sole primary purpose of preparing an AFCA complaint document for you to review and lodge yourself. Specifically, we use it to:

Identify the correct respondent entity or entities (advice licensee, superannuation trustee, and any additional licensee) and the applicable AFCA lead decision
Calculate your approximate lost investment returns based on published prior-fund performance data
Draft your complaint text and outcome text using an AI model (Anthropic Claude) applying AFCA lead decisions to your facts
Email you the completed draft and follow up with you to provide ongoing support throughout the AFCA process
Verify your phone number by one-time SMS to reduce automated and fraudulent submissions
Deliver the paid complaints bundle and related complaints if you purchase it

How we use AI (APP 1.7 and APP 1.8 disclosure)

We arrange for Anthropic's Claude — a large language model developed by Anthropic — to use your personal information to draft the complaint document. The program uses your rollover details, your description of the matter, and your non-financial loss statements to produce a draft AFCA complaint that applies published AFCA lead determinations to your facts.

The computer program does not make the decision to lodge the complaint. You review the draft, you decide whether to lodge it, and you lodge it yourself at afca.org.au. If the draft is materially inaccurate you may edit it before lodging, or email us and we will revise and resend.

The personal information the program uses is limited to the fields you submit on the intake form and any follow-up information you send us. Your data is sent to Anthropic's API for the duration of each draft and is not used by Anthropic to train its models (zero data retention is enforced by our API configuration).

Who we share your personal information with

We share your personal information only with the following service providers who are bound by their own privacy obligations and process data strictly on our instructions:

Supabase— database hosting (Sydney, Australia — data stored in Australia)
Anthropic— AI model to draft the complaint (United States; zero-data-retention configured)
Resend— transactional email delivery (United States)
Twilio— one-time SMS verification codes (United States)
Stripe— payment processing (United States, for the paid complaints bundle only)
Vercel— web application hosting (United States)
AFCA and the firms you complain against— to the extent your complaint is lodged and processed by them. You control this step by lodging the document yourself. We do not lodge on your behalf and we are not named as your representative on your AFCA file.

We do not sell your personal information to anyone.

Cross-border disclosure (APP 8)

Some of our service providers are based overseas (primarily the United States). By using our service, you consent to the overseas disclosure of your personal information to those providers for the purposes set out above. We take reasonable steps to ensure these providers handle your personal information in a manner consistent with the APPs, including through contractual privacy obligations and, where available, configuration choices that keep data in Australia or restrict how providers may use the data.

If any provider handles personal information in a manner inconsistent with the APPs, we may still be liable to you under APP 8.1.

How long we keep your personal information (APP 11.2)

We retain your personal information for as long as is necessary to prepare and support your complaint, and for seven (7) years after your complaint is lodged, consistent with ASIC Regulatory Guide 104 record keeping guidance. You may request earlier deletion at any time (see below), subject to our right to retain records required by law.

Phone verification records are retained for 30 minutes only and then automatically expire.

Security (APP 11.1 and APP 11.3)

We use HTTPS for all web traffic. Personal information is stored in Supabase in the Sydney region with row-level security, with access restricted to the Director of Graham Marsland Pty Ltd. We apply technical and organisational measures proportionate to the risk profile, including access controls, encryption in transit, minimal data retention, and staff training. We cannot guarantee absolute security; however, we take reasonable steps to protect your information from misuse, interference, and unauthorised access.

Your rights (APPs 12, 13)

Under the Australian Privacy Principles you may:

Request access to the personal information we hold about you
Request correction of information that is inaccurate
Request deletion of your information, subject to any legal retention obligations
Withdraw your consent to further communications at any time

To exercise any of these rights, email privacy@grahammarsland.com or graham@grahammarsland.com. We will respond within 30 days.

Complaints

If you believe we have breached the Australian Privacy Principles, please contact us at privacy@grahammarsland.com. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be notified by email to active clients.