Privacy Policy
Last updated: 17 October 2025
Who we are
This Privacy Policy explains how Phonicspal Pty Ltd (ACN: [insert ACN]) ("Phonicspal", "we", "us", or "our") collects, uses, discloses and protects personal information when you use our platform and related services (collectively, the "Service"). We are an Australian company and manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We also follow the Notifiable Data Breaches (NDB) scheme.
Contact us at team@phonicspal.com for privacy enquiries, access/correction requests or complaints.
What this Policy covers
This Policy applies to teachers, school staff, and—where features are used to support students—parents and students. For student personal information, we generally act as a service provider to the school and handle that information on the school’s instructions.
Information we collect
- Account and profile: name, email address, role, year level, school details, and profile image (primarily via our authentication provider Clerk).
- School information: school name, suburb, state, and sector (for administration and licence management).
- Content you provide: lesson content, selected words, uploaded media, and feedback (including any attachments you upload to the Service).
- Student information (where entered by a school or teacher): student name, class, login credentials (e.g. passcode), activity participation, and results. We rely on the school/teacher to have appropriate authority to provide student information.
- Usage and analytics: device and browser information, pages and features used, clicks and events, IP-derived location (at a general level). We use PostHog for analytics (proxied via our domain) and Vercel Analytics.
- Service interactions with AI and voice: selected prompts or content submitted for processing by Google Gemini (for educational text generation and audit) and ElevenLabs (for text-to-speech). We take steps to minimise the personal information sent to such processors.
How we collect personal information
- Directly from you when you create an account, configure settings, upload content or submit feedback.
- Automatically through your use of the Service (e.g. analytics events, device data and cookies/SDK storage).
- From your school where your access and student information are managed centrally.
How we use personal information
- to operate, maintain and improve the Service;
- to provision accounts, authenticate users and provide support;
- to generate educational content and activities you request;
- to ensure security, fraud prevention and acceptable use;
- to conduct analytics and Service quality assessments;
- to comply with laws and enforce our terms.
Where required, we seek your consent (for example, certain cookies/analytics or where you upload media including student images). Schools remain responsible for obtaining any parent/guardian consents needed for student information.
Children and student information
We design Phonicspal for teachers in Australian primary schools; students typically access activities under teacher supervision. We generally process student personal information as a service provider to schools. We act on the school’s instructions, and the school remains primarily responsible for notices and consents under applicable law. Please do not upload unnecessary sensitive information about students.
Disclosures to service providers (overseas transfers)
We use trusted third parties to help us deliver the Service. These providers may process personal information in Australia, the United States or other countries. Current key processors include:
- Clerk (authentication and user management);
- PostHog (product analytics, via proxy to us.posthog.com);
- Google (Gemini models for educational text generation and word audit);
- ElevenLabs (text-to-speech audio generation);
- Vercel (hosting infrastructure, media storage, and analytics).
We take reasonable steps (such as contractual protections and security reviews) to ensure these providers safeguard personal information. By using the Service, you consent to disclosures to overseas recipients as described above.
Storage, security and retention
- Security: We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, and monitoring. No method is 100% secure; we continually improve safeguards.
- Retention: We retain account and school records for as long as necessary to provide the Service and meet legal obligations. Student data is retained in line with your school’s instructions and may be deleted or anonymised on request.
Your choices: cookies and analytics
You can control cookies and local storage via your browser or device settings. Some features rely on analytics to improve experiences; you can choose not to use those features or adjust your do-not-track settings. Blocking cookies may impact functionality.
Access, correction and complaints
You may request access to, or correction of, your personal information by contacting us at team@phonicspal.com. If you make a complaint, we will respond within a reasonable time. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC) – see their guidance on privacy complaints at www.oaic.gov.au/privacy/privacy-complaints.
Data breaches
If we experience a data breach likely to result in serious harm, we will assess and, where required, notify affected individuals and the OAIC in accordance with the NDB scheme.
Changes to this Policy
We may update this Policy from time to time. The updated version will be posted on this page with a new “Last updated” date. If changes are material, we will take reasonable steps to notify you.