A
Aris Academy

Privacy Policy

Last updated: 17 January 2025

Aris Academy Pty Ltd (ABN: 42 694 683 694) ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

1.1 Information You Provide

We collect personal information that you voluntarily provide when you:

  • Create an account: Name, email address, password
  • Subscribe to our service: Payment information (processed securely by Stripe)
  • Use our service: Written responses, practice submissions, feedback requests
  • Contact us: Any information you include in correspondence
  • Register for programs: Information submitted for our Equity Access Program

1.2 Information About Children

Our Service is designed for students preparing for the NSW Selective High School Test, which typically includes children under 18. We take particular care with children's personal information:

  • We only collect information necessary to provide our educational services
  • We require parental or guardian consent for users under 18
  • Parents/guardians can request access to, correction of, or deletion of their child's information at any time
  • We do not knowingly collect personal information from children under 13 without verified parental consent

1.3 Information Collected Automatically

When you use our Service, we automatically collect:

  • Device information: Browser type, operating system, device type
  • Usage data: Pages visited, features used, session duration, practice completion rates
  • Log data: IP address, access times, referring URLs
  • Analytics data: Through PostHog analytics to understand service usage and improve our platform

1.4 Cookies and Similar Technologies

We use essential cookies to operate our Service and analytics cookies to understand usage patterns. You can control cookies through your browser settings, though some features may not function properly if you disable essential cookies.

2. How We Use Your Information

We use your personal information to:

  • Provide our Service: Deliver AI-powered writing feedback, track your progress, and provide personalised learning recommendations
  • Process payments: Manage subscriptions and process payments through our secure payment provider
  • Communicate with you: Send service updates, respond to enquiries, and provide customer support
  • Improve our Service: Analyse usage patterns, train and improve our AI models, and develop new features
  • Ensure security: Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations: Meet our legal and regulatory requirements

3. AI Processing and Your Data

Our Service uses artificial intelligence to analyse your written responses and provide feedback. In relation to AI processing:

  • Your written submissions are processed by our AI system to generate feedback
  • We may use anonymised and aggregated data from submissions to improve our AI models
  • Individual submissions are not shared with other users
  • You can request deletion of your submissions and associated AI-generated feedback at any time

In accordance with the Privacy and Other Legislation Amendment Act 2024, we will provide additional transparency about automated decision-making processes as these requirements come into effect.

4. Disclosure of Your Information

We may share your personal information with:

4.1 Service Providers

  • Supabase: Database and authentication services (data stored in Australia/Singapore)
  • Stripe: Payment processing (PCI-DSS compliant)
  • PostHog: Analytics and product insights
  • AI service providers: To process and analyse written submissions
  • Email service providers: To send transactional and service communications

4.2 Legal Requirements

We may disclose your information if required by law, court order, or to:

  • Comply with legal obligations
  • Protect our rights, privacy, safety or property
  • Respond to lawful requests from public authorities

4.3 Business Transfers

If Aris Academy is involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5. International Data Transfers

Some of our service providers are located overseas. When we transfer your personal information internationally, we take reasonable steps to ensure that the overseas recipient handles your information in accordance with the APPs. This includes:

  • Using service providers in jurisdictions with comparable privacy laws
  • Entering into contractual arrangements that require privacy protection
  • Ensuring appropriate security measures are in place

Countries where your data may be processed include the United States (for AI processing and some cloud services), Singapore (Supabase infrastructure), and the European Union.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication systems
  • Regular security assessments and updates
  • Access controls limiting data access to authorised personnel
  • Secure payment processing through PCI-DSS compliant providers

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as:

  • Your account is active
  • Necessary to provide you with our services
  • Required for legitimate business purposes (such as maintaining records for tax or legal compliance)
  • Required by law

After account deletion, we will delete or anonymise your personal information within 90 days, except where retention is required by law or for legitimate business purposes.

8. Your Rights

Under Australian privacy law, you have the right to:

8.1 Access Your Information

You can request access to the personal information we hold about you. We will provide access within a reasonable period (usually 30 days) unless an exception applies.

8.2 Correct Your Information

You can request correction of any personal information that is inaccurate, incomplete, out-of-date, or misleading. You can update most information directly through your account settings.

8.3 Request Deletion

You can request deletion of your personal information. We will comply unless we need to retain information for legal or legitimate business purposes. To request deletion, contact us at [email protected].

8.4 Withdraw Consent

Where we rely on your consent to process personal information, you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

8.5 Opt-Out of Marketing

You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or contacting us. We will process your request within 5 business days as required by the Spam Act 2003 (Cth).

9. Marketing Communications

In accordance with the Spam Act 2003 (Cth) and ACMA requirements:

  • We only send marketing communications with your express consent
  • All marketing emails clearly identify Aris Academy as the sender
  • Every marketing email contains a functional unsubscribe link
  • We honour unsubscribe requests within 5 business days
  • Transactional emails (account updates, password resets, payment confirmations) are not considered marketing and will continue regardless of marketing preferences

10. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending an email notification for significant changes

We encourage you to review this Privacy Policy periodically.

12. Complaints

If you believe we have breached the Australian Privacy Principles or have a complaint about our handling of your personal information:

  1. Contact us first: Email us at [email protected] with details of your complaint. We will respond within 30 days.
  2. Escalate if unsatisfied: If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
    • Website: www.oaic.gov.au
    • Phone: 1300 363 992
    • Post: GPO Box 5218, Sydney NSW 2001

13. Contact Us

For any questions about this Privacy Policy or our privacy practices, please contact us:

Summary of Key Points

  • What we collect: Account information, written submissions, usage data
  • Why we collect it: To provide AI-powered educational feedback and improve our service
  • Who we share with: Service providers who help us operate (payments, hosting, analytics)
  • Your rights: Access, correct, delete your data, and opt out of marketing
  • Children's privacy: We require parental consent for users under 18
  • Contact: [email protected]

We use analytics cookies to improve the learning experience. You can opt out anytime.

enzhko