Background Paths
Background Paths
← Back to home

Privacy Policy

How ACTI Analytics collects, uses, and protects personal information.

Effective date: 28 April 2026|Last updated: 28 April 2026

1. Who we are

ACTI Analytics is a platform operated by ACTI ANALYTICS PTY LTD (ACN 697 563 027), a proprietary company with limited liability, incorporated on 28 April 2026 in the Australian Capital Territory, Australia.

We provide a student device activity analytics platform to Australian secondary schools. Schools use ACTI Analytics to understand how school-issued devices are being used during class time, so they can support teaching and reduce off-task behaviour.

If you have questions about this policy or how we handle personal information, contact us at:

2. What personal information we collect

We collect two categories of personal information, depending on how you interact with us:

(a) Website visitors

If you fill in a contact or demo request form on our website, we collect:

  • Your name
  • Your email address
  • Your role and school name

We do not use tracking cookies or third-party analytics on our website.

(b) School platform users — student device activity

When a school deploys the ACTI agent on school-managed devices, the agent collects:

  • The name of the foreground application (e.g. “Google Chrome”)
  • The title or URL of the active browser tab
  • Whether audio is playing
  • Timestamps for each activity segment
  • A device identifier assigned by the school

The agent does not collect:

  • Student names, emails, or personal identifiers
  • Keystrokes, screenshots, or screen recordings
  • Camera or microphone audio
  • File contents or personal documents
  • Location data
  • Biometric data or any sensitive information as defined under the Privacy Act

Student identifiers used in the platform are opaque IDs assigned by the school. ACTI does not hold a mapping between these IDs and student names — only the school does.

3. How we collect it

Website information

We collect information directly from you when you submit a form on our website. Form submissions are processed through Formspree, a third-party form handling service.

Platform activity data

Activity data is collected by a lightweight software agent installed on school-managed macOS devices. The agent runs in the background and samples the foreground application every 5 seconds. It merges consecutive identical activity into segments, buffers them locally in an on-device database, and transmits them to our servers in batches every 30 seconds over HTTPS.

The agent is deployed and managed by the school’s IT administrators.

4. Why we collect it

We collect and use personal information for the following purposes:

  • Website enquiries: To respond to your contact or demo request and follow up with relevant information about our services.
  • Platform analytics: To provide the contracted analytics service to the school. Non-identifiable activity data is aggregated into dashboards that help teachers and administrators understand device usage patterns across classes and year groups.

We do not use personal information for advertising, profiling, or any purpose other than providing and improving the service contracted by the school.

5. Who we share it with

We share non-identifiable student activity data only with the following parties:

  • The subscribing school: Activity analytics are accessible to authorised school staff (administrators and teachers) through the ACTI dashboard.
  • Sub-processors: We use a small number of trusted service providers to operate the platform. Each is bound by contractual data protection obligations:
ProviderServiceLocation
RailwayBackend hosting and databaseSingapore
VercelFrontend hostingUnited States
Firebase (Google)AuthenticationUnited States
FormspreeWebsite form handlingUnited States

We do not sell, rent, or trade personal information to any third party. We do not share non-identifiable student data with advertisers or data brokers.

6. Overseas disclosure

Under Australian Privacy Principle 8, we are required to tell you when personal information is disclosed to overseas recipients.

Our backend infrastructure (including the database that stores non-identifiable activity data) is hosted by Railway in Singapore. Our frontend application is hosted by Vercel in the United States. Authentication is provided by Google Firebase, which processes data in the United States.

We take reasonable steps to ensure that overseas recipients handle personal information consistently with the Australian Privacy Principles. These steps include:

  • Selecting providers with strong data protection practices and certifications
  • Entering into contractual arrangements that require compliance with applicable privacy laws
  • Encrypting all data in transit and at rest
  • Limiting access to authorised personnel only

7. Storage and security

We take the security of personal information seriously and implement reasonable technical and organisational measures to protect it, including:

  • All data is encrypted in transit using TLS/HTTPS
  • Data is encrypted at rest in our PostgreSQL database
  • Access to production systems is restricted to authorised personnel
  • Authentication tokens are stored in the operating system keychain on devices
  • All API endpoints require authentication and are rate-limited
  • Parameterised database queries are used throughout to prevent injection attacks

In the event of an eligible data breach, we will notify affected schools and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

8. Retention and deletion

We retain non-identifiable student activity data for the duration of the school’s subscription. Schools may request deletion of their data at any time during the subscription term.

When a school’s contract ends, we will securely delete all associated activity data within 30 days of the termination date. The school may request a data export before this final deletion.

9. Student data and children’s privacy

ACTI Analytics processes non-identifiable activity data for secondary school students, who are typically aged 12–18. We recognise the particular importance of protecting children’s privacy and have designed the platform to operate without ever holding a student’s identity.

Our commitments regarding student data

  • No identifiable records: We do not store names, email addresses, or any other information that could identify an individual student
  • No sale of data: Non-identifiable activity data is never sold to any third party
  • No advertising: Non-identifiable student data is never used for advertising, marketing, or behavioural targeting
  • No profiling: Non-identifiable student data is never used to build profiles for purposes unrelated to the school’s contracted analytics service
  • Limited disclosure: Aggregated, non-identifiable data may be used for platform improvement and academic research, and may be shared with research partners
  • The platform does not collect more information than is necessary to provide the service

Best interests of the child

In anticipation of the Australian Children’s Online Privacy Code (expected December 2026), we have adopted a best-interests framework for how we handle student data:

  • Minimisation: We collect only device activity signals (app names, tab titles, audio state). We do not collect names, personal content, or sensitive information.
  • Purpose limitation: Data is used solely to generate aggregated analytics for teachers and school administrators. It is not used for individual student surveillance or behavioural scoring.
  • Transparency: Schools are responsible for informing students and parents that the agent is installed. We provide schools with plain-language materials to support this.
  • No harm: The platform is designed to support teaching practice, not to punish students. Dashboards show class-level and school-wide patterns rather than singling out individuals.

10. Access and correction

Under Australian Privacy Principles 12 and 13, individuals have the right to access and request correction of their personal information.

Because ACTI does not hold a direct relationship with students (we process data on behalf of schools), access and correction requests regarding non-identifiable student data should be directed to the relevant school in the first instance. The school may then contact us to facilitate the request.

If you have submitted information through our website and wish to access or correct it, contact us at privacy@actianalytics.com.

11. Complaints

If you believe we have mishandled your personal information, please contact us first so we can investigate and resolve the issue:

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify subscribing schools directly.

We encourage you to review this policy periodically.