VetAssby Ardenna
Sign in

Privacy Policy

Effective [date] · Ardenna Pty Ltd [ABN to be confirmed] — provider of VetAss

1. About this policy

This policy explains how we handle personal information when you use VetAss, consistent with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). We handle personal information in accordance with this policy regardless of whether a small-business exemption may currently apply, and we expect to be bound as the law evolves.

2. The two roles

  • Your account information (your email and usage) — we handle this as the entity responsible for it.
  • Student information inside Submissions — you, the assessor and/or your RTO, decide to collect and upload this and determine its purpose. We process it on your behalf and on your instruction solely to provide the Service. You are responsible for having the right and the necessary consents/notifications to upload it.

3. What we collect

  • Account: your email address (we use passwordless one-time codes — no passwords stored).
  • Billing: Credit purchases and balances. Card payments are handled by Stripe; we do not receive or store card numbers.
  • Submissions: the files you upload, which may contain student personal information (names, the student’s work, and similar). We do not ask for, and request you not upload, information beyond what is needed to mark the assessment.
  • Operational/usage data: counts of assessments processed, de-identified outcome statistics, and technical logs.

4. How we use information

  • To provide the Service: authenticate you, process Submissions into Suggested Outcomes, generate reports, and manage Credits and billing.
  • To produce de-identified, aggregate statistics shown in your dashboard (e.g. number of assessments, mix of suggested outcomes). These statistics cannot identify a student.
  • To maintain security and meet legal obligations.

We do not sell personal information, and neither we nor our AI sub-processor use your Submissions to train AI models.

5. Use of artificial intelligence and automated assistance

VetAss uses a computer program (a third-party AI model — see clause 6) that reads each Submission and substantially assists in producing a Suggested Outcome for an assessment. The kind of information used is the contents of the Submission; the output is an advisory Suggested Outcome (Satisfactory, Re-assessment, Not Satisfactory, or Pending Review) with a confidence note.

A human makes the decision. The Suggested Outcome is advisory only. A credentialed assessor reviews it and makes the assessment judgement; VetAss does not make assessment or competency decisions. (This clause is also intended to meet the automated-decision transparency obligations commencing 10 December 2026 under the amended Privacy Act.)

6. Who we share information with (sub-processors)

  • Google — Submissions are processed by Google’s Gemini API to generate Suggested Outcomes.
  • Stripe — payment processing.
  • [Hosting provider] — infrastructure hosting.
  • [Email provider] — delivery of one-time sign-in codes.

We require these providers to handle information consistently with this policy and applicable law.

7. Where information is processed (cross-border)

Some processing — including AI processing by Google — currently occurs outside Australia. Where we disclose personal information overseas, we take reasonable steps under Australian Privacy Principle 8 to ensure the recipient handles it consistently with the APPs. We are working to move AI processing onshore (within Australia) as the Service matures.

8. Retention and deletion

  • Submissions (inputs) are deleted as soon as processing completes.
  • Reports and identifiable results are available to you for 24 hours after submission, then automatically and permanently deleted. We do not retain student names, file contents, or identifiable assessment results beyond that window.
  • De-identified, aggregate statistics (counts and outcome mix) are retained for billing and product analytics; they cannot identify a student.
  • Account and billing records are retained as required by law (e.g. tax records, generally 5 years).

9. Security

We take reasonable steps to protect personal information, including technical and organisational measures: encryption in transit, access controls, scoped per-account access, ephemeral storage of Submissions, and signed, time-limited download links. No system is perfectly secure.

10. Children’s information

Submissions may include information about students who are minors. We handle it as described above. You are responsible for ensuring appropriate consents and notices are in place under your RTO’s obligations.

11. Your rights

You may request access to, or correction of, the personal information we hold about you (primarily your account information). Submissions and identifiable results are short-lived (clause 8). To make a request or complaint, contact our Privacy Officer at [privacy@ardenna…]. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Changes

We may update this policy; material changes will be notified and the effective date updated.

13. Contact

Privacy Officer, Ardenna Pty Ltd · [privacy@ardenna…] · [registered address]. See also our Terms & Conditions.