Privacy Policy

Last updated: 10 February 2026

This Privacy Policy applies to all users of the Edzo platform, including educators, administrators, learners, parents/guardians, school organisations, and website visitors. For detailed information about how learner data is handled, please also read our Learner Data Policy .

1. Who We Are

Edzo Pty Ltd (Edzo, we, us, our) is an educational technology company based in Queensland, Australia. We provide an interactive learning platform for primary-aged learners (typically 5 to 12 years old) and supporting tools for educators.

We are committed to protecting personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable state and territory privacy legislation.

2. Who This Policy Applies To

This policy covers personal information we collect from:

Educators and administrators who create accounts, build resources, and manage classrooms;
Learners who access activities, quizzes, and learning resources through school-managed or parent/guardian-managed accounts;
Parents and guardians who authorise or manage learner accounts;
Organisation administrators (schools, districts, institutions) who manage subscriptions and user access;
Website visitors who browse our public website.

3. Personal Information We Collect

3.1 Account and Profile Information

When you create an account or are provisioned access by an organisation, we may collect:

name, email address, and contact details;
role (educator, administrator, learner, parent/guardian);
organisation or school affiliation;
profile preferences and settings;
authentication credentials (passwords are hashed; we never store plaintext passwords).

3.2 Learning Activity Data

When learners and educators use the platform, we may collect:

responses to activities, quizzes, and assessments;
progress, completion, and performance data;
collaborative content created within resources (e.g. shared documents, comments);
time spent on tasks and resources.

3.3 Device and Technical Data

We automatically collect certain technical data when you use the platform, including:

IP address, browser type, operating system, and device information;
pages viewed, referral URLs, and navigation patterns;
cookies and similar tracking technologies (see Section 11);
error logs and performance data.

3.4 Billing and Payment Information

If you purchase a subscription or plan, we collect billing details such as name, email, billing address, and payment method. Payment card details are processed by our third-party payment processor and are not stored on our servers.

3.5 Communications

We collect information from support requests, feedback submissions, and other communications you send to us.

4. How We Use Personal Information

We use personal information to:

provide, operate, and maintain the platform and Services;
create and manage user accounts;
deliver learning content and track educational progress;
enable collaboration features within resources;
process payments, invoicing, and subscription management;
provide customer support and respond to enquiries;
communicate service updates, security alerts, and important notices;
analyse usage patterns to improve and develop the platform;
detect, prevent, and address security issues, fraud, and abuse;
comply with legal obligations and enforce our Terms and Conditions.

We do not sell personal information. We do not use learner data for advertising, profiling, or any purpose unrelated to educational service delivery.

5. Australian Privacy Framework (APPs)

For Australian users, we handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). In practice, this means we:

collect personal information only where reasonably necessary for our educational services, support, safety, security, legal compliance, and related operations;
use and disclose personal information primarily for the purpose for which it was collected, or for related purposes you would reasonably expect;
obtain consent where required by law, including where sensitive information is involved, and allow consent withdrawal where applicable;
provide direct marketing controls and unsubscribe options, and do not send marketing to learners;
take reasonable steps to ensure overseas recipients handle personal information consistently with applicable privacy obligations.

6. Disclosure of Personal Information

We may share personal information with:

Your Organisation: If your account is managed by a school or institution, administrators within that organisation may access account and learning data in accordance with their role;
Service providers: trusted third-party providers who help us operate the platform, including cloud hosting, payment processing, analytics, customer support, and email delivery. These providers are bound by contractual obligations to protect personal information;
Legal and regulatory authorities: where required by law, court order, subpoena, or to protect our rights, safety, or property;
Business transfers: in connection with a merger, acquisition, or sale of assets, where personal information may be transferred as part of that transaction.

We do not disclose learner personal information to third parties for advertising or marketing purposes.

7. Public Resources and Visibility

The Services allow members to create resources and choose visibility settings, including private and public options.

Learner accounts cannot publish content publicly to the open internet. Public publishing is restricted to authorised non-learner accounts.

When you choose to publish content publicly:

certain account information and content metadata (such as display name, profile image, resource title, description, thumbnails, and attached media) may be visible to the general public, including users who are not logged in;
public content may be indexed by search engines and cached by third-party services;
other users or third parties may copy, share, embed, or re-post publicly available content;
updates, unpublishing, or deletion of content may not immediately remove it from all caches, backups, logs, or third-party systems.

Please do not include sensitive personal information in publicly visible content unless you are authorised to disclose it and understand the associated risks.

We process public content and related metadata to provide publication features, support discovery, maintain platform safety, and enforce our Terms and Conditions .

8. International Data Transfers

Edzo is based in Australia. Our primary infrastructure is hosted in Australia. Some third-party service providers may process data in other jurisdictions (including the United States and European Economic Area).

Where personal information is transferred outside Australia, we take reasonable steps to ensure the recipient handles data in a manner consistent with the Australian Privacy Principles, including through contractual safeguards.

9. Data Retention

We retain personal information for as long as reasonably necessary to:

provide the Services and maintain your account;
comply with legal, accounting, and reporting obligations;
resolve disputes and enforce agreements.

When an account is closed or an organisation offboards, we will delete or de-identify personal information within a reasonable period, subject to legal retention requirements and backup cycles. For specific learner data retention timelines, see our Learner Data Policy .

10. Data Security

We implement appropriate technical and organisational measures to protect personal information, including:

encryption of data in transit (TLS) and at rest;
access controls and least-privilege principles;
regular security assessments and monitoring;
secure authentication mechanisms;
incident response procedures.

While we take reasonable steps to protect personal information, no system is completely secure. We cannot guarantee absolute security.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

maintain session state and authentication;
remember user preferences and settings;
analyse platform usage and performance;
support security and fraud prevention.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

We do not use tracking technologies to serve targeted advertising to learners.

We do not use learner personal information for advertising technology profiling or behavioural targeting.

12. Children and Minors

Edzo is designed for use by primary-aged learners (typically 5 to 12 years old) under the supervision of schools, educators, or parents/guardians.

We do not allow children to create accounts independently. Learner accounts are provisioned by an authorised school, educator, or parent/guardian.

We collect only the minimum personal information necessary to provide the educational service. We do not knowingly collect personal information from children without appropriate authorisation.

If you believe we have collected information from a child without proper authorisation, please contact us immediately at [email protected] and we will take steps to delete the information.

13. Your Rights

Under Australian privacy law and applicable international laws, you may have the right to:

Access: request a copy of the personal information we hold about you;
Correction: request correction of inaccurate or incomplete information;
Deletion: request deletion of personal information, subject to legal retention requirements;
Portability: request your data in a structured, commonly used format (where technically feasible);
Withdraw consent: withdraw consent for processing where consent was the basis (e.g. marketing communications);
Complaint: lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC).

For school-managed accounts: If your account is managed by a school or organisation, please direct access and deletion requests to your school administrator in the first instance. Schools may contact us to action requests on behalf of their users.

For parent/guardian-managed accounts: Parents and guardians may contact us directly to access, correct, or delete their child's personal information.

To exercise your rights, contact us at [email protected]. We will respond within 30 days.

14. European Users (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to restrict processing, object to processing, and lodge a complaint with your local supervisory authority.

Where we transfer personal data outside the EEA, we rely on appropriate safeguards such as standard contractual clauses.

15. Marketing Communications

We may send marketing communications to educators and administrators who have opted in. You can unsubscribe at any time via the link in any marketing email or by contacting us.

We do not send marketing communications to learners or use learner data for marketing purposes.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

If we make material changes, we will provide notice by posting the updated policy on our website and/or notifying account holders by email or in-platform notice.

We encourage you to review this policy periodically.

16.1 Notifiable Data Breach Response

Where we identify a suspected data breach involving personal information, we will assess and respond in line with our incident response procedures and applicable law, including notifying affected individuals and the Office of the Australian Information Commissioner where required.

17. Related Policies

18. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or want to make a complaint, please contact us:

Privacy enquiries:[email protected]
General support:[email protected]
Entity: Edzo Pty Ltd
Location: Queensland, Australia

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) .