Privacy Policy

Document Version: 1.4  ·  Date: 6 April 2026

1. Purpose

Snapshot Educational Solutions Pty Ltd (ABN 90 665 866 437) ("Snapshot", "we", "us", or "our") is committed to protecting the privacy of all individuals whose personal information we collect and manage. This Privacy Policy explains how we collect, hold, use, and disclose personal information in connection with the Snapshot platform and related services.

This policy applies to all users of the Snapshot platform, including teachers, school administrators, students, parents and carers, and any other individuals whose personal information is collected in connection with Snapshot services.

Snapshot operates in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Privacy and Data Protection Act 2014 (Vic), the Information Privacy Principles (IPPs), and the Health Records Act 2001 (Vic) where applicable. Where Snapshot provides services to government schools under contractual arrangements with a Department of Education, Snapshot is bound by applicable privacy obligations as if it were the Department for the purposes of handling personal information under those arrangements.

2. Kinds of Personal Information We Collect and Hold

Snapshot collects and holds personal information that is reasonably necessary to provide and operate our platform. The kinds of personal information we collect depend on how the platform is used by a school and may include the following:

2.1 Information Provided Directly

• Full name
• Email address
• School or organisation name and role
• Account login credentials (passwords are stored in hashed form only)
• Communications sent to us, including support requests and feedback

2.2 Student Information

Where Snapshot is used by a school, limited student information may be stored, including:

• Student name
• Year level and class or group assignments
• Timetable information
• Learning records, attendance notes, or wellbeing records entered by authorised school staff
• Homework submissions and assessment information

Schools remain the data controller for student information. Snapshot processes student data only on behalf of, and under the direction of, the school.

2.3 Parent and Carer Information

Where a school uses the Snapshot parent communication features, we may collect:

• Parent or carer name
• Email address
• Relationship to student
• Communications and responses submitted through the platform

2.4 Automatically Collected Information

We may automatically collect technical information when users access the platform, including:

• Device type and operating system
• Browser type (for web access)
• IP address
• App usage and interaction data
• Log and diagnostic data

This information is used to maintain system performance, security, and reliability. It is not used to identify individual users for marketing purposes.

3. How We Collect Personal Information

Snapshot collects personal information through the following means:

• Directly from individuals: When users create an account, submit information through the platform, or contact us for support.
• From schools and authorised administrators: Schools provide staff and student data during school onboarding, typically by uploading CSV or Excel files or entering information through the Snapshot administration console.
• From parents and carers: When parents or carers register for or interact with the Snapshot parent communication features.
• Automatically through the platform: Technical and usage data is collected automatically when users access Snapshot via web, mobile, or desktop applications.

Snapshot does not collect personal information from third-party data brokers, social media platforms, or any source other than the individuals themselves and the schools that engage our services.

4. Purposes for Which We Collect, Hold, Use, and Disclose Personal Information

Snapshot collects, holds, and uses personal information for the following purposes:

• To provide, operate, and maintain the Snapshot platform and its features
• To authenticate users and manage access to school-specific environments
• To enable teachers, students, parents, and administrators to collaborate within their school
• To deliver customer support and respond to enquiries
• To communicate important service updates, maintenance notifications, and security alerts
• To improve platform features, usability, and performance
• To comply with legal and regulatory obligations, including obligations under government contracts
• To detect, prevent, and respond to security incidents, fraud, or misuse
• To fulfil reporting obligations to Departments of Education where required under contractual arrangements

We do not use personal information for marketing to individual users. We do not sell, rent, or trade personal information to any third party.

5. Recipients of Personal Information

Snapshot may disclose personal information to the following categories of recipients, only to the extent necessary to provide our services:

5.1 Cloud Infrastructure Provider

Google Cloud Platform / Firebase: Snapshot's platform is hosted on Google Cloud Platform infrastructure located in Australia (Sydney region, australia-southeast1). Google provides cloud hosting, database, authentication, and storage services. Google processes data in accordance with its Cloud Data Processing Addendum and does not access Snapshot customer data for its own purposes.

5.2 Email Delivery Services

SendGrid (sendgrid.com): Snapshot uses SendGrid, a transactional email service provided by Twilio Inc., to send account verification emails, password reset emails, and platform notifications to users. SendGrid processes recipient email addresses and message content only for the purpose of delivering communications on behalf of Snapshot. SendGrid operates under Twilio's privacy policy, available at www.twilio.com/en-us/legal/privacy.

5.3 Departments of Education

Where Snapshot provides services to government schools under a panel or contractual arrangement, we may be required to provide reports, data, or access to personal information to the relevant Department of Education in accordance with our contractual obligations.

5.4 Legal and Regulatory Disclosure

Snapshot may disclose personal information where required or authorised by law, including in response to a court order, subpoena, or lawful request by a government authority, or where disclosure is necessary to protect the rights, safety, or property of users or the platform.

Snapshot does not disclose personal information to advertisers, data brokers, or any third party for commercial purposes unrelated to the delivery of our services.

5.5 Application Verification (reCAPTCHA Enterprise)

Snapshot uses Google reCAPTCHA Enterprise for application attestation and bot protection on the Snapshot login page. reCAPTCHA Enterprise collects browser behavioural signals to verify that requests originate from the legitimate Snapshot application rather than automated tools. Google operates as a data processor for reCAPTCHA Enterprise under the Google Cloud Data Processing Addendum. reCAPTCHA Enterprise data is not used by Google for advertising or any purpose other than providing the reCAPTCHA service to Snapshot.

6. Consequences of Not Providing Personal Information

Providing personal information to Snapshot is generally required in order to access and use the platform. If an individual chooses not to provide personal information, the following consequences may apply:

• Users may be unable to create an account or access the platform
• Schools may be unable to onboard staff and students or configure their Snapshot environment
• Certain platform features may be unavailable or limited
• Snapshot may be unable to provide customer support in relation to a specific account or issue

Where the collection of specific information is optional rather than required, this will be indicated at the point of collection.

7. Accessing and Correcting Your Personal Information

Individuals have the right to request access to the personal information that Snapshot holds about them, and to request the correction of any information that is inaccurate, incomplete, out of date, or misleading.

7.1 How to Request Access or Correction

Requests can be made by contacting Snapshot at the details provided in Section 15 of this policy. We will respond to access requests within 30 days and will provide information in a commonly used format. For student data, requests should generally be directed to the relevant school in the first instance, as the school is the data controller for student information.

7.2 Verification

Snapshot may require verification of identity before processing access or correction requests to ensure the security of personal information.

7.3 Refusal

In limited circumstances, Snapshot may refuse an access or correction request where permitted by law. If we refuse a request, we will provide written reasons for the refusal.

8. How to Make a Privacy Complaint

If an individual believes that Snapshot has breached the Australian Privacy Principles or any applicable privacy law, they may lodge a complaint with us.

8.1 How to Lodge a Complaint

Privacy complaints should be submitted in writing to:
Snapshot Educational Solutions Pty Ltd
Email: privacy@snapshot-solutions.com
Subject line: Privacy Complaint

8.2 How We Handle Complaints

Upon receipt of a privacy complaint, Snapshot will:

• Acknowledge receipt of the complaint within 5 business days
• Investigate the complaint and assess whether a breach has occurred
• Provide a written response within 30 days, outlining our findings and any remedial action taken
• Where a complaint cannot be resolved within 30 days, we will notify the complainant of the reason for the delay

8.3 External Complaints

If a complainant is not satisfied with Snapshot's response, they may escalate the complaint to:

• The Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au
• The Office of the Victorian Information Commissioner (OVIC): www.ovic.vic.gov.au

9. Overseas Disclosure of Personal Information

Snapshot does not disclose personal information to overseas recipients in the ordinary course of its operations. All Snapshot platform data is stored and processed on Google Cloud Platform infrastructure located in Australia (Sydney region, australia-southeast1). Snapshot does not use overseas-based sub-processors to process personal information on its behalf.

In the event that an overseas disclosure were to become necessary in the future, Snapshot would obtain consent from the relevant school, Department of Education, or individual before any overseas transfer, ensure appropriate safeguards are in place, and update this Privacy Policy to identify the relevant countries.

10. Development and Support Personnel

Snapshot engages a small number of overseas-based development contractors who contribute to platform development and testing. These contractors do not have access to any production environments, customer data, or personal information. They work exclusively in demonstration and development environments that contain only synthetic test data. This arrangement does not constitute an overseas disclosure of personal information for the purposes of APP 8.

11. Data Storage and Security

Snapshot implements technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure, including:

• All data hosted on Google Cloud Platform in Australia (Sydney region)
• All data in transit encrypted using TLS 1.2 or higher
• All data at rest encrypted using AES-256 encryption
• Role-based access controls restricting access to authorised personnel only
• Multi-factor authentication for administrative and production system access
• Failed login tracking and temporary account lockout
• Comprehensive audit logging of access and changes to platform data
• School data isolated in separate per-school database environments

12. Data Retention

Snapshot retains personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, or as required by law or contractual obligation. When data is no longer required, Snapshot will securely delete or de-identify the information. Upon termination of a school's subscription, Snapshot will manage data in accordance with the applicable contractual requirements.

13. Children's Privacy

Snapshot is designed for use in educational settings. Student accounts and data are created and managed by schools and educators, not by students directly. Snapshot does not knowingly collect personal information from children outside of a school-authorised context. Schools are responsible for obtaining any necessary consents from parents or carers for the collection and use of student data through the Snapshot platform.

14. Cookies and Analytics

Snapshot websites and web applications may use cookies and similar technologies to support platform functionality, maintain user sessions, and analyse usage patterns. Users can manage cookie preferences through their browser settings. Snapshot uses Google reCAPTCHA Enterprise on the login page for bot protection. Snapshot does not use cookies for advertising or third-party tracking purposes.

15. Changes to This Policy

Snapshot may update this Privacy Policy from time to time. Where we make material changes, we will provide at least 14 days' advance notice before the changes take effect, by publishing the updated policy on our website and, where appropriate, communicating directly to schools and users via email or in-platform notification.

16. Contact Us

Snapshot Educational Solutions Pty Ltd
ABN: 90 665 866 437
Privacy enquiries: privacy@snapshot-solutions.com
General enquiries: info@snapshot-solutions.com
Website: www.snapshot-solutions.com