Home About Us PBL Focus Pricing Support Contact Privacy Policy Terms of Use Log in →
Legal

Privacy Policy

Last updated: 24 March 2026

AchievoEDU PTY LTD ('AchievoEDU', 'we', 'us', 'our') is committed to protecting the privacy of all individuals who use our platform, including students, teachers, school administrators, and parents. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By accessing or using the AchievoEDU platform (available at achievoedu.com.au and via our iOS and Android mobile applications), you agree to the practices described in this policy.

1. Who We Are

AchievoEDU PTY LTD is an Australian educational technology company that provides a student engagement and wellbeing platform to schools. Our platform is used by students (including minors), parents, teachers, and school administrators.

For privacy-related questions, please contact our Privacy Officer at: privacy@achievoedu.com.au

2. What Information We Collect

2.1 Student Data

  • Full name and year level
  • School enrolment identifier (provided by the school)
  • Behaviour records, points, badges, and awards
  • Character competency progress and XP levels
  • Store purchase and redemption history
  • Attendance records (where integration is enabled)
  • Daily wellbeing check-in responses (where enabled by the school)
  • Device identifiers for push notifications (mobile app)

2.2 Teacher and Staff Data

  • Full name, email address, and staff identifier
  • School and class assignments
  • Platform activity logs (behaviours recorded, reports generated)
  • Login timestamps and session data

2.3 Parent and Guardian Data

  • Full name and email address
  • Relationship to student
  • Notification preferences

2.4 Administrator Data

  • Full name, email, and role
  • School configuration settings and audit logs

2.5 Technical Data

  • IP address and browser/device type
  • Usage analytics (pages visited, features used, session duration)
  • Error logs and crash reports

3. How We Use Personal Information

We use personal information solely for the following purposes:

  • Delivering the AchievoEDU platform services to schools and their users
  • Enabling schools to track, reward, and report on student behaviour and progress
  • Sending notifications to students, parents, and staff as configured by the school
  • Providing customer support and responding to queries
  • Improving platform performance, features, and security
  • Complying with legal obligations

We do not use student data for advertising, profiling for commercial purposes, or any purpose unrelated to the delivery of educational services.

4. Data Storage and Location

All AchievoEDU data is stored exclusively on Microsoft Azure infrastructure located in the Australia East (Sydney) region. We do not store or transfer student data outside of Australia without explicit written consent from the relevant school.

Data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. Database backups are performed daily and retained for 30 days. Microsoft Azure holds ISO 27001, SOC 2, and IRAP certifications relevant to Australian data sovereignty requirements.

Student wellbeing reflection text is stored encrypted and is never accessible by school administrators, parents, or AchievoEDU staff in identifiable form.

5. Who We Share Data With

AchievoEDU does not sell, rent, or trade personal information. We may share data only in the following limited circumstances:

  • The school that enrolled the user — schools have full access to their own students' data
  • Parents or guardians — limited to their own child's data, as configured by the school
  • Microsoft Azure — as our cloud infrastructure provider, subject to their Data Processing Agreement
  • EmailJS — contact form email delivery only (no student data is transmitted)
  • Authorised third-party integrations — only where explicitly enabled by the school administrator (e.g. Sentral, CASES21)
  • Law enforcement or regulatory bodies — where required by Australian law

All third-party processors are required to maintain confidentiality and comply with Australian privacy law.

6. Student Data — Special Protections

AchievoEDU recognises that student data requires heightened protection. We apply the following additional safeguards:

  • Student accounts may only be created by authorised school administrators — students cannot self-register
  • Student data is never shared with other schools or third parties for commercial purposes
  • Student data is deleted within 90 days of a school's subscription ending, unless a longer retention is required by law
  • Wellbeing check-in responses are visible only to designated pastoral care staff, not to other students
  • Parents may request a copy of their child's data at any time through their school administrator

7. Data Retention

We retain personal data only for as long as necessary to deliver our services or as required by law:

  • Active school accounts — data retained for the duration of the subscription plus 90 days
  • Closed school accounts — data deleted within 90 days of account closure
  • System logs — retained for 12 months for security and debugging purposes
  • Backup snapshots — retained for 30 days on a rolling basis

Schools may request early deletion of their data by contacting privacy@achievoedu.com.au. Schools may also export all data at any time from the admin portal.

8. Access, Correction, and Complaints

Under the Australian Privacy Principles, individuals have the right to:

  • Request access to personal information we hold about them
  • Request correction of inaccurate, incomplete, or outdated information
  • Request deletion of their data (subject to legal retention requirements)
  • Lodge a complaint about how we handle personal information

Students and parents should direct requests through their school administrator. Staff and administrators may contact us directly at privacy@achievoedu.com.au. We will respond to all requests within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

9. Cookies and Analytics

The AchievoEDU web platform uses session cookies for authentication purposes only. We do not use third-party advertising cookies. We use privacy-preserving analytics to understand platform usage in aggregate. No personally identifiable information is shared with analytics providers.

10. Security

We implement industry-standard security measures including:

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication available for administrator accounts
  • Role-based access control — users only see data relevant to their role
  • Regular security audits and penetration testing
  • Automated vulnerability scanning of dependencies
  • Incident response plan with 24-hour notification to affected schools in the event of a breach

11. Changes to This Policy

We may update this Privacy Policy from time to time. Schools will be notified of material changes by email at least 30 days before they take effect. The current version is always available at achievoedu.com.au/privacy.

12. Contact Us

For privacy-related enquiries, please contact:

Privacy Officer — AchievoEDU PTY LTD
Email: privacy@achievoedu.com.au
Web: achievoedu.com.au/privacy
Australia