top of page

Privacy Policy

This Privacy Policy explains how Switch4Schools collects, uses, discloses and protects personal information when you use our platform and services.

1. This Privacy Policy

Your privacy is extremely important to us. We are constantly putting great deal of thought, efforts, tools and procedures in order to protect and safeguard your privacy. This document is our “Privacy Policy” and it contains details on issues related to your privacy when using our services. It is intended to inform you of our policies, procedures and practices regarding the collection, use and disclosure of any information that you provide through the Platform. The Privacy Policy is part of our Terms of Service which can be found on our website. The terms in the Privacy Policy (such as, but not limited to, “we”, “our”, us”, “Platform”, Provider”, “Provider Services” etc) have the same meaning as in our Terms of Service document. When you use our Platform you accept and agree to both the Terms of Service and to the Privacy Policy. If you do not agree to be bound to the Privacy Policy you should stop using the Platform immediately. By accessing and using our Platform you affirm that you have read the Terms of Service and the Privacy Policy and that you understand, agree and acknowledge to all the terms contained in both of them.​

2. Information Collection and Use

To let us operate the Platform effectively and to let you use the Platform, we have to collect and use some information from you (the “Information”). You may decide which Information, if any, you would like to share with us but some functions of the Platform may not be available to you without providing us the necessary Information. By deciding to provide the Information you agree to our methods of collections and use, as well to other terms and provisions of this Privacy Policy. The different types of Information we collect and how we intend to use them are detailed below.

  • Personally Identifiable Information:

    When you sign up to the Platform, update your account details, provide your billing information, provide your emergency contact information or make other use of our services, we may ask you for personally identifiable information (“Personal Information”). The Personal Information can be used to contact you or identify you and it may include, but not limited to, your name, your email, your phone number, your address and your payment information. We may use the Personal Information, either by itself or in conjunction with other information, for the following purposes:

    • Create your account at our Platform, let you log in to the account, administer your account, monitor your account, provide customer service and contact you with information, alerts and suggestions that are related to your account.

    • Billing-related purposes.

    • Reach out to you, either ourselves or using the appropriate authorities, if either we or a Provider has a good reason to believe that you or any other person may be in danger or may be either the cause or the victim of a criminal act.

    • Let a Provider know your first name so he or she can communicate with you effectively.

    • Let a Provider know your state to ensure he is licensed and qualified to provide a service to you.

  • Profile Information:

    We may ask you several questions about you and your needs. (“Profile Information”). We may use the Profile Information, either by itself or in conjunction with other information, for the following purposes:​

    • Help us to get to know you and your needs.

    • Collect and analyse statistical or aggregated information which is not personally identifiable.

  • Log Data:

    When you use the Platform, our servers or servers of third party services automatically record information that your browser sends (“Log Data”). This Log Data may include, but not limited to, information such as your computer, Internet Protocol address (“IP”), pages that you visit and the time spent on those pages, actions that you take and other statistics. We may use this information, either by itself or in conjunction with other information for the following purposes:

    • Monitor, analyse and improve the use and functionality of the Platform, the Platform’s technical operation and the match of the Platform functionality to your needs and preferences.

  • Student Users: As a student user, you are permitted to use de-identified details or pseudonyms when interacting with the Platform. We understand the importance of protecting your privacy, and we respect your right to maintain anonymity if desired. You have the option to use de-identified information or pseudonyms that do not reveal your true identity when using our services. However, please note that certain interactions or activities on the Platform may require the use of personally identifiable information for authentication or verification purposes. It is your responsibility to ensure that any de-identified details or pseudonyms used do not infringe upon the rights of others or violate any applicable laws or regulations.

  • Complete and Accurate Information: 
    It is your responsibility to provide complete and accurate information when using our Platform. By using the Platform, you agree that the information you provide is true, accurate, current, and complete. You also agree to promptly update any information to ensure its accuracy and completeness. We are not responsible for any consequences that may arise from the provision of false, inaccurate, outdated, or incomplete information.

3. Cookies and Web Beacons

Like many websites, we use “cookies” and “web beacons” to collect information. A “cookie” is a small data file that is being transferred to your computer’s hard disk for record-keeping purposes. A “web beacon” is a tiny image, placed on a Web page or e-mail that can report your visit or use. We use cookies and web beacons to enable the technical operation of the Platform, to administer your log-in to your account and to collect the Log Data. You can change your browser’s settings so it will stop accepting cookies or to prompt you before accepting a cookie. However, if you do not accept cookies you may not be able to use the Platform. The Platform may also include the use of cookies and web beacons of services owned or provided by third parties that are not covered by our privacy policy and we do not have access or control over these cookies and web beacons.​

4. Social and General Information Tools

We use several publicly-available tools and information exchange resources, such as (but not limited to) a blog, a Facebook page, a Twitter account, a Microsoft account and others (collectively “Social and General Information Tools”). Any information you provide or share by using the Social and General Information Tools may be read, accessed, collected and used by others.​

5. Phishing

Online identity theft and account hacking, including the practice currently known as “phishing”, are of great concern. You should always suspect when you are being asked for your account information and you must always make sure you do that in our secure system. We will never request your login information, your credit card information, in a non-secure or unsolicited communication (e-mail, phone or otherwise).​

6. Aggregate Information and Non-Identifying Information

We may share aggregated information that does not include any Personal Information with third parties for any purpose, including but not limited to industry analysis, research, business transactions and public relations.​

7. Links

The Platform may contain links to other websites, services or offers which are owned, operated or maintained by third parties. If you click on a third party link, you will be directed to that third website or service. The fact that we link to a website or service is not an endorsement, authorisation or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not have control over third party websites and services and we do not have control over their privacy policies and terms of use.​

8. Transfer of Business

We may sell or transfer some or all of our assets, including your Personal Information, in connection with a merger, acquisition, consolidation, joint venture, reorganisation or sale of assets. Such transactions would be covered by a confidentiality agreement.​

9. Service Providers

We may employ third party companies and individuals to facilitate our Platform, to perform certain tasks which are related to the Platform, or to provide audit, legal, operational or other services for us (“Service Providers” / “Subprocessors”). These tasks include (but are not limited to) customer service, technical maintenance, monitoring, email management and communication, database management, billing and payment processing (if applicable), reporting, analytics and content delivery.

When needed, we may disclose information, including Personal Information, to such third parties, but we will try to limit the Personal Information disclosed to the minimum necessary to perform their task(s). We require our Service Providers to protect Personal Information and use it only for the purposes of providing services to us.

Our Subprocessors
At the date of this Privacy Policy, we use the following Subprocessors in connection with operating the Platform:

(a) Amazon Web Services (AWS)

  • Purpose: Hosting and operating the Platform (compute, storage, databases, networking, content delivery, backups and logs as configured).

  • Personal Information / data types: Account data, school data, student/staff data entered into the Platform, and operational/security logs generated by the Platform.

  • Location(s): Primarily Australia (AWS ap-southeast-2). Some supporting services may involve other locations/regions (for example, certificate management and global content delivery).

  • Legal basis (where applicable): Performance of contract; legitimate interests (security, reliability).

  • Contact: https://aws.amazon.com/contact-us/

(b) PostHog

  • Purpose: Product analytics and service improvement. Depending on configuration, PostHog may also be used for session replay/recording to help troubleshoot and improve user experience.

  • Personal Information / data types: Usage events (e.g. pages and actions), device/browser information, and identifiers we choose to send (for example, an internal user ID).

  • Location(s): We configure PostHog to use EU endpoints (e.g. eu.posthog.com), and data may be processed in locations described in PostHog’s agreements and documentation.

  • Legal basis (where applicable): Consent (where required for analytics cookies); otherwise legitimate interests (service improvement) where permitted.

  • Contact: https://posthog.com/contact

(c) Google Analytics (Google)

  • Purpose: Analytics and measurement to understand how the Platform is used and to improve the Platform.

  • Personal Information / data types: Usage data, device/browser information, and cookies/online identifiers (as configured).

  • Location(s): May be processed in the United States and other countries where Google and its subprocessors operate.

  • Legal basis (where applicable): Consent (where required for analytics cookies).

  • Contact: https://support.google.com/analytics/

(d) Storyblok

  • Purpose: Content management and content/asset delivery used by the Platform.

  • Personal Information / data types: Content delivery request metadata (such as IP address, device/browser information, timestamps), and administrator account data for users who manage content.

  • Location(s): We use Storyblok “AP” endpoints (e.g. api-ap.storyblok.com), and data may be processed in locations described in Storyblok’s agreements and documentation.

  • Legal basis (where applicable): Performance of contract; legitimate interests (content delivery and management).

  • Contact: https://www.storyblok.com/contact

Embedded/third-party content
Some parts of the Platform may display embedded content (for example, videos). When embedded content loads, the relevant third-party provider (for example, YouTube or Vimeo) may receive information such as your IP address, device/browser information and viewing metadata. Their handling of that information is governed by their own privacy policies.

We may add, remove or change Service Providers from time to time. Where appropriate, we will update this Privacy Policy to reflect material changes.

10. International Transfer

We design our services to minimise the need to transfer personal data across borders. To achieve this, we seek to host Platform data in the region in which the customer is located where reasonably practicable.

However, personal information may be transferred to, stored in, or processed in countries outside your country (including outside Australia) where this is necessary to provide and operate the Platform. This can occur, for example, when we use Subprocessors that operate internationally (including analytics and content delivery providers), or where global infrastructure is involved in secure delivery of the Platform.

We currently operate hosting environments in Australia and may use service providers with operations in other regions (including the European Union, the United Kingdom and the United States), depending on the Subprocessor and configuration in use. Where personal information is transferred internationally, we apply reasonable safeguards to protect personal information in accordance with this Privacy Policy and applicable privacy laws.

11. Compliance with Laws and Law Enforcement

We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information, including Personal Information, to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of ourselves or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity. We may disclose information, including Personal Information, to take precautions against liability. You should also be aware that Providers may be obliged to disclose information to law enforcement or other authorities to conform to their professional and legal responsibilities. Specifically, and without limitation, you should be aware that the law requires mental health professionals to disclose information and/or take action in the following cases: (a) reported or suspected abuse of a child or vulnerable adult; (b) serious suicidal potential; (c) threatened harm to another person; (d) court-ordered presentation of treatment.

 

UK Data Protection Representative (GDPR)

For individuals in the United Kingdom, our appointed representative for data protection matters is:​

Spudling Ltd  

c/o Simon May (UK Representative)  

49 The Hill  Wheathampstead  Herts AL4 8PR United Kingdom  

Email: simon@switch4schools.com.au

12. Data Retention

You may review, update, correct or delete the Personal Information in your Account by contacting us or by editing it online. If you would like us to delete your Personal Information or any other information from our system, please contact us with such request. We will use commercially reasonable efforts to honor your request. However, we may retain an archived copy of your records as required by law for legitimate business purposes or for recordkeeping purposes. There may also be residual information that will remain within our databases and other records, including, without limitation, some data may that may be still archived and stored offline. We are not responsible for removing information from the third parties that we have already legitimately shared Personal Information about you.​

13. Security

We are concerned about safeguarding your information. The security of your Personal Information is very important to us. Therefore, we employ measures to protect this information from unauthorised access, use, and disclosure. However, the confidentiality of any communication transmitted through the Platform or stored with us cannot be guaranteed. Please remember that no method of electronic transmission over the Internet or method of storage can be 100% secure. You acknowledge and agree that you share and transmit the information at your own risk, as further detailed in our Terms of Service. If you have reason to believe that there has been a breach of security, including but limited to “hacking” to your account, you must notify us immediately.​

14. Changes to the Privacy Policy

We may update this privacy statement at our sole discretion. The date of the last revision of this policy appears at the end of this page. We encourage you to periodically review this page for the latest information on our privacy policy and practices.​ Where changes are material, we will take reasonable steps to notify our school customers.

15. Privacy Complaints

If you have a concern about how we have handled your personal information, including a potential breach of this Privacy Policy or applicable privacy laws, you can make a privacy complaint by contacting us using the details set out in the ‘Contacting us’ section below. Please include as much detail as possible about your concern so that we can investigate it effectively.​

We will acknowledge receipt of your complaint and aim to respond within a reasonable period, usually within 30 days. We may contact you to request further information or clarification. We will let you know the outcome of our review and any steps we have taken to address your concerns.​

If you are not satisfied with our response, you may be entitled to contact the Office of the Australian Information Commissioner (OAIC) or, where applicable, another privacy regulator in your jurisdiction for further review. Information about how to make a privacy complaint to the OAIC is available at www.oaic.gov.au.

16. Contacting Us

If you have any questions or concerns about this Privacy Policy or our privacy-related practices, please contact us by clicking the Contact us link at the bottom of any page on our website.

Last updated: 18 December 2025
Effective date: 1 January 2026

bottom of page