← Back

Privacy Policy

Last updated: 15 April 2026

1. Who We Are

Quizly (“we”, “us”, “our”) is an Australian educational platform at quizly.com.au, operated by Get Renting Pty Ltd (ABN 35 690 434 603) trading as Quizly. We provide online practice tools to help children prepare for the NSW Opportunity Class Placement Test and general schoolwork.

For privacy enquiries, contact us at support@quizly.com.au.

2. Our Commitment to Children’s Privacy

Quizly is designed for primary school children (typically aged 9–11). We take the protection of children’s personal information seriously. We collect only what is necessary to provide the educational service, and we never use children’s data for advertising, profiling, or sale to third parties.

Children do not create accounts directly. A parent or guardian must register and link a child profile to their account. By registering, the parent consents to the collection and use of their child’s data as described in this policy.

3. What Data We Collect

3.1 Parent / Guardian Account

  • Name — your first name or full name, used to personalise communications (e.g. weekly reports). Optional but recommended.
  • Email address — used to send a one-time login code and, if enabled, weekly progress reports.
  • Phone number — optionally provided by you in account settings. Used only for account support purposes if you contact us.
  • Subscription and billing information — if you subscribe to a paid plan, your payment is processed by Stripe. We store a Stripe customer ID but do not store full card details.
  • Notification preferences — whether you have opted in to weekly reports, milestone alerts, or struggle notifications.

3 (cont.) Child Profiles

3.2 Child Profiles

  • Profile name — a first name or nickname entered by the parent. Stored encrypted at rest using AES-256.
  • Avatar — an emoji or avatar image chosen during setup.
  • Practice activity — questions answered, scores, streaks, time spent, and session history.
  • Test results — scores, per-question accuracy, time per question, answer changes, and question flags.
  • Mastery data — adaptive learning records tracking performance by subject and question type.
  • Star balance and rewards — virtual in-app stars earned and reward redemptions.

3 (cont.) Device and Technical Data

3.3 Device and Technical Data

  • Device linking codes — a temporary code used to connect a child’s device to the parent account.
  • Standard server logs (including IP addresses, browser type, and access timestamps) — kept for security, abuse prevention and debugging purposes. Logs are retained for 90 days.

4. How We Use Data

We do not collect location data, photos, microphone or camera access, contacts, or any information not listed above.

  • Providing the service — tracking progress, selecting appropriate questions, and displaying results.
  • Parent reporting — weekly progress summaries and milestone notifications sent to the parent’s email (if opted in).
  • Improving content quality — flagged or reported questions are reviewed by our team to correct errors.
  • Billing and subscriptions — processing payments via Stripe for paid plans.
  • Account support — if you provide a phone number, it may be used to assist you with account-related support requests. We will not call you for marketing purposes.
  • Security — detecting and preventing abuse, fraud, or unauthorised access.

5. Third-Party Services (Sub-processors)

We use a small number of third-party services to operate Quizly. Some of these service providers are located, or may store and process limited personal information (such as email addresses and billing references), outside Australia — including in the United States, European Union, and Singapore. We take reasonable steps to ensure overseas recipients protect your information consistently with the Australian Privacy Principles, including through contractual terms and provider selection.

  • Resend (resend.com) — transactional email delivery for login codes and parent reports. Resend receives your email address solely to deliver the message. Privacy policy: resend.com/privacy.
  • Stripe (stripe.com) — payment processing for subscriptions and the Family Pass. Stripe handles all card data directly and is PCI-DSS compliant. Stripe acts as a data sub-processor for billing data. Privacy policy: stripe.com/privacy.
  • Supabase (supabase.com) — authentication and database hosting. Supabase stores account credentials and session tokens. Privacy policy: supabase.com/privacy.

6. Data Storage and Security

We use industry-standard encryption in transit (HTTPS/TLS) and at rest to protect your and your child’s data. Access to our database is restricted to authorised personnel and protected by strong authentication.

While no online service can be perfectly secure, we take reasonable steps to protect your information from misuse, loss, and unauthorised access, modification or disclosure.

7. Data Retention and Deletion

We retain data only for as long as the account is active or as needed to provide the service. When you request deletion of a child profile, the profile enters a 30-day grace period during which you may restore it. After 30 days, all associated data — including practice history, test results, mastery records, and session data — is permanently and irreversibly deleted from our systems.

When you close your parent account, all profiles and associated data enter the same 30-day grace period before permanent deletion.

Billing records (including Stripe transaction references) are retained for 5 years as required by Australian tax law, then securely deleted.

8. Your Rights Under Australian Privacy Law

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), you have the right to:

  • Request access to the personal information we hold about you or your child.
  • Request correction of inaccurate or out-of-date information.
  • Request deletion of your data (subject to legal retention obligations).
  • Withdraw consent to data collection by closing your account.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have mishandled your data.

9. Your Right to Delete and Export Data

You may delete your account or any child profile at any time from the account settings page. Deletion is subject to the 30-day grace period described in section 7.

You may request a copy of the personal data we hold about you or your child by emailing support@quizly.com.au. We will provide a machine-readable export within 30 days.

Parents may request deletion of a child’s data at any time, regardless of account status. We will action such requests within 30 days.

10. Data Breach Notification

We maintain security measures to protect your data, but no system is immune to risk. Under the Privacy Act 1988 (Cth) Notifiable Data Breaches scheme, if we experience a data breach that is likely to result in serious harm to you or your child, we will:

  • Notify affected parents by email to the registered account address as soon as practicable.
  • Notify the Office of the Australian Information Commissioner (OAIC) as required by law.
  • Provide information about what data was affected and steps you can take to protect yourself.

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. For significant changes affecting children’s data, we will notify the registered parent email address directly.

12. Contact

For any privacy-related questions or requests, please contact us at support@quizly.com.au. We aim to respond to all enquiries within 5 business days.