Privacy Policy

Effective: 1 April 2026 · BandUp · ABN 57 793 201 060

BandUp is an Australian EdTech product. We collect only the data needed to provide the service, store it on Australian servers, and never sell it to third parties.

1. Who we are

BandUp (ABN 57 793 201 060) operates the BandUp writing practice platform at bandup.com.au and aims to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Contact us at privacy@bandup.com.au.

2. What data we collect

We collect parent account details such as name, email, authentication data, subscription details, and communication preferences.

We collect student profile details such as first name, school year, essays, scoring outputs, and progress metrics.

We also collect operational usage data such as anonymised analytics, error logs, and device/browser information for product reliability.

  • We do not collect photos, audio, video, government identifiers, or sensitive information unless required for service delivery.

3. How we use the data

  • Score essays and generate feedback against the selected rubric framework.
  • Display progress, band estimates, and feedback to the family.
  • Send service emails such as scoring updates and weekly digests.
  • Process payments through Stripe when paid plans are in use.
  • Improve product quality using aggregated and de-identified analysis.
  • Meet legal and compliance obligations under Australian law.

4. AI processing

Essay text, genre, year level, prompt, and rubric context may be sent to the active scoring provider for assessment. We do not send name, email, or direct identifying details with the essay body.

Named exam and board references are descriptive only and do not imply endorsement.

5. Storage and security

  • Data is stored in Australia where available through our infrastructure providers.
  • Transport security is enforced for data in transit.
  • Authentication and payment processing rely on established third-party providers such as Supabase and Stripe.

6. Children's privacy

BandUp is designed for parent-managed accounts. Children do not create independent accounts.

If you believe a child has been added without appropriate consent, contact us and we will investigate and remove the account data where required.

7. Your rights

  • Request access to the personal information we hold.
  • Request correction of inaccurate information.
  • Request deletion of your account and associated data.
  • Opt out of promotional communications.
  • Raise a privacy complaint with us or the OAIC.

8. Retention

  • Active account data is retained while the service is in use.
  • Cancelled account data may be retained for a limited operational period before deletion.
  • Billing records may be retained for legal and tax obligations.

9. Third-party services

  • Supabase for database and authentication.
  • Vercel for hosting and delivery.
  • Stripe for payments.
  • Resend for transactional email.
  • Sentry for monitoring.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through service channels where appropriate.

BandUp