Privacy Policy — Clicked Academy

Privacy Policy

Clicked Academy Pty. Ltd.
ACN 690 849 480
Registered office: Suite 282, 4 Young Street, Neutral Bay NSW 2089, Australia

Effective date: April 1st, 2026
Last updated: April 1st, 2026

1. Who we are

Clicked Academy Pty. Ltd. (“Clicked Academy”, “we”, “us” or “our”) provides an education technology platform for the creation, delivery and management of interactive digital learning experiences for registered training organisations, vocational education providers, higher education providers, enterprise learning teams and other education institutions.

This Privacy Policy explains how we collect, hold, use, disclose and protect personal information.

We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. The APPs are the core Australian privacy rules governing how covered organisations manage personal information, including openness, collection, use, disclosure, security, access and correction.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal information collected through:

the Clicked Academy platform;

our websites and web applications;

learning management system and single sign-on integrations;

customer onboarding, support and account administration;

communications with us, including privacy and support enquiries.

Clicked Academy is currently designed primarily for adult learners and adult education providers, including RTO, VET and higher education settings. Some parts of this policy also address future school-sector use.

3. The kinds of personal information we collect

Depending on how Clicked Academy is used, we may collect and hold the following categories of personal information.

Account and identity information

full name;

email address;

organisation name;

role or account type;

learner ID, student number or institutional identifier;

Learning and academic information

course, lesson or module enrolment data;

participation and progress data;

assessment attempts, responses and results;

educator-entered feedback and comments;

completion, usage and learning interaction records.

Content and files

files, documents, images, audio, video or other materials uploaded by customers, educators or learners;

authored learning content, prompts, project materials and related platform content;

support requests, issue reports and related attachments.

Technical and usage information

IP address;

browser type;

device type;

operating system;

access timestamps;

application, security and audit logs;

diagnostic information.

Customer relationship and operational information

contact details for customer administrators and representatives;

implementation, support and service history;

transaction and billing records, where relevant.

We do not intentionally seek to collect sensitive information unless it is required for a customer workflow and is lawful and appropriately authorised. At present, Clicked Academy is not designed to require health information, disability information, racial or ethnic origin, religious belief, political opinion or other sensitive information as a normal part of the service.

4. How we collect personal information

We collect personal information in a number of ways, including when:

an institution, employer, educator or administrator creates an account for a user;

a learner, educator or administrator uses the platform;

a customer uploads records, files or learning content;

a user submits assessments, responses or support requests;

users communicate with us by email or support channels;

technical information is generated through normal platform use.

Currently, many learner accounts are created by institutions. In future, we may also permit direct self-registration for some users. Where self-registration is enabled, we may collect personal information directly from the user during sign-up and onboarding.

Where we collect personal information from a third party, such as an institution or learning management system provider, we rely on that organisation to ensure it has appropriate authority and notices in place.

5. Why we collect, use and disclose personal information

We collect, use and disclose personal information for purposes including:

providing access to the Clicked Academy platform;

creating and managing user accounts;

delivering educational content and learning experiences;

managing enrolments, progress tracking, assessments and reporting;

supporting integrations with learning systems and institutional workflows;

responding to support requests and service issues;

maintaining security, access controls, logs and auditability;

improving product performance, usability, reliability and safety;

complying with legal, regulatory, funding, contractual and audit requirements;

enforcing our terms, protecting rights and preventing misuse;

communicating with customers about service updates, administration and support.

Where permitted by law and contract, we may also use de-identified or anonymised data for product analytics, internal research, model improvement, service optimisation and platform development.

We do not authorise third-party AI providers to train on our customer data.

6. AI and automated processing

Clicked Academy uses and may continue to expand the use of AI-enabled tools and services within its platform and internal operations. These may include services provided by:

OpenAI;

Replicate;

ElevenLabs.

Clicked Academy is designed so that learner-submitted personal information is not sent to third-party AI providers as part of standard learner use of the platform.

We may use de-identified or anonymised data to improve our own systems, workflows and models where legally permitted and operationally appropriate.

For future school-sector use, we aim to support responsible and ethical AI use, human oversight, transparency, safety and institutional control. These themes are consistent with the Australian Framework for Generative AI in Schools, which was endorsed by Education Ministers and guides responsible use of generative AI in Australian school contexts.

7. If you do not provide personal information

If required personal information is not provided, we may be unable to:

create or administer an account;

deliver a course or learning activity;

track progress or assessment;

respond to support requests;

provide some or all platform functionality.

8. Disclosure of personal information

We may disclose personal information to:

the institution, employer or education provider that engaged us;

authorised administrators, educators, trainers, assessors and support personnel;

technology hosting and infrastructure providers;

contractors and service providers who help us operate the platform;

identity, security, backup, logging and support vendors;

legal, regulatory, governmental or law enforcement bodies where required or authorised by law;

professional advisers such as lawyers, auditors, insurers and accountants;

a successor entity in connection with a merger, acquisition, corporate restructure or asset transfer.

Where Clicked Academy is provided through an institution, that institution typically controls much of the learner relationship and determines what learner data is collected and used in its LMS or education environment. In those cases, Clicked Academy generally acts as a service provider to the institution in relation to much of that data.

9. Overseas disclosure and cross-border services

Clicked Academy’s primary hosting environment and backups are hosted on Amazon Web Services in Sydney, Australia.

Some of our service providers, including AI-related vendors such as OpenAI, Replicate and potentially ElevenLabs, may be located outside Australia or may process data outside Australia. Where personal information is disclosed overseas, we take reasonable steps to ensure the information is handled in a manner consistent with Australian privacy requirements, including through contractual controls, access restrictions, security reviews and data-minimisation practices.

The APP framework includes specific obligations for overseas disclosure of personal information under APP 8.

10. Data security

We take reasonable steps to protect personal information from misuse, interference, loss and from unauthorised access, modification or disclosure.

Our safeguards include measures such as:

encryption in transit;

encryption at rest;

role-based access controls;

audit logging;

regular backups;

access management and operational security controls;

cloud infrastructure protections appropriate to an education platform.

The Privacy Act framework expects APP entities to take reasonable steps to protect personal information they hold. If an eligible data breach occurs, the Notifiable Data Breaches scheme may require notification to affected individuals and the OAIC.

No system can be guaranteed to be completely secure, but we work to maintain safeguards appropriate to the nature of the information and the services we provide.

11. Data retention

Clicked Academy retains personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

provide services to customers;

maintain academic and platform records;

comply with contractual, audit, legal, funding and regulatory obligations;

maintain security logs and evidence trails;

support dispute resolution, service continuity and legitimate business operations.

Because Clicked Academy is used in education and training contexts, some records may need to be retained for extended periods to support compliance, audit, recordkeeping and institutional requirements.

Where deletion or export is requested, this may be carried out subject to customer approval, contractual terms, technical limitations and applicable legal or regulatory retention requirements.

When personal information is no longer reasonably required and we are not required or authorised to retain it, we will take reasonable steps to de-identify or securely destroy it.

12. Direct marketing

Clicked Academy does not currently use optional marketing trackers, remarketing technologies or advertising pixels as part of its standard platform operation.

We may send administrative or service-related communications that are necessary for account management, support, security, billing or contractual performance.

If we introduce optional marketing communications, analytics, advertising or remarketing technologies in future, we will update this Privacy Policy and, where required, provide appropriate notice or choice.

13. Cookies and similar technologies

Clicked Academy may use cookies, tokens, session identifiers and similar technologies that are reasonably necessary for:

authentication;

session management;

security;

maintaining user preferences;

platform performance and reliability.

At present, Clicked Academy does not use optional marketing, remarketing or advertising cookies as part of its standard platform operations.

If we introduce non-essential analytics, advertising, personalisation or cross-site tracking technologies in future, we will update this Privacy Policy and, where required, provide additional notices or choices.

14. Payment information

Clicked Academy may receive billing and transaction-related information in connection with customer subscriptions or services.

We do not store credit card details ourselves.

If payment workflows change in future and involve third-party payment processors, we may update this Privacy Policy to reflect those arrangements.

15. Access and correction

Individuals may request access to personal information we hold about them and request correction of inaccurate, out-of-date, incomplete, irrelevant or misleading personal information.

Where Clicked Academy is provided through an institution, we may direct the request to the relevant institution if that institution is the primary controller of the relevant learner data or is better placed to respond.

We may refuse access or correction where permitted by law, but if we do so, we will explain the basis for that decision where required.

16. Anonymity and pseudonymity

In many cases, it is impracticable for users to engage with Clicked Academy anonymously or pseudonymously because identity-linked records are required to deliver educational services, track enrolment, progress, assessment, support and compliance obligations.

17. Children and school-sector use

Clicked Academy is currently intended for adult learners and adult education providers. It is not presently designed as a consumer-facing service for children.

If Clicked Academy is used in school contexts in future:

the relevant school, education authority or provider will generally be responsible for providing required notices and obtaining any required parent or guardian consents, authorisations or permissions;

we will work with the institution on appropriate contractual and operational safeguards;

we may apply additional controls for student privacy, age-appropriate design, minimisation and school oversight.

The OAIC’s Children’s Online Privacy Code is scheduled to come into effect on 10 December 2026, which reinforces the importance of child-specific privacy protections for services likely to be accessed by children.

18. Educational-sector contracting

For institutional customers, Clicked Academy may enter into agreements covering privacy, security, data handling and service responsibilities.

Where Clicked Academy is integrated with a customer LMS or otherwise used under an institutional agreement:

the institution typically determines the educational purpose and lawful basis for collection and use of learner data;

Clicked Academy acts in accordance with the customer contract and documented service scope;

the institution is responsible for notices, consents and permissions it is required to obtain from its learners, staff, parents or guardians.

19. Data breach response

If we become aware of a data breach involving personal information, we will investigate and respond in accordance with our incident response processes and applicable law.

Where the breach is an eligible data breach under the Notifiable Data Breaches scheme, we will notify affected individuals and the OAIC as required.

20. Complaints

If you have a question, concern or complaint about how we handle personal information, contact us first:

Data Privacy Officer
Ron Fortune, Co-Founder
Clicked Academy Pty. Ltd.
Email: privacy@clickedacademy.ai

Please provide enough detail for us to investigate and respond.

We will review your complaint and respond within a reasonable time.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC), which regulates privacy complaints under the Privacy Act.

21. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal requirements, educational-sector expectations or vendor arrangements.

The most current version will be published on our website or platform with the updated effective date.

22. Contact us

Clicked Academy Pty. Ltd.
Suite 282, 4 Young Street
Neutral Bay NSW 2089
Australia

Privacy enquiries: privacy@clickedacademy.ai