Privacy policy

What this is.

This is a plain-English privacy policy. It explains what data we collect, why we collect it, who we share it with, and what rights you have. It's not written for lawyers — it's written for you. If a section doesn't make sense, email privacy@knowmykid.com.au.

Who we are.

Seen Pty Ltd, an Australian-registered private company. Our office is in Melbourne, Victoria. We operate under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

What data we collect.

When you do the walk-through. We collect your answers to the 20-item assessment. If you ask us to email you a copy of your overview, we also collect your email address and name (optional).

When you create an account. We collect a name, email address, password (encrypted), and any notes you add about your child or your observations.

When you email us. We keep your name, email, and the content of your message.

Analytics. We use Plausible Analytics — a privacy-first, Australian-hosted analytics tool that doesn't use cookies or track individuals across sites. It tells us which pages are visited, roughly how long people spend on them, and how they navigate. It does not collect personal information.

Contact form submissions. If you fill in our contact form, we collect your name, email, category, and message.

What we don't collect.

We do not use tracking cookies. We do not cross-site track. We do not collect advertiser IDs or device fingerprints. We do not ask for your child's name, date of birth, or location. We do not ask for insurance information, Medicare card numbers, or NDIS plan numbers.

How we use it.

To respond to you. If you email us or fill in a form, we use your email to reply.

To improve the walk-through. We analyse aggregated, de-identified patterns in how parents answer to improve the clarity of questions and results.

For compliance and safety. We keep records as required by law. If the walk-through flags a safety concern, we may reach out to you directly to check on you and your child's wellbeing.

Who we share it with.

Nobody, except:

When you explicitly ask us to. If you request that we email your overview to a clinician (GP, paediatrician, psychologist), we send it directly to that email address only. It's your data and your choice.

When legally required. If police, a court, or another body legally requires us to disclose data, we will do so. Where the law permits, we will notify you first.

Our service providers. We use AWS (Amazon Web Services) for hosting — your data is stored in the Sydney region (ap-southeast-2). We use Postmark for transactional email. Both are under signed data-processing agreements.

Children's data.

Special care. Parents are the data controllers for their children. We don't direct-to-child marketing. All communications go to the parent or account holder. We don't ask for the child's name or identifying information. We don't use your child's data to train any model other than our own internal framework-improvement, and we do so only in aggregate after full de-identification.

Your rights.

Access. You have the right to ask what data we hold about you. We'll provide it within 30 days.

Correct. If your data is wrong, tell us and we'll fix it.

Delete. You can ask us to delete your account and all associated data. We'll do so within 30 days, except where the law requires us to keep records. Email privacy@knowmykid.com.au to request.

These rights are set out in the Australian Privacy Principles (APP 12, 13).

Security.

Data in transit is encrypted (HTTPS). Data at rest is encrypted. All staff accounts use two-factor authentication. We conduct a security review at least quarterly. We don't guarantee 100% security — no one can — but we take it seriously.

How long we keep your data.

Walk-through results (no account). If you use the walk-through without creating an account and don't ask us to email your overview, nothing is stored on our servers.

Walk-through results (email request). If you ask us to email you a copy, we keep that email and your overview for 90 days, then delete it.

Account data. If you create an account, we keep your data until you delete it. You can delete your account anytime from your account settings.

De-identified research data. We may keep fully de-identified, aggregated data about screening patterns indefinitely for our own research and quality improvement.

International transfers.

Your data is hosted in Australia (AWS Sydney region, ap-southeast-2). We do not transfer your data internationally without your explicit consent, except where required by law.

Changes to this policy.

We review this policy quarterly. If we make a material change, we'll publish the new version with a clear date, and we'll email account holders to let them know. Your continued use of the service means you accept the updated policy.

Complaints.

Step 1: Contact us. Email privacy@knowmykid.com.au and tell us what's wrong. We'll respond within 30 days.

Step 2: External complaint. If we don't resolve it to your satisfaction, you can complain to the Office of the Australian Information Commissioner (OAIC). Phone: 1300 363 992. Website: oaic.gov.au.

Contact.

Privacy questions? Email privacy@knowmykid.com.au. We read every message.