Privacy Policy

Who we are

Clarity4Growth (ABN 51 567 672 559) provides the EASY Compliance software platform to Australian schools for NCCD compliance and student support planning.

Privacy contact: privacy@clarity4growth.com.au

What information is collected

EASY Compliance stores information that schools enter about their students, including:

• Student name, date of birth, photo (optional), year level
• Diagnoses, imputed disabilities, and functional impact statements
• Classroom adjustment records, goals, and intervention timetables
• Meeting and plan records, including signatures
• Staff notes and observations
• Parent/carer contact details
• Uploaded documents (medical reports, assessments)

We also collect basic login information (email address, login timestamps) for staff who use the platform.

We do not collect information that isn't directly entered by school staff. There is no tracking, no analytics, no advertising, and no third-party marketing data collection.

Where data is stored

All data is stored on Google Cloud servers in Sydney, Australia (australia-southeast1). This is enforced at the code level — the platform physically cannot store or process data outside Australia.

There are no exceptions to this. Backups, file attachments, AI processing, and audit logs all stay in Australia.

Who can see the data

Access is controlled by the school's leadership through a role-based permission system with nine levels:

• Owner / Executive — can see everything, manage settings and users
• Leadership — can see student summaries, notes, goals, plans, and timetables
• Classroom teachers — can see students in their own year level
• Specialist / Intervention teachers — can see specific sections relevant to their role
• ESOs — can see student summaries, notes, and meeting records

Clarity4Growth staff do not access individual student records during normal operations. We only access data when a school explicitly requests technical support, and all such access is logged.

How AI features work

EASY Compliance includes optional AI features that help staff draft notes, suggest goals, and check NCCD documentation completeness. When these features are used:

1. Names are removed on your device — student, parent, teacher, and ESO names are replaced with placeholders before any data leaves the browser. The AI never sees a real name.
2. Processing happens in Australia — AI requests go to Google Vertex AI in Sydney. No data leaves the country.
3. No training on your data — the AI provider (Google) is contractually prohibited from using school data to train its models.
4. Everything is reviewable — AI-generated content is clearly labelled and always editable by staff before saving.

AI features can be disabled entirely by the school's leadership at any time.

How long data is kept

NCCD student records are retained for up to 30 years after a student leaves the school, in line with Australian education record-keeping requirements. After that period, records are permanently deleted.

Schools can request earlier deletion of any student's records at any time via a written request from the principal.

Your rights

Parents and carers have the right to:

• Access — see what information the school holds about their child
• Correction — request corrections to inaccurate information
• Deletion — request deletion of records (subject to the school's legal obligation to retain NCCD evidence)
• Complaint — raise concerns with the school principal, or with the Office of the Australian Information Commissioner

Requests should be directed to the school in the first instance, as the school is the data controller. Clarity4Growth is the data processor, acting on the school's instructions.

Data breaches

In the event of a personal data breach, we will notify the affected school within 24 hours of becoming aware, and cooperate with the school's obligations under the Notifiable Data Breaches scheme of the Privacy Act 1988 (Cth).

Third parties

We use the following infrastructure providers. No other third parties have access to school data.

Provider	Purpose	Location
Google Cloud Platform	Hosting, database, file storage, backups	Sydney, Australia
Google Vertex AI	AI features (optional, names removed)	Sydney, Australia
Sentry (optional)	Error monitoring (anonymised, no student data)	EU

There is no Google Analytics, no Facebook pixel, no advertising tracking, and no data sold to or shared with any marketing provider.

Compliance

EASY Compliance is built to comply with:

• Privacy Act 1988 (Cth) and the Australian Privacy Principles
• Notifiable Data Breaches scheme
• Disability Discrimination Act 1992 and the Disability Standards for Education 2005
• Australian Education Regulation 2023 (NCCD)
• Child Safe Standards (Victoria) and the National Principles for Child Safe Organisations

Changes to this policy

Material changes will be communicated to school principals at least 30 days before they take effect.

Contact

Privacy enquiries: privacy@clarity4growth.com.au

Security concerns: security@clarity4growth.com.au