Privacy Policy - TestHero

1. Scope and Legal Framework

This Privacy Policy explains how Letts Learn Pty Ltd (trading as TestHero) ("we", "us", "our") collects, holds, uses, and discloses personal information when you use our website and application ("Service").

We handle personal information in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs).

2. Personal Information We Collect

Parent or guardian account details

Name and email address
Account authentication data (such as hashed passwords and session identifiers)
Support communications and account preferences

Child profile details

Child first name or nickname and school year level
Learning activity data, writing responses, spelling results, and progress history

Payment and transaction details

Payments are processed by Stripe. We do not store full card details. We receive limited transaction data such as payment status, amount, and transaction identifiers.

Technical and usage information

IP address, browser type, device type, operating system, and log events
Pages and features accessed, timestamps, and product interaction events
Essential cookie and local storage identifiers required for secure sign-in and service delivery

3. How We Collect Information

We collect personal information when you:

Create or manage an account
Add child profiles and use learning activities
Contact support, request a refund, or respond to operational messages
Interact with the Service (through logs and essential cookies)

We may also receive limited information from service providers such as payment processors and authentication infrastructure providers.

4. Why We Use Personal Information

We use personal information to:

Provide and operate the Service, including generating learning feedback and tracking progress
Authenticate users, secure accounts, and prevent fraud or misuse
Process payments, refunds, and customer support requests
Improve product quality using aggregated or de-identified insights
Comply with legal obligations and respond to lawful requests

If you do not provide required information, we may be unable to create your account or deliver key parts of the Service.

5. Direct Marketing

We may send service-related emails (for example, account, billing, and security notices). We may also send product updates where permitted by law. You can opt out of non-essential marketing messages at any time using the unsubscribe link or by contacting us.

6. Disclosure of Personal Information

We do not sell personal information. We may disclose personal information to trusted service providers where reasonably necessary to operate the Service, including:

Payment processing providers (for example, Stripe)
Cloud hosting, storage, and security providers
AI and data processing providers used to generate educational feedback

We may also disclose information where required or authorised by law.

7. Overseas Disclosure

Some service providers we use may process personal information outside Australia, including in the United States and other countries where those providers operate. Before overseas disclosure, we take reasonable steps to ensure recipients handle information consistently with Australian privacy law, including contractual protections where appropriate.

8. Security and Retention

We use reasonable technical and organisational safeguards to protect personal information, including encryption in transit, access controls, and monitoring. No system can be guaranteed completely secure.

We keep personal information only for as long as reasonably needed for service delivery, legal compliance, dispute resolution, and record-keeping. We then delete or de-identify information when it is no longer required.

If an eligible data breach occurs, we will follow our obligations under the Notifiable Data Breaches scheme, including notification to affected individuals and the OAIC where required.

9. Access and Correction

You may request access to personal information we hold about you or your child, and request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information.

10. Children's Privacy

TestHero is designed for parent or guardian-managed use. Child profiles are created and controlled through a parent/guardian account. We request that parents/guardians provide consent and supervision for child use of the Service.

We aim to minimise child data collection to what is reasonably necessary for educational functionality.

11. Automated Processing

We use automated systems, including AI, to assist with educational feedback. These outputs are designed as learning support tools and are not used as the sole basis for legal or similarly significant decisions about individuals.

If our practices change in a way that triggers additional Australian privacy disclosure obligations, we will update this policy and provide the required information.

12. Anonymity and Pseudonymity

Where lawful and practical, you may interact with us anonymously or using a pseudonym (for example, general pre-sales questions). For account creation, payments, and support verification, identifiable information is generally required.

13. Privacy Complaints

If you believe we have breached applicable privacy law, please contact us first so we can investigate and respond.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC).

14. Contact Us

For privacy questions, access requests, correction requests, or complaints, contact:

Letts Learn Pty Ltd (trading as TestHero)

support@testhero.com.au

15. Changes to this Policy

We may update this Privacy Policy from time to time. For material changes, we will provide notice (for example, by email or in-product notice). The "Last updated" date shows when this version took effect.