Our Privacy Policy is in development.

• The Australian Privacy Act 1988 and the 13 Australian Privacy Principles.
• The Notifiable Data Breaches scheme.
• The OAIC’s Children’s Online Privacy Code, in spirit ahead of any final wording, because we deal with kids’ data.
• New Zealand’s Privacy Act 2020 for any NZ schools we work with.
• State and territory education department requirements (data sharing agreements, security standards) for the public systems we serve.

• We never sell student data. Not now, not ever.
• We never use student data for advertising, profiling, or any purpose outside the reading experience.
• Data lives on Australian-region cloud infrastructure with encryption in transit and at rest.
• Schools can request a full export, correction, or deletion of any record they own at any time.
• We will notify any affected school within 72 hours of discovering a data incident, and the OAIC where required.

We’re happy to walk you through how data is handled, what our sub-processors are, where servers sit, and what our security controls look like. We can also share a draft Data Processing Addendum, an outline of which is published at /dpa.

Email support@bigwella.com with whatever your compliance team needs to see. We answer plainly, usually the same day.

Before any paying school signs. The final document will be drafted by a lawyer who works with Australian edtech, and will cover everything the APPs require: identity and contact, kinds of data, how collected, purposes, recipients, overseas disclosure, retention, security, access and correction, complaints, breach handling, and updates.