Privacy Policy

1. Introduction

trackME ("we", "us", "our") is committed to protecting your privacy and the privacy of student data. This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

By using trackME, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Teacher Information

• Account Information: Email address, password (encrypted), name
• Authentication Data: Two-factor authentication secrets (encrypted)
• Usage Data: Login timestamps, feature usage

2.2 Student Information

• Basic Information: Student names, preferred names, class assignments
• Educational Data: Subject enrolments, skill completion status, knowledge completion status, assessment results
• Progress Data: Timestamps of skill/knowledge completion, assessment scores

2.3 School Information (if applicable)

• School name, school admin contact details
• Jurisdiction/state preferences

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the trackME service
• Enable teachers to track student progress
• Generate progress reports and analytics
• Authenticate users and secure accounts
• Respond to support requests
• Improve our service and develop new features
• Comply with legal obligations

We do not use student data for advertising, marketing, or any commercial purposes unrelated to educational tracking.

4. Data Storage and Security

4.1 Storage Location

Data is stored using Google Firebase/Firestore cloud services. All data residency is in Melbourne, Australia servers via Firebase database. This ensures your data remains within Australian jurisdiction and complies with Australian data protection requirements.

4.2 Security Measures

• Encryption: All data is encrypted in transit (HTTPS) and at rest
• Authentication: Secure password-based authentication with optional two-factor authentication (2FA)
• Access Controls: Role-based access control ensures users can only access their own data or data within their school
• Firestore Security Rules: Database-level security rules prevent unauthorized access
• Regular Security Audits: We conduct regular security reviews and updates

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:

• Within Your School: School administrators can view data for users within their school
• Service Providers: We use Google Firebase/Firestore for data storage and processing, with all data stored on Melbourne, Australia servers. These providers are bound by their own privacy policies and security standards
• Legal Requirements: We may disclose data if required by law or to protect our rights
• With Your Consent: We may share data with your explicit consent

6. Data Retention

6.1 Active Accounts

Data for active teacher accounts is retained indefinitely while the account remains active.

6.2 Inactive Accounts

If a teacher account is inactive for 7 years, we will:

• Send a notification email to the registered email address
• Provide 90 days to reactivate the account
• After 90 days, delete all associated data including classes, students, and progress records

6.3 Student Data

When a student is deleted from a class, their data is immediately removed from our systems. Student data is also deleted when:

• A teacher deletes a student record
• A class is deleted
• A teacher account is deleted

6.4 School Accounts

When a school account is deactivated, all associated user and student data will be retained for 12 months, then permanently deleted.

For detailed information, see our Data Retention Policy.

7. Your Rights

Under Australian Privacy Principles, you have the right to:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Complaint: Lodge a complaint about our handling of your personal information

To exercise these rights, contact us at simon.dass.1996@gmail.com or use the data management tools in the Settings section of the app.

8. Cookies and Tracking

trackME uses Firebase Authentication cookies to maintain your login session. We do not use third-party tracking cookies or analytics services that track users across websites.

9. Children's Privacy

trackME is designed for use by teachers only. We do not knowingly collect personal information from children under 16. Student names and progress data are entered by teachers and are used solely for educational tracking purposes.

10. Data Breaches

In the event of a data breach that may cause serious harm, we will:

1. Contain the breach immediately
2. Assess the risk and extent of the breach
3. Notify affected users and the Office of the Australian Information Commissioner (OAIC) within 72 hours if required
4. Provide clear information about what data was affected and what steps we are taking
5. Work to prevent future breaches

For more details, see our Data Breach Response Plan.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by:

• Posting a notice in the app
• Sending an email to registered users
• Updating the "Last updated" date at the top of this page

Continued use of trackME after changes constitutes acceptance of the updated policy.

This policy was last reviewed: December 2025

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Simon Dass
Email: simon.dass.1996@gmail.com
VIT Registration: 615660