Our core privacy commitments
- ✓We never sell your personal information or your child's data.
- ✓We never use children's data for advertising.
- ✓We collect only what is strictly necessary to deliver the service.
- ✓Parents retain full control — access, correct, or delete data at any time.
- ✓We comply with the Australian Privacy Act 1988 and all thirteen APPs.
1. About This Policy
FocusEdu Pty Ltd ("FocusEdu", "we", "us", "our") operates FocusEdu.com.au, a personalised OC and Selective exam preparation platform for children in Years 3–6 in New South Wales, Australia.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and how you can exercise your rights. It applies to all users including parents, guardians, and students.
We comply with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs) that form Schedule 1 to that Act.
2. Information We Collect
We collect only the minimum information necessary to deliver our service.
- •Account information: parent or guardian full name and email address; linked student display name and year level.
- •Learning performance data: diagnostic test results, practice session answers, question response times, skill mastery levels, and progress over time.
- •Billing information: handled entirely by Stripe. FocusEdu does not store credit card numbers or full payment details.
- •Usage data: page visits and feature interactions collected in aggregate to improve the platform.
- •Technical data: IP address, browser type, and device information collected automatically for security and fraud prevention.
We do not collect government identifiers, health information, racial or ethnic origin, or any other sensitive personal information as defined by the Privacy Act.
3. Children's Privacy
FocusEdu is designed for children aged 8–12. We treat all children's learning data as high-sensitivity personal information and apply the following strict protections:
- •A student account may only be created and managed by a parent or legal guardian who provides explicit consent before the account is activated.
- •We collect the minimum data necessary for a child to use the platform — a display name and year level only.
- •We do not display public rankings, league tables, or any information that identifies individual children to other users.
- •We do not sell, rent, share, or disclose children's data to third-party advertisers or data brokers under any circumstances.
- •We do not serve advertisements to children or use their data for advertising profiling.
- •Children's learning data is never used to make automated decisions with significant effects without human review.
4. Why We Collect This Information
We collect and use personal information only for the following purposes:
- •To create and manage your account and your linked student's profile.
- •To generate diagnostic reports, adaptive practice sessions, and skill mastery tracking.
- •To produce parent reports and recommend the next learning priority.
- •To process subscription payments securely via Stripe.
- •To send transactional emails (e.g., email verification, practice reminders, billing receipts).
- •To improve the accuracy and effectiveness of our assessment algorithms.
- •To detect and prevent fraud, abuse, and security incidents.
- •To comply with our legal obligations under Australian law.
We do not use your information for any purpose incompatible with the above without your explicit consent.
5. Legal Basis for Processing
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, we rely on the following grounds to collect and use personal information:
- •Contract performance: processing necessary to provide the service you have subscribed to.
- •Legitimate interests: fraud prevention, platform security, and service improvement — balanced against your right to privacy.
- •Legal obligation: compliance with Australian law including tax, financial, and child safety requirements.
- •Consent: where we request optional information or send optional communications.
6. How We Use AI and Automated Processing
FocusEdu uses automated systems to personalise your student's learning experience:
- •Diagnostic scoring: automated algorithms analyse test responses to identify skill gaps.
- •Practice session generation: the recommendation engine selects questions based on each student's mastery profile.
- •Report drafting: AI-assisted tools may draft report summaries. All published educational content is reviewed for accuracy before delivery.
Automated outputs are not used to make decisions with legal or similarly significant effects on any user. You may contact us to request human review of any automated output.
7. Data Storage and Security
We implement industry-standard technical and organisational measures to protect your data:
- •Infrastructure: data is stored on Cloudflare's global infrastructure. Where available, we select storage locations within Australia or the Asia-Pacific region.
- •Encryption: all data is transmitted over TLS-encrypted HTTPS connections. Data at rest is encrypted.
- •Access controls: parents can only view their own linked student's data. Students can only access their own practice history. Admins access only what is necessary for platform operations.
- •Authentication: passwords are stored using PBKDF2 hashing. We support email verification for new accounts.
- •Monitoring: we monitor for unusual access patterns and security anomalies.
- •Vendor security: we select third-party vendors with recognised security standards (Stripe is PCI-DSS compliant; Cloudflare holds SOC 2 Type II).
Despite these measures, no internet transmission or storage system is completely secure. If you become aware of a security concern, please contact us immediately at support@focusedu.com.au.
8. Data Retention
We retain personal information only for as long as necessary:
- •Active accounts: data is retained for the duration of the subscription and for 12 months after account cancellation, to allow reactivation without loss of progress.
- •Deleted accounts: upon deletion request, we remove or anonymise personal data within 30 days.
- •Billing records: transaction records are retained for 7 years as required by Australian taxation law.
- •Security logs: access and security logs are retained for 90 days.
After the applicable retention period, data is securely deleted or irreversibly anonymised.
9. Disclosure of Information
We do not sell your personal information. We share it only in the following limited circumstances:
- •Stripe: to process subscription payments. Stripe's Privacy Policy applies to information processed by them. Stripe is PCI-DSS Level 1 certified.
- •Cloudflare: for infrastructure hosting, DDoS protection, and CDN services.
- •Email delivery providers: to send transactional emails such as verification codes and billing receipts.
- •Legal requirements: if required by a court order, subpoena, or applicable law, or to protect the rights, property, or safety of FocusEdu, our users, or the public.
- •Business transfers: in the event of a merger, acquisition, or sale of assets, personal information may be transferred. We will notify you by email and prominent platform notice before your data is subject to a different Privacy Policy.
We do not disclose your data to any other third party without your explicit consent.
10. Your Rights
Under the Australian Privacy Principles, you have the following rights:
- •Access: request a copy of the personal information we hold about you or your child.
- •Correction: request that we correct inaccurate or out-of-date information.
- •Deletion: request deletion of personal information, subject to our legal retention obligations.
- •Opt-out of marketing: unsubscribe from any optional marketing communications at any time.
- •Complaint: lodge a complaint if you believe we have mishandled your personal information.
To exercise any of these rights, email us at support@focusedu.com.au with the subject line "Privacy Request". We will respond within 30 days. We may need to verify your identity before processing your request.
12. Data Breach Notification
In the event of a data breach that is likely to result in serious harm to individuals, we will:
- •Notify the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.
- •Notify affected individuals as soon as practicable with details of the breach and recommended steps.
- •Take immediate action to contain the breach and prevent further unauthorised access.
13. International Data Transfers
Cloudflare operates globally. While we select Asia-Pacific region data centres where possible, data may be processed in other jurisdictions as part of Cloudflare's network operations.
Stripe, headquartered in the United States, processes billing data in accordance with its Privacy Policy and applicable international data transfer frameworks.
Where personal information is disclosed to overseas recipients, we take reasonable steps to ensure those recipients handle it consistently with the Australian Privacy Principles.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and via a prominent notice on the platform at least 14 days before the changes take effect.
For non-material changes (such as clarifications or formatting), we will update the date at the top of this page. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.
15. Contact and Complaints
For any privacy enquiry or to exercise your rights, contact us at: support@focusedu.com.au
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
Website: www.oaic.gov.au Phone: 1300 363 992 Post: GPO Box 5218, Sydney NSW 2001
Office of the Australian Information Commissioner
If you are not satisfied with how we have handled your privacy concern, you may lodge a complaint with the OAIC — the independent government body that oversees the Privacy Act.