Back to home

Privacy Policy

Last updated: 12 May 2026

1. About This Policy

Andrew HSC (ABN pending) operates andrewhsc.com. This policy describes how we collect, use, disclose, and protect your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). We are committed to protecting the privacy of all users, including teachers, school administrators, and students.

2. Information We Collect (APP 3)

We collect the following personal information:

  • Account information: name, email address, school name, role (teacher/admin/student)
  • Authentication data: Google account profile (if using Google Sign-In), hashed passwords (if using email/password)
  • Usage data: questions viewed, worksheets created, exam papers generated, feature usage patterns
  • Technical data: IP address, browser type, device information, access timestamps
  • Contact form submissions: name, email, school, role, message content

We do not collect sensitive information (health, political opinions, religious beliefs, sexual orientation, criminal record) or information about students under 16 without parental consent.

3. How We Collect Information (APP 5)

We collect personal information:

  • Directly from you when you create an account, submit a contact form, or use the platform
  • From Google when you authenticate via Google Sign-In (name, email, profile picture)
  • Automatically through cookies and analytics tools when you browse the website
  • From school administrators who create accounts on behalf of teachers

At or before the time of collection, we will take reasonable steps to notify you of the purposes for which the information is collected, as required by APP 5.

4. Purpose of Collection (APP 6)

We collect and use your personal information for the following purposes:

  • Providing and maintaining the Andrew HSC platform and its features
  • Managing your account and authenticating your identity
  • Processing subscription payments and managing billing
  • Communicating with you about your account, updates, and support requests
  • Improving the platform through anonymised usage analytics
  • Enforcing our Terms of Use and protecting against misuse
  • Complying with legal obligations

We will not use your personal information for purposes other than those stated above without your consent, unless required by law.

5. Disclosure of Information

We may disclose your personal information to:

  • Service providers: cloud hosting (Manus platform), email delivery (Resend), payment processing (when applicable)
  • School administrators: if you are a teacher using a school subscription, your administrator may see your name, role, and usage statistics
  • Legal authorities: if required by law, court order, or to protect our rights

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Storage and Security (APP 11)

Your data is stored on secure servers with encryption at rest and in transit. We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • Bcrypt hashing for passwords (never stored in plaintext)
  • HttpOnly, Secure, SameSite cookies for session management
  • Rate limiting and input validation to prevent abuse
  • Regular security reviews and updates

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Account data is deleted within 30 days of account deletion request.

7. Access and Correction (APP 12 & 13)

You have the right to access and correct your personal information. You can update your profile information directly through the platform. For other access or correction requests, contact us at [email protected]. We will respond to access requests within 30 days.

8. Cookies and Analytics

We use essential cookies for authentication and session management. We use Umami Analytics (privacy-focused, no personal data tracking) to understand aggregate usage patterns. We do not use advertising cookies or share data with advertising networks.

9. Cross-Border Data Transfer

Your data may be processed on servers located outside Australia (including the United States and Singapore) through our cloud infrastructure providers. We ensure these providers maintain security standards consistent with the APPs.

10. Children's Privacy

Andrew HSC is primarily designed for teachers and school administrators. If students under 16 access the platform, we require that access is managed through a school subscription with appropriate parental/guardian consent obtained by the school. We do not knowingly collect personal information from children under 16 without such consent.

11. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Complaints

If you believe we have breached the APPs, please contact us at [email protected]. We will investigate and respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

13. Contact

For privacy-related enquiries, contact our Privacy Officer at [email protected]