Last Updated: January 2026
1. Introduction
Study Decoder ("we", "our", or "us") is committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational platform.
Study Decoder operates from New South Wales, Australia, and complies with all applicable state and federal privacy legislation.
2. Information We Collect
Personal Information (APP 3)
When you create an account, we may collect:
- Name and email address
- Google account information (if using Google Sign-In)
- Payment information (processed securely by Stripe - we do not store card details)
- School year level and subject preferences
Usage Information
We automatically collect:
- Device and browser information
- IP address and general location (not precise location)
- Pages visited and features used
- Study session data and interactions with AI tools
3. How We Use Your Information (APP 6)
We use the collected information to:
- Provide and improve our educational services
- Personalize your learning experience
- Process payments and manage subscriptions
- Send important account notifications
- Analyze usage patterns to improve our platform
- Comply with legal obligations under Australian law
Important: We do NOT sell your personal information to third parties. Your data is used solely to provide and improve our educational services. This is in compliance with APP 6 (use and disclosure of personal information).
4. Data Storage and Security (APP 11)
We implement industry-standard security measures to protect your information, as required by APP 11, including:
- Encrypted data transmission (HTTPS/TLS 1.3)
- Secure password hashing (bcrypt with high cost factor)
- Rate limiting to prevent brute force attacks
- Content Security Policy (CSP) headers
- Regular security assessments
- Limited access to personal data on a need-to-know basis
Data is stored on secure servers. While we strive to protect your information using industry best practices, no method of transmission over the Internet is 100% secure.
5. Third-Party Services & Overseas Disclosure (APP 8)
We use trusted third-party services that may have access to your information:
- Google Sign-In: For authentication (US-based, subject to Google's Privacy Policy)
- Stripe: For payment processing (US-based, PCI-DSS compliant, subject to Stripe's Privacy Policy)
- OpenAI: For AI-powered study tools (US-based - conversations are processed but not permanently stored)
- Render: For web hosting (US-based, SOC 2 Type II certified)
By using Study Decoder, you consent to the transfer of your data to these overseas service providers. We ensure these providers offer comparable privacy protections through contractual agreements.
6. Cookies
We use essential cookies for:
- Keeping you logged in (session management)
- Security tokens
We do not use third-party tracking or advertising cookies. You can control cookies through your browser settings, though some features may not work properly without essential cookies.
7. Your Rights Under Australian Privacy Law (APP 12 & 13)
Under the Australian Privacy Act, you have the right to:
- Access: Request access to the personal information we hold about you (APP 12)
- Correction: Request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information (APP 13)
- Deletion: Request deletion of your account and associated data
- Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs
To exercise these rights, please contact us at the email below. We will respond within 30 days as required by law.
8. Children's Privacy
Study Decoder is designed for students including those under 18. We take extra care with data from minors:
- For users under 13, we recommend parental supervision
- We collect only information necessary for the educational service
- We do not knowingly collect sensitive information from children
- Parents/guardians may request access to or deletion of their child's data
9. Data Retention
We retain your personal information for as long as your account is active or as needed to provide services. After account deletion:
- Account data is deleted within 30 days
- Payment records are retained for 7 years (Australian tax law requirement)
- Anonymized usage data may be retained for analytics
10. Data Breach Notification
In accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act, we will notify you and the OAIC if a data breach is likely to result in serious harm to any individual whose personal information is involved.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or through a notice on our platform. Continued use after changes constitutes acceptance.
12. Contact Us & Complaints
If you have questions, concerns, or wish to make a complaint about this Privacy Policy or our handling of your personal information:
Email: help@studydecoder.com.au
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):