Privacy Policy

Last updated: 1 April 2026

1. Who We Are

BandBoost is operated by Aria Infotech Pty Ltd (“we”, “us”, “BandBoost”), ABN [TBD], based in Sunshine Coast, Queensland, Australia.

We are subject to the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Questions about this policy or your privacy rights may be directed to: [email protected]

2. What Personal Information We Collect

Parent or guardian

Name, email address, and password (hashed using industry-standard encryption — never stored in plain text). Payment information is processed by a third-party payment processor and not stored by BandBoost.

Student

First name and year level only. We do not require a student's surname, date of birth, school name, or any other identifying information.

Test data

Answers submitted during practice tests, AI-generated feedback, scores, and parent progress reports.

Payment records

Purchase history and invoice records for GST compliance. Card details are held by the payment processor, not BandBoost.

Technical data

IP address, browser type, referring page, country, request method, requested URL, and session tokens. We retain this visit data for up to 90 days to support security, fraud prevention, and incident investigation, after which rows are automatically deleted.

3. How and Why We Collect It (APP 5)

We collect this information to provide NAPLAN practice tests, generate AI feedback on student answers, deliver parent progress reports, and process payments. We do not collect information we do not need to operate the platform.

We do not collect data for advertising purposes and do not sell data to third parties.

4. Who We Share It With (APP 8: Overseas Disclosure)

We use third-party services to operate BandBoost. By using BandBoost, you consent to your data being processed by these providers in accordance with their privacy policies:

ServicePurposeLocationData shared
Managed PostgreSQL databaseDatabase hostingAustralia (Sydney)All platform data
Payment processorPayment processingOverseasPayment records only
Transactional email providerTransactional emailAustralia (Sydney)Email address, name
AI assessment moduleAI feedback generationOverseasStudent answers (anonymised, no names)
Web hosting providerWeb hosting / CDNAustralian edge + overseas originRequest logs (IP, URL)
CDN and security providerSecurity / CDNGlobal edgeIP address, request metadata

Important: AI assessment and student data

Student answers sent to the AI assessment module contain no names, no parent email, and no personally identifiable information. The provider's API terms prohibit using API inputs to train their models. Your child's test answers are not used to train AI models.

All overseas providers are required by contract to maintain equivalent privacy protections as required under the Australian Privacy Act.

5. Children's Data

BandBoost is designed for students aged 8–15. Only a parent or guardian (aged 18+) may create an account. Students do not have their own login. Student data is only accessible to their parent or guardian and, if data sharing is enabled, to teachers at their school.

Student data is never used for advertising, profiling, or sold to any third party for any purpose.

6. Data Retention

Data typeRetentionReason
Test results + AI reportsUntil account deletionCore product feature
Request logs48 hours (auto-deleted)Security monitoring only
AI call logs12 monthsCost auditing
Transaction records7 yearsGST law
Anonymised benchmark dataIndefiniteNo PII, aggregate only

7. Your Rights (APP 12 + 13)

Under the Australian Privacy Act, you have the right to access the personal information we hold about you, request corrections, and request deletion of your data.

You can exercise these rights at any time via your Privacy & Data settings , including downloading a copy of all your data or deleting your account and all associated student records.

For questions or requests not covered by the self-service tools, email: [email protected]

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

8. Cookies and Analytics

BandBoost uses session cookies required for login functionality. These cookies are essential and cannot be disabled while using the platform.

We use analytics tools to understand how the platform is used in aggregate. Analytics cookies are only set after you provide consent via the cookie consent banner shown on your first visit.

9. Security

Data is encrypted in transit using TLS 1.3 and at rest using AES-256 by our database provider. We implement rate limiting, geo-blocking, and abuse detection to protect the platform. Passwords are stored using bcrypt hashing and are never visible to BandBoost staff.

10. Online Safety (Online Safety Act 2021)

BandBoost is designed for students aged 8–15. We take online safety seriously.

If you have a concern about content on BandBoost that is harmful to children, or about how your child's data is being handled, please contact us:

Email: [email protected]
We will respond within 14 days as required by Australian law.

If you are not satisfied with our response, you may escalate to:

11. Data Breach Notification

In the event of an eligible data breach as defined by Part IIIC of the Privacy Act, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) within 30 days as required by the Notifiable Data Breaches scheme.

12. Changes to This Policy

We will notify you by email at least 30 days before making material changes to this Privacy Policy.

    Privacy Policy | BandBoost