Our Data Philosophy
We built our platform around necessity rather than opportunity. Every piece of information you provide serves a direct educational function. If we can't articulate why we need something, we don't ask for it.
This isn't altruism—it's practical security architecture. Less data means smaller attack surfaces, simpler compliance requirements, and fewer decisions about retention schedules. Your privacy protection starts with us not having information in the first place.
What Information Enters Our Systems
Account Creation Records
When establishing an account, you provide identification elements: your name as you wish to be addressed, an email address for authentication and communication, and optionally a phone number if you want SMS notifications about program changes. Payment processing happens through external providers, which means card details never touch our servers—we receive confirmation tokens, not financial instruments.
Learning Activity Footprints
Educational platforms generate operational data by nature. We record which modules you've accessed, how long you spend on different content types, assessment results that inform your progression, and questions you submit to instructors. This isn't surveillance—it's necessary infrastructure for personalized curriculum delivery and instructor effectiveness measurement.
Some participants engage more deeply: discussion forum contributions, peer collaboration notes, project submissions containing your analytical work. These become part of your educational record because they demonstrate progression and inform certification decisions.
Technical Operations Data
Systems require operational metadata: IP addresses for security monitoring, browser signatures for compatibility optimization, device types for interface adaptation. These elements serve security functions and technical support—identifying suspicious access patterns, resolving technical issues, optimizing performance across different platforms.
Purpose Framework for Information Processing
Data without purpose represents liability rather than asset. Here's what drives our processing activities:
Educational service delivery consumes most information—delivering customized learning paths, tracking progress toward certification requirements, facilitating instructor-student communication, managing cohort scheduling, and generating performance analytics that inform your development.
Platform improvement relies on aggregated usage patterns. Which modules cause confusion? Where do participants struggle before seeking help? What content sequences produce better retention? We analyze anonymized behavioral data to refine pedagogical approaches without identifying individual learners.
Security operations require real-time monitoring of access patterns. Unusual login locations trigger verification protocols. Rapid-fire content access suggests automated scraping. Payment anomalies warrant fraud investigation. These protections serve the community by maintaining platform integrity.
Legal obligations create unavoidable data processing. Australian tax regulations require transaction records. Education sector oversight demands certain reporting. Court orders occasionally compel disclosure. These aren't choices—they're compliance requirements that override other considerations.
Information Movement Beyond pyravoluna
Certain functions require external service providers with limited, contractually defined access:
| Recipient Category | Information Shared | Purpose Limitation |
|---|---|---|
| Infrastructure Providers | System logs, metadata, encrypted content | Hosting, backup, disaster recovery operations exclusively |
| Payment Processors | Transaction details, enrollment records, refund requests | Financial transaction completion and fraud prevention only |
| Email Service Platforms | Contact information, communication preferences, message content | Transactional and educational communication delivery |
| Analytics Platforms | Anonymized usage patterns, aggregated performance metrics | Platform improvement and content optimization research |
| Certification Bodies | Completion records, assessment results, attendance verification | Professional qualification validation and credential issuance |
We don't sell participant information. Period. Your educational data has zero commercial value to third parties and remains unavailable for marketing aggregation or resale operations.
International participants should understand that our infrastructure partners operate globally. Australian residents' information occasionally transits servers in other jurisdictions during routine operations. We select partners with adequate protection frameworks and contractual obligations matching Australian privacy standards.
Security Architecture Approach
Protection happens through layered technical controls rather than single-point solutions:
Encryption applies at rest and in transit. Databases use AES-256 encryption. Transport happens over TLS 1.3 protocols. Access credentials undergo hashing with adaptive algorithms resistant to current attack methodologies.
Access restrictions operate on need-to-know principles. Instructors see participant progress within their programs but not payment details. Support staff access technical logs but not assessment content. Administrative roles require multi-factor authentication and generate audit trails.
Monitoring systems watch for anomalous patterns: unusual login times, unexpected data exports, suspicious query patterns. Automated alerts trigger investigation protocols, though this sometimes means false positives that inconvenience legitimate users accessing content from unexpected locations.
Perfect security doesn't exist. Sophisticated attackers occasionally defeat controls despite best practices. We maintain incident response procedures, breach notification protocols, and recovery systems—but acknowledge that determined adversaries sometimes succeed despite reasonable precautions.
Your Control Mechanisms
Australian privacy legislation grants specific rights over personal information. Here's how to exercise them:
Access Requests
You can obtain copies of information we hold about you. Request processing typically completes within 14 business days. Unusually complex requests requiring extensive system queries may take 30 days.
Correction Demands
Inaccurate records warrant immediate correction. Contact our data team with specific errors and supporting documentation. Corrections propagate across systems within 5 business days.
Deletion Requests
You can request account termination and data deletion, though certain records remain for legal compliance. Assessment results linked to issued certifications persist indefinitely for credential verification purposes.
Processing Restrictions
You may request limited processing—maintaining records without active analysis. This might impact service delivery quality since personalization features depend on usage pattern analysis.
Objection Rights
Contest processing activities you consider inappropriate. We evaluate objections against operational necessity and legal obligations, stopping non-essential processing when viable.
Portability Requests
Obtain your information in structured, machine-readable formats for transfer to other platforms. Available for account details, progress records, and submitted content—not internally generated analytics.
Exercise rights through the account management portal or by contacting our data protection team directly. We verify identity before processing sensitive requests to prevent unauthorized disclosure.
Retention Schedules and Deletion Triggers
Different information categories follow distinct lifecycle patterns:
Active account records persist throughout your enrollment period plus seven years after final program completion. This extended retention supports alumni services, credential verification requests from prospective employers, and potential continuing education enrollment.
Financial transaction records remain accessible for ten years under Australian taxation requirements. Payment processor tokens expire after three years, requiring re-authentication for future transactions.
Learning activity logs undergo progressive aggregation. Granular click-level data aggregates to session summaries after 90 days. Session data condenses to weekly patterns after one year. Eventually only completion status and certification dates persist indefinitely.
Communication records follow shorter schedules. Support correspondence remains accessible for two years. Marketing communication tracking expires after campaign completion plus six months. Transactional emails persist for three years to support account recovery and dispute resolution.
Upon account closure, most information undergoes immediate deletion. Certification records, final assessment results, and basic enrollment history remain for credential verification—typically your name, programs completed, completion dates, and certification numbers.
Legal Foundation for Processing
Different processing activities rest on distinct legal justifications:
Contractual necessity covers most educational operations. You enrolled in programs, we deliver services—processing your information fulfills that agreement. Account management, content delivery, progress tracking, and certification issuance all fall within contractual obligations.
Legitimate interests justify operational improvements and security monitoring. We analyze aggregated usage patterns to refine content effectiveness. We monitor access logs to detect fraudulent activity. These activities benefit participants collectively without requiring individual consent.
Legal compliance obligations override other considerations. Tax authorities require transaction records. Education regulators mandate certain reporting. Court orders compel disclosure despite other privacy protections. These represent non-discretionary requirements.
Consent supports optional features like marketing communications or participation in research studies. You can withdraw consent anytime, though this might limit access to certain non-essential platform features.
Policy Evolution and Notification
Educational technology evolves, sometimes requiring modified data practices. Material changes trigger notification through your registered email address at least 30 days before implementation. Continued platform usage after notification periods constitutes acceptance of updated terms.
Minor clarifications, updated contact details, or formatting improvements happen without notification. Substantive modifications affecting data collection scope, processing purposes, or recipient categories always warrant advance disclosure.
You can review previous policy versions through our documentation archive, accessible through the footer link on every page. This maintains transparency about how practices evolved over time.
Questions, Concerns, or Rights Exercise
For unresolved disputes after direct contact, Australian residents may lodge complaints with the Office of the Australian Information Commissioner through their official channels. We aim to resolve concerns internally before escalation becomes necessary, but acknowledge your right to external review when internal resolution proves inadequate.