Product Privacy Policy

This policy applies specifically to the EduNomicon product and outlines how product privacy is established, managed, and enforced.

Effective date: 18 May 2026
Last updated: 18 May 2026
Version: 1.0
Applies to: Australian customers and authorized users

1. Who We Are

1.1 EduNomicon is operated by EduNomicon (ACN 696360442), trading as EduNomicon.

1.2 In this Privacy Policy, “EduNomicon”, “we”, “us” and “our” refer to EduNomicon (ACN 696360442), as the operator of the EduNomicon platform, website and related services.

1.3 Edu/Code may appear in earlier materials, documentation, email addresses or legacy references. Unless stated otherwise, any reference to Edu/Code should be understood as referring to the same business operations now conducted under the EduNomicon name.

2. Scope of this Privacy Policy

2.1 This Privacy Policy explains how we collect, use, store, secure, disclose, retain, delete and otherwise handle personal information in connection with EduNomicon.

2.2 This Privacy Policy applies to EduNomicon customers, authorized users, school-supplied data, platform records, support interactions, website interactions, and related services.

2.3 This Privacy Policy should be read together with the EduNomicon Terms of Service and any separate written agreement between EduNomicon and the customer.

2.4 Where a school, education organization, government agency, or other customer uses EduNomicon, that customer remains responsible for ensuring that its collection, upload, use, disclosure and handling of personal information complies with applicable privacy, education, child safety, records management and data protection obligations.

3. Types of Information We Collect

3.1 EduNomicon may collect and handle personal information and other information reasonably necessary to provide, secure, support, monitor and administer the platform.

3.2 The types of information we may collect include:

(a) customer and account information, such as organization name, authorized user names, work email addresses, role information, contact details, billing or administrative contact details, and support contact details;

(b) platform access and authentication information, such as usernames, account status, login events, role permissions, tenant or organization identifiers, authentication metadata, access attempts and session information;

(c) school-supplied structured data, such as assessment results, attendance data, subject or program participation data, academic performance data, data quality information, school-approved indicators and other structured educational data uploaded or authorized by the customer;

(d) model and analytics information, such as model configuration, variable selections, model metadata, diagnostic outputs, data quality scores, model performance information, predictions, reports, charts, summaries and related analytics outputs;

(e) technical and usage information, such as IP address, browser type, device information, operating system, pages or modules accessed, timestamps, error logs, audit logs, security logs, upload events, export events and other platform activity records;

(f) support and communications information, such as emails, support requests, feedback, troubleshooting information, meeting notes, implementation information and other communications with us; and

(g) website information, such as cookie data, analytics information, form submissions and general website usage information.

3.3 EduNomicon does not require sensitive information, health information, biometric information, legal or custody information, child protection information, financial account information, government identifiers, free-text welfare notes, counseling notes, disciplinary narratives or similar high-risk personal information for standard educational analytics use cases.

3.4 Customers and authorized users must not upload high-risk information unless expressly approved in writing under a separate high-risk deployment arrangement.

4. Information We Do Not Require for Standard EduNomicon Use

4.1 EduNomicon does not require sensitive information, health information, biometric information, legal or custody information, child protection information, financial account information, government identifiers, free-text welfare notes, counseling notes, disciplinary narratives, or similar high-risk personal information for standard educational analytics use cases.

4.2 Customers and authorized users must not upload this information unless expressly approved in writing under a separate high-risk deployment arrangement.

4.3 EduNomicon does not require student names, parent names, home addresses, phone numbers, personal email addresses, photographs, Medicare numbers, passport numbers, Tax File Numbers, driver license numbers, birth certificate details, or other direct identifiers for standard educational analytics use cases.

4.4 Where row-level linkage is required, the preferred configuration is a school-generated pseudonymous identifier rather than direct identifiers or government-issued identifiers.

4.5 EduNomicon may use upload-time controls, schema review, column-name screening, pattern detection, metadata review, or other automated or manual checks to identify information that appears sensitive, prohibited, excessive, unauthorized, or inconsistent with the agreed purpose.

5. How We Collect Information

5.1 We collect information in connection with EduNomicon when it is provided to us, uploaded to the platform, generated through use of the platform, or collected automatically through ordinary technical and operational processes.

5.2 We may collect information directly from customers and authorized users when they:

(a) create or manage an account;

(b) log in to or use EduNomicon;

(c) upload, import, submit, connect, configure, analyze, model, export, or otherwise process data through the platform;

(d) generate reports, charts, model outputs, diagnostics, explanations, summaries, or other analytics outputs;

(e) contact us for support, implementation, troubleshooting, billing, administration, privacy, security, or general enquiries;

(f) provide feedback, participate in meetings, complete forms, or communicate with us by email, phone, video conference, website, or other channels; or

(g) use the Edu/Code or EduNomicon website.

5.3 We may collect customer data from files, datasets, records, variables, metadata, schemas, configurations, model settings, and other information uploaded, submitted, connected, imported, or authorized by the customer or its authorized users.

5.4 We may collect information automatically when authorized users access or use EduNomicon, including login events, access attempts, timestamps, IP addresses, device information, browser information, operating system information, pages or modules accessed, upload events, export events, model activity, error logs, audit logs, security logs, session information, and other technical or usage information.

5.5 We may generate information through operation of the platform, including model metadata, data quality results, diagnostic outputs, predictions, reports, charts, summaries, audit records, security records, and other analytics or operational records.

5.6 We may collect information from third-party services where reasonably necessary to provide, secure, support, monitor, or administer EduNomicon. This may include cloud hosting providers, authentication providers, security services, monitoring services, email services, support tools, website analytics services, or other operational service providers.

5.7 Where a customer uses an integration, identity provider, data connector, or third-party system with EduNomicon, we may collect information from that system as authorized by the customer and as reasonably necessary to provide the relevant service or integration.

5.8 We may collect information from public sources, customer websites, professional directories, business communications, or other lawful sources where reasonably necessary for customer relationship management, sales, support, contracting, due diligence, security, compliance, or administration.

5.9 We do not seek to collect sensitive, health, legal, financial, government identifier, biometric, disability, wellbeing, safeguarding, or other high-risk information for standard EduNomicon use cases. Customers must not upload this information unless expressly approved in writing under a separate high-risk deployment arrangement.

5.10 If we receive information that appears unnecessary, excessive, prohibited, unauthorized, sensitive, or high-risk, we may block, reject, quarantine, delete, restrict, or require review of that information in accordance with the EduNomicon Terms of Service and this Privacy Policy.

6. How We Use Information

6.1 We use information collected through EduNomicon to provide, operate, secure, support, maintain and improve the platform.

6.2 We may use information for purposes including:

(a) creating, managing and securing customer accounts and authorized user access;

(b) enabling customers to upload, review, analyze and model school-authorized structured data;

(c) generating data quality results, model outputs, predictions, diagnostics, reports, charts, summaries and other analytics outputs;

(d) supporting human-reviewed educational analytics, planning, reporting, governance and decision support;

(e) providing optional AI-assisted language explanations of aggregated analytics, data quality, modelling or diagnostic outputs;

(f) providing customer support, troubleshooting, implementation assistance and technical administration;

(g) monitoring platform performance, reliability, security, usage, errors, misuse and compliance with applicable terms;

(h) maintaining audit logs, access logs, security logs and operational records;

(i) protecting privacy, security, student safety, platform integrity and lawful use of the platform;

(j) complying with legal, contractual, regulatory, insurance, audit, records management and dispute resolution obligations; and

(k) communicating with customers and authorized users about the platform, support, updates, security matters, privacy matters and service administration.

6.3 We do not sell customer-uploaded data.

6.4 Unless expressly agreed in writing, we do not use customer-uploaded data or customer-specific models for unrelated commercial purposes, advertising, resale or cross-customer model development.

6.5 EduNomicon outputs are decision-support only and must be reviewed by authorized human users before being relied upon.

7. AI, Machine Learning and Optional Language Explanations

7.1 EduNomicon uses statistical modelling, machine learning and related analytics techniques to generate customer-specific educational analytics outputs.

7.2 EduNomicon does not use customer-uploaded student data to train general-purpose foundation models or unrelated cross-customer models unless expressly agreed in writing.

7.3 EduNomicon’s core modelling is designed for school-authorised structured educational data and may support data quality review, prediction, explanatory analytics, diagnostics, variable importance analysis, sensitivity analysis, scenario review and reporting.

7.4 EduNomicon may include optional AI-assisted language explanation features. These features are user-triggered and are designed to generate plain-English explanations of aggregated analytics, data quality, modelling or diagnostic outputs.

7.5 EduNomicon does not automatically submit uploaded datasets, raw records, individual student-level data, direct identifiers or sensitive information to external language model services for explanation generation.

7.6 Where a third-party language model endpoint is used, it is used to generate the requested explanation. These features are not required for EduNomicon’s core modelling and are designed to use aggregated metadata rather than individual student-level records, direct identifiers, raw datasets or sensitive information.

7.7 AI-assisted explanations are decision-support commentary only. They must be reviewed by authorised human users and must not be used as the sole basis for decisions affecting any individual.

8. How We Disclose Information

8.1 We may disclose personal information, customer data, platform records, technical information, or related information where reasonably necessary to provide, secure, support, maintain, administer, or improve EduNomicon.

8.2 We may disclose information to:

(a) the customer and its authorized users, where required to provide the platform, outputs, reports, support, account management, audit information, or administrative functions;

(b) authorized EduNomicon personnel, contractors, advisers, or representatives who require access for legitimate operational, support, security, compliance, legal, accounting, insurance, or administrative purposes;

(c) cloud hosting, storage, database, security, monitoring, backup, authentication, email, support, website analytics, incident response, or other service providers that help us operate, secure, monitor, support, or administer EduNomicon;

(d) third-party language model or AI service providers, but only where optional AI-assisted explanation features are used and only for the purpose of generating the requested explanation, subject to the limitations described in this Privacy Policy;

(e) professional advisers, insurers, auditors, legal advisers, accountants, or consultants where reasonably necessary for business, governance, compliance, security, legal, insurance, or risk management purposes;

(f) regulators, law enforcement bodies, courts, tribunals, government agencies, or other lawful authorities where required or authorized by law;

(g) another organization involved in an actual or proposed business transfer, merger, acquisition, restructuring, financing, sale of assets, or similar transaction, provided reasonable steps are taken to protect personal information and customer confidentiality; and

(h) any other person or organization where the customer has authorized the disclosure, or where the disclosure is otherwise required or permitted by law.

8.3 We do not sell customer-uploaded data or student personal information.

8.4 Unless expressly agreed in writing, we do not disclose customer-uploaded data or customer-specific models to other customers for cross-customer analytics, advertising, resale, bench marking, model development, or unrelated commercial purposes.

8.5 Where we use service providers, we take reasonable steps to ensure that they handle information consistently with applicable privacy, security, confidentiality, and contractual obligations.

8.6 Where information is controlled by a customer, such as school-supplied student data, the customer is responsible for determining whether a disclosure is lawful, authorized, necessary, and consistent with its privacy notices, policies, legal obligations, and educational purpose.

8.7 We may disclose aggregated, de-identified, or non-customer-identifying information for service improvement, platform monitoring, security, reporting, analytics, research, or business purposes, provided the information does not reasonably identify the customer, authorized users, students, parents, staff, or other individuals.

8.8 We may disclose information where reasonably necessary to investigate, prevent, respond to, or remediate suspected unauthorized access, misuse, security incidents, privacy incidents, prohibited data uploads, breaches of terms, unlawful activity, or risks to student safety, platform integrity, or the rights of any person.

8.9 We may disclose information to the relevant customer where necessary to support access review, security investigation, privacy investigation, audit review, incident response, misuse detection, compliance review, or customer governance.

8.10 If we are required to disclose information by law, court order, regulator, government agency, or lawful authority, we will take reasonable steps to limit the disclosure to what is required or authorized, where lawful and practicable to do so.

8.11 We do not knowingly disclose customer production data overseas under the standard deployment model unless otherwise agreed in writing, required by law, or necessary for an approved service, support, security, or operational purpose described in this Privacy Policy.

8.12 Some limited technical, operational, diagnostic, support, authentication, website analytics, security, or optional AI-assisted explanation metadata may be handled by third-party service providers, including providers that may operate outside Australia, where reasonably necessary to operate, secure, monitor, support, or administer the platform.

8.13 Where overseas disclosure may occur, we will take reasonable steps to manage the privacy and security risks associated with that disclosure, having regard to the nature of the information and the purpose of the disclosure.

9. Hosting, Storage and Overseas Disclosure

9.1 Under the standard deployment model, EduNomicon is hosted in Australia using Australian cloud infrastructure, unless otherwise agreed in writing with the customer.

9.2 EduNomicon may store and process customer data, uploaded datasets, generated models, reports, outputs, account information, audit logs, diagnostic records and other platform information as reasonably necessary to provide, secure, maintain, support and administer the platform.

9.3 EduNomicon may use third-party service providers to support hosting, storage, security, monitoring, authentication, support, email, website analytics, backups, incident response and other operational functions.

9.4 We take reasonable steps to select and manage service providers with regard to privacy, security, reliability and the nature of the information being handled.

9.5 Unless otherwise agreed in writing, we will not knowingly store customer production data outside Australia under the standard deployment model.

9.6 Some limited technical, operational, diagnostic, support, authentication, website analytics or security metadata may be processed by third-party services where reasonably necessary to operate, secure, monitor or support the platform.

9.7 If we propose a material change to the hosting location of customer production data, we will take reasonable steps to notify affected customers where required by law, contract or applicable agreement.

9.8 No method of electronic transmission, cloud hosting or electronic storage is completely secure. We take reasonable steps to protect information handled by EduNomicon, but we cannot guarantee absolute security.

10. Data Security

10.1 We take reasonable steps to protect personal information and customer data handled by EduNomicon from misuse, interference, loss, unauthorized access, unauthorized modification and unauthorized disclosure.

10.2 EduNomicon may use technical and organizational safeguards including encryption in transit, access controls, authentication controls, role-based permissions, tenant separation, audit logging, security logging, backup practices, monitoring, vulnerability management, administrative access controls and secure cloud configuration.

10.3 Access to customer data is limited to authorized users and authorized personnel who require access for legitimate operational, support, security, compliance or administrative purposes.

10.4 EduNomicon may record audit logs, security logs, upload events, export events, model activity, authentication events and administrative actions to support security, privacy, troubleshooting, misuse detection, compliance review and platform integrity.

10.5 Customers and authorized users are responsible for keeping their credentials secure, using appropriate devices and networks, managing user access, removing users who no longer require access, and notifying us promptly of suspected unauthorized access or misuse.

10.6 If we become aware of a suspected or confirmed security incident involving personal information handled by EduNomicon, we will take reasonable steps to investigate, contain and remediate the incident and notify affected customers where required by law, contract or applicable agreement.

11. Retention, Deletion and Customer Control

11.1 We do not claim ownership of customer-uploaded data.

11.2 We do not sell customer-uploaded data.

11.3 Unless expressly agreed in writing, we do not use customer-uploaded data or customer-specific models for unrelated commercial purposes, advertising, resale, or cross-customer model development.

11.4 We retain customer-uploaded data, generated models, reports, outputs, logs and related records for as long as reasonably necessary to provide, secure, maintain, support, monitor, audit and administer EduNomicon, or as otherwise required by law, contract, security, compliance, backup, dispute resolution or platform integrity requirements.

11.5 Customers may request export, deletion, restriction or review of customer data in accordance with the applicable agreement, this Privacy Policy, the Terms of Service and technical limitations of the platform.

11.6 Where customer-uploaded data is deleted or removed, customer-specific models, reports, outputs and derived records that depend on that data may also be deleted or disabled, except where retention is reasonably required for audit, security, legal, dispute resolution, compliance, backup or platform integrity purposes.

12. Student and Child Privacy

12.1 EduNomicon may handle student-level data where that data is uploaded, supplied, authorized, or otherwise made available by a customer for an approved educational analytics purpose.

12.2 EduNomicon is designed for use by authorized school or organizational users. It is not designed for unrestricted direct use by children, students, parents, guardians, or members of the public unless expressly agreed in writing.

12.3 EduNomicon does not require student names, parent names, home addresses, phone numbers, personal email addresses, photographs, government identifiers, health records, counseling notes, free-text welfare notes, or similar direct identifiers or high-risk information for standard educational analytics use cases.

12.4 Where student-level linkage is required, the preferred configuration is the use of a school-generated pseudonymous identifier rather than direct identifiers or government-issued identifiers.

12.5 EduNomicon outputs relating to students are decision-support only. They must be reviewed by appropriately authorized human users and must not be used as the sole basis for decisions affecting a student.

12.6 Customers remain responsible for ensuring that any student personal information uploaded to EduNomicon is lawful, appropriate, authorized, relevant, accurate, minimized, and consistent with the customer’s privacy notices, collection statements, internal policies, legal obligations, and educational purpose.

12.7 Customers are responsible for ensuring that students, parents, guardians, and other affected individuals receive any privacy notices, collection notices, consents, or explanations required by law or by the customer’s own policies.

12.8 EduNomicon does not sell student personal information.

12.9 Unless expressly agreed in writing, EduNomicon does not use customer-uploaded student data or customer-specific models for advertising, resale, unrelated commercial purposes, or cross-customer model development.

12.10 EduNomicon must not be used for student surveillance, screen monitoring, biometric identification, emotion detection, behaviour management, social media monitoring, automated disciplinary action, automated wellbeing triage, automated health diagnosis, or any other child-impacting use case not expressly approved in writing.

12.11 If a customer proposes to use EduNomicon for a high-risk student support, wellbeing, safeguarding, disability, mental health, self-harm, legal, custody, child protection, or similar purpose, the customer must obtain EduNomicon’s express written approval before uploading or processing that information.

12.12 Approved high-risk student support use cases may require additional governance controls, including restricted access, executive approval, privacy review, documented human review procedures, audit logging, defined escalation pathways, user training, and additional data minimization controls.

12.13 EduNomicon may block, restrict, quarantine, review, or delete uploads that appear to contain unnecessary, excessive, sensitive, unauthorized, prohibited, or high-risk student information.

12.14 Customers and authorized users must promptly notify EduNomicon if they become aware of inappropriate student data uploads, unauthorized student data access, suspected misuse, privacy incidents, security incidents, or any other issue affecting student privacy or safety.

12.15 EduNomicon will take reasonable steps to protect student personal information handled through the platform, including through access controls, tenant separation, audit logging, security controls, and other safeguards appropriate to the nature of the information being handled.

13. Customer Responsibilities

13.1 Customers are responsible for ensuring that their use of EduNomicon complies with applicable privacy, education, child safety, records management, employment, contractual and data protection obligations.

13.2 Customers are responsible for ensuring that uploaded data is lawful, accurate, appropriate, authorized, relevant and limited to what is reasonably necessary for the agreed educational analytics purpose.

13.3 Customers must ensure that they have all necessary rights, permissions, notices, consents, approvals and legal bases required to upload, process, analyze, use and disclose information through EduNomicon.

13.4 Customers must not upload sensitive, health, legal, financial, government identifier, biometric, disability, wellbeing, safeguarding or other high-risk information unless expressly approved in writing under a separate high-risk deployment arrangement.

13.5 Customers are responsible for managing authorized users, assigning appropriate roles and permissions, removing access when no longer required, and ensuring authorized users understand their privacy, security and responsible-use obligations.

13.6 Customers are responsible for reviewing EduNomicon outputs before use. EduNomicon outputs are decision-support only and must not be used as the sole basis for decisions affecting individuals.

13.7 Customers must promptly notify EduNomicon if they become aware of unauthorized access, inappropriate data uploads, suspected misuse, security incidents, privacy incidents or any other matter requiring urgent review. 13.8 Customers remain responsible for any data, reports, outputs, exports or other information downloaded, shared or otherwise handled outside the EduNomicon platform by the customer or its authorized users.

14. Cookies and Website Analytics

14.1 Our website and related online services may use cookies, analytics tools and similar technologies to operate the website, understand usage, improve performance, support security and improve our services.

14.2 The information collected may include IP address, browser type, device information, pages visited, referral information, approximate location information, timestamps and website interaction data.

14.3 We may use third-party analytics or website service providers to help us understand website usage and improve our services.

14.4 Website analytics information is generally used in aggregated or statistical form and is not intended to identify individual students.

14.5 Users may be able to disable or limit cookies through their browser settings. Some website functions may not operate correctly if cookies are disabled.

14.6 EduNomicon platform audit logs and security logs are separate from general website analytics and may be used for security, access control, troubleshooting, compliance and platform integrity purposes.