Sign inSign up
Legal

Learner Data Policy

This policy explains how Edzo collects, uses, stores, and protects data relating to learners on our educational platform, and the rights and responsibilities of schools, parents/guardians, and learners.

Last updated: 10 February 2026

This Learner Data Policy supplements our Privacy Policy and provides specific detail about how we handle data relating to learners (students) who use the Edzo platform. It is intended for schools, educators, parents/guardians, and learners themselves.

1. Our Commitment to Learner Data Protection

Edzo is purpose-built for education. Protecting learner data is foundational to our platform. We commit to the following principles:

  • Education-only use: Learner data is used solely to provide, support, and improve the educational service. It is never used for advertising, profiling, or sale to third parties.
  • Data minimisation: We collect only the minimum personal information necessary to deliver the learning experience.
  • Transparency: Schools, parents/guardians, and learners can understand what data is collected and how it is used.
  • Security: Learner data is protected by industry-standard technical and organisational safeguards.
  • Control: Schools and parents/guardians retain control over learner data and can request access, correction, or deletion.

2. How Learners Access the Platform

Learners do not independently create Edzo accounts. Access is always provisioned through one of the following authorised channels:

2.1 School-Managed Access

Schools and educators create or provision learner accounts as part of their classroom or institutional setup. In this model:

  • under Australian privacy law, the school or organisation is generally responsible for decisions about why learner personal information is collected and used through its Edzo deployment;
  • Edzo handles learner data on the school's instructions to deliver, secure, and support the platform, subject to applicable law and contractual commitments;
  • the school is responsible for obtaining any required parental consent or notice before provisioning learner accounts;
  • educators and school administrators can view learner progress, responses, and activity data as part of their teaching and administrative roles.

For international frameworks (such as GDPR), these responsibilities may be described as controller/processor roles. For Australian operations, this policy should be read with the Privacy Act 1988 (Cth) and APP obligations in mind.

2.2 Parent/Guardian-Managed Access

Parents or guardians may create learner accounts directly (e.g. for home learning). In this model:

  • the parent/guardian provides consent and manages the learner's account;
  • the parent/guardian can access, review, and request deletion of their child's data at any time;
  • the parent/guardian is responsible for supervising their child's use of the platform.

2.3 No Unsupervised Child Sign-Up

Edzo does not permit children under 18 to create accounts independently. All learner accounts require authorisation by a school, educator, or parent/guardian.

Learner accounts cannot publish content publicly to the open internet.

3. Learner Data We Collect

The specific data collected depends on the learner's use of the platform. We may collect:

3.1 Identity and Account Data

  • first name and/or display name (as provided by the school or parent/guardian);
  • username or login identifier;
  • school/class/group affiliation;
  • year level or age group (where provided).

Note: We do not require learners to provide a personal email address. Where schools use single sign-on (SSO), authentication is handled by the school's identity provider.

3.2 Learning and Activity Data

  • responses to activities, quizzes, assessments, and interactive blocks;
  • progress and completion status for assigned resources;
  • scores, marks, and performance data;
  • time spent on tasks and resources;
  • collaborative contributions (e.g. shared documents, comments within activities).

3.3 Technical and Usage Data

  • device type, browser, and operating system;
  • IP address (used for security and abuse prevention, not for tracking or profiling);
  • session data and platform navigation patterns;
  • error logs relevant to the learner's session.

4. How We Use Learner Data

Learner data is used exclusively for the following purposes:

  • Delivering the learning experience: presenting content, activities, quizzes, and resources assigned by educators;
  • Tracking progress: recording responses, scores, and completion so educators and parents/guardians can monitor learning;
  • Enabling collaboration: supporting real-time collaborative features within resources where enabled by the educator;
  • Platform operation: maintaining sessions, authentication, and access control;
  • Security: detecting and preventing unauthorised access, abuse, and technical issues;
  • Service improvement: aggregated, de-identified usage data may be used to improve platform features and educational outcomes. Individual learner data is not used for this purpose.

4.1 What We Do NOT Do with Learner Data

  • We do not sell learner data to any third party.
  • We do not use learner data for advertising or behavioural targeting.
  • We do not build individual learner profiles for non-educational purposes.
  • We do not share learner data with third parties for their marketing.
  • We do not send marketing communications to learners.

5. Who Can Access Learner Data

5.1 Educators

Educators who assign resources to learners can view learning activity, responses, progress, and performance data for learners within their classes or groups.

5.2 School Administrators

Organisation administrators can manage learner accounts, view aggregated and individual learner data, and exercise data rights on behalf of the school and its learners.

5.3 Parents and Guardians

For parent/guardian-managed accounts, the parent/guardian has full access to their child's data and account settings. For school-managed accounts, parents/guardians should contact the school to request access to their child's learning data.

5.4 Learners

Learners can see their own progress, responses, and activity within the platform. The extent of visible data depends on the settings configured by the educator or parent/guardian.

5.5 Edzo Staff

Edzo staff access learner data only when necessary for platform operation, support, or security purposes, and subject to strict access controls and confidentiality obligations.

5.6 Third-Party Service Providers

Trusted service providers (e.g. cloud hosting, authentication) may process learner data on our behalf under contractual obligations that prohibit them from using the data for any other purpose. We do not share learner data with third parties for advertising or marketing.

6. Data Retention and Deletion

6.1 Active Accounts

Learner data is retained for as long as the learner's account remains active and the school or parent/guardian maintains a relationship with Edzo.

6.2 Account Closure and Offboarding

When a learner account is closed (by a school, parent/guardian, or upon request):

  • learner personal data and learning activity data will be deleted or de-identified within 90 days;
  • backup copies may persist for up to an additional 30 days before being purged;
  • aggregated, de-identified data that cannot be linked to an individual may be retained for platform improvement.

These retention periods are the canonical learner-data timelines and should be read together with our Privacy Policy and Terms and Conditions .

6.3 School Offboarding

When a school or organisation ends its relationship with Edzo, we will delete or de-identify all learner data associated with that organisation within 90 days of the effective termination date, unless a longer retention period is agreed or required by law.

Schools may request a data export before offboarding by contacting [email protected].

6.4 Deletion Requests

Schools, parents/guardians, and authorised individuals may request deletion of specific learner data at any time by contacting [email protected]. We will process requests within 30 days.

7. Data Security

We apply the following safeguards to protect learner data:

  • Encryption: data is encrypted in transit (TLS) and at rest;
  • Access controls: role-based access ensures only authorised users can view learner data;
  • Least privilege: staff and systems have access only to the data necessary for their function;
  • Monitoring: we monitor for suspicious activity and unauthorised access attempts;
  • Incident response: we maintain procedures for responding to data breaches, including notification to affected schools, individuals, and authorities (including the OAIC) where required by law;
  • Vendor security: third-party providers are assessed for security practices and bound by data processing agreements.

8. Data Hosting and International Transfers

Edzo's primary infrastructure is hosted in Australia. Some third-party services may process data in other jurisdictions.

Where learner data is transferred outside Australia, we ensure appropriate contractual and technical safeguards are in place, consistent with the Australian Privacy Principles.

Schools requiring data residency guarantees should contact us to discuss available options.

9. Schools' Responsibilities

Schools and organisations using Edzo are responsible for:

  • obtaining any required parental consent or providing appropriate notice before creating learner accounts;
  • ensuring learner data provided to Edzo is accurate and limited to what is necessary;
  • managing user access and removing accounts for learners who leave the school;
  • informing parents/guardians about the school's use of Edzo and directing them to this policy;
  • complying with applicable privacy legislation in their jurisdiction.

10. Parents' and Guardians' Rights

Parents and guardians have the right to:

  • Know what learner data is collected and how it is used (as described in this policy);
  • Access their child's personal information and learning data;
  • Request correction of inaccurate information;
  • Request deletion of their child's data, subject to the school's agreement (for school-managed accounts) or directly (for parent-managed accounts);
  • Withdraw consent for data processing, which may result in the learner losing access to the platform.

For school-managed accounts, we recommend parents/guardians contact the school in the first instance. The school can then contact us to action requests. Parents/guardians may also contact us directly at [email protected].

11. Compliance

This policy is designed to comply with:

  • Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);
  • applicable Australian state and territory privacy and education legislation;
  • General Data Protection Regulation (GDPR) where we process data of individuals in the EEA or UK;
  • relevant international children's data protection standards.

12. Changes to This Policy

We may update this policy from time to time. If we make material changes that affect how learner data is handled, we will notify schools and account holders via email or in-platform notice.

13. Related Policies

14. Contact Us

For questions about learner data, to exercise data rights, or to report a concern:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) .

Free learning resources to your inbox each month