Privacy Policy

• Account means a unique account created for you to access our Service or parts of our Service.
• Company (referred to as either “Acenci”, “We”, “Us” or “Our” in this Agreement) refers to Joshua Ho.
• Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses.
• Country refers to: the jurisdiction of Australia
• Device means any device that can access the service including but not limited to desktop or laptop computer, cellphone, digital tablet or other mobile device.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service refers to those services provided by Acenci via its website or affiliated Service Providers, as defined in this policy.
• Service Provider means any natural or legal person who processes data on behalf of Acenci. This includes third-party companies or individuals employed by Acenci to facilitate the Service, to provide the Service on behalf of Acenci, to perform services related to the Service or to assist Acenci in analyzing how the Service is used.
• Usage Data refers to data collected automatically, either by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• Website includes the Acenci website accessible from www.acenci.com, and any other domain over which Acenci has direct control.
• You means any natural or legal person accessing or using the Service, or any other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

• Full name
• Email address
• Organisation and role (if provided)
• Usage data (e.g., IP address, browser type, device information)

• Student data (e.g. names, performance metrics, behaviour, engagement indicators)
• Student class data
• Student year level
• Student participation in school initiatives or activities

The exact information that is shared with Acenci for PointDash will vary across education institutions depending on how the institution has setup PointDash, and what the institution is awarding points for. 

Personal information refers to any data that can be used to identify an individual, either directly or indirectly. This may include, but is not limited to:

• Names and email addresses
• Usernames or account identifiers
• Contact details provided during registration or support
• Any other information that relates to an identifiable person

The specific types of personal information we collect may vary depending on the services you use.

Usage data is information collected automatically when you interact with our services. It helps us understand how our systems are used and improve performance, security, and user experience. This may include:

• IP addresses and browser types
• Device information (e.g. operating system, screen resolution)
• Pages visited and time spent on each page
• Clickstream data and navigation patterns
• Error logs and diagnostic information

Usage data is typically aggregated and does not directly identify individuals, but it may be linked to user accounts in some cases for support or security purposes.

We use cookies and similar tracking technologies to support the functionality, security, and performance of our services. These technologies help us understand how our systems are used, maintain secure sessions, and improve the overall user experience.

We are committed to keeping tracking to a minimum. We only use what is necessary to operate our services effectively and to protect your data and our infrastructure.

Cookies are small text files stored on your device when you visit our websites. They may be used to:

• Maintain secure login sessions
• Remember user preferences
• Monitor system performance and detect issues
• Prevent fraudulent or unauthorised activity

We may also use other technologies such as web beacons, pixels, or local storage for similar purposes.

You can manage or disable cookies through your browser settings. However, please note that some features of our services may not function properly without them.

This applies to all websites operated by Acenci, including www.acenci.com, and any other domains we control.

We use personal data solely to deliver, maintain, and improve the services we provide. The specific ways in which your data is used may vary depending on the service you access, but generally include:

• To provide and maintain our service, including to monitor the usage of our service.
• To manage your account: to manage your registration as a user of the service. The personal data you provide can enable access to different functionalities of the service that are available to you as a registered user.
• For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services you have purchased or of any other contract with us through the Service.
• To contact you: To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
• To manage your requests: To attend and manage your requests to us.
• For business transfers: We may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our service users is among the assets transferred.
• For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends and to evaluate and improve our services, products and your experience.

We do not use personal data for advertising, promotional campaigns, or profiling. All data is handled with strict confidentiality and in accordance with applicable privacy laws.

We do not sell, rent, or share your personal information with third parties for marketing or promotional purposes.

We may share personal information only in the following limited circumstances:

• With sub-processors and service providers: We engage trusted third-party providers to help us deliver and support our services. These sub-processors may access limited personal data solely for the purpose of performing their contracted functions (e.g. hosting, infrastructure, security, analytics, payment processing). All sub-processors are bound by strict data protection obligations and are listed in our List of Data Sub-processors.

• With your organisation: If you access our services through an organisation, certain data may be shared with authorised administrators or privileged users within that organisation to support functionality and meet the requirements of that organisation.

• For legal compliance: We may disclose personal information if required to do so by law, regulation, or legal process, or to protect the rights, property, or safety of Acenci, our users, or others.

• In the event of a business transaction: If Acenci is involved in a merger, acquisition, or asset sale, personal information may be transferred as part of that transaction. We will notify affected users where required by law.

We take care to ensure that any sharing of personal information is limited, secure, and compliant with applicable privacy laws.

Acenci retains personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy. This includes providing our services, maintaining account records, ensuring system integrity, and complying with legal obligations.

We may retain your personal data:

• To comply with applicable laws and regulations (e.g. financial or record keeping)
• To resolve disputes or enforce our legal agreements and policies
• To maintain service continuity and support

Usage data, such as system logs and analytics, is generally retained for a shorter period. However, we may retain it longer when required to improve service functionality, strengthen security, or meet legal requirements.

Once personal data is no longer needed, we securely delete or anonymise it in accordance with industry best practices and applicable laws.

Your personal information may be processed at Acenci’s operating offices and in other locations where our sub-processors or service providers are based. This means your data may be transferred to—and stored or processed on—servers located outside of your state, province, or country, including jurisdictions where data protection laws may differ from those in your own.

Primary Storage Location
Acenci primarily stores and processes personal information in Australia on secure cloud infrastructure (AWS Sydney region). We do not store user data outside Australia.

Limited Overseas Processing
In limited cases, certain technical processes involve:

• United States: Scanning of files by CrowdStrike for security purposes; payment processing by Stripe.
• Global: Network traffic routing and security services provided by Cloudflare (data in transit only).

Data Residency Options
Where supported, Acenci allows customers to choose the country in which their data is stored. This option is available to help meet organisational, regulatory, or jurisdictional requirements. If you have selected a preferred data residency location, we will take all reasonable steps to ensure your data remains within that jurisdiction.

Safeguards for Transfers
By using our services and submitting your personal information, you consent to this transfer, subject to the safeguards outlined in this Privacy Policy.

Acenci ensures that any transfer of personal data is secure and compliant with applicable privacy laws. We only transfer data to countries or organisations with adequate data protection measures in place, including contractual safeguards (where possible), encryption, and access controls.

Where data is processed outside Australia—such as files scanned for security purposes in the United States—we ensure that no personal information or file contents are retained beyond the scope of the scanning process.

We may disclose personal data in good faith when such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of Acenci
• Investigate or prevent potential wrongdoing related to our services
• Protect the safety of users or the public
• Defend against legal claims or liability

All disclosures are made with careful consideration of applicable laws and the privacy rights of individuals.

You have the right to request access to the personal information we hold about you and to ask us to correct it if you believe it is inaccurate, out of date, incomplete, irrelevant, or misleading.

To make a request, contact us at [email protected] or by mail (see “How You Can Contact Us”).
We will:

• Acknowledge your request within 7 days
• Respond within 30 days (or let you know if more time is needed)

If we refuse your request, we will explain why and outline your options for further action.

If you have concerns about how we handle your personal information, please contact our Privacy Officer at [email protected].

We will:

• Acknowledge your complaint within 7 days
• Aim to resolve it within 30 days
  If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
• Website: www.oaic.gov.au
• Phone: 1300 363 992

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will notify you by:

• Posting the updated Privacy Policy on this page, and
• Providing a prominent notice within our Services and/or sending an email notification (where appropriate), prior to the changes taking effect.

The “Last Updated” date at the top of this page will indicate when the latest revisions were made. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Any changes will become effective when posted on this page, unless otherwise stated.