Contents
Privacy Policy
Introduction
CET Cor is committed to protecting the privacy of all users in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, store, and secure personal information, as well as your rights in relation to your data. All processing activities are carried out on systems hosted within Australia to ensure compliance with local data-sovereignty requirements.
Personal Information We Collect
When you register or log in to CET Cor, we collect identity and contact details such as your name, school email address, and profile information. We also record authentication data (including hashed passwords or tokens managed by Clerk), session metadata, and user-generated content stored in PayloadCMS.
In addition, we automatically collect usage data—such as pages viewed, resources accessed, and activity timestamps—through our application logs, which are forwarded to our observability platform. We use cookies and similar technologies to maintain your logged-in state, remember your preferences, and analyse site performance.
How We Use Personal Information
We use your personal information to provide, maintain, and personalise the CET Cor experience, including authenticating your access via Clerk, enforcing role-based permissions in PayloadCMS, and delivering content according to your assigned role.
Usage analytics help us monitor system health, optimise performance, and detect anomalous behaviour. We may also send you important notifications related to your account or upcoming events, and occasional administrative messages about policy updates or service changes.
Third-Party Services and Disclosure
CET Cor relies on a small number of trusted third-party service providers to deliver and operate the platform. Clerk manages authentication flows and MFA; MongoDB Atlas hosts encrypted databases; Vercel operates our compute and edge network; Datadog aggregates logs, metrics, and audit trails; and Sentry captures and analyses errors.
Each provider processes data under strict contractual agreements that require them to implement security controls at least as stringent as our own and to use or disclose your information only as necessary to perform their services. We do not sell or rent personal information to any third parties.
Data Storage and Cross-Border Transfer
All primary data repositories and backups reside within Australian data centres (AWS Sydney region or Azure Australia East) to meet data-residency obligations.
In limited cases, anonymised logs or aggregated metrics may traverse global networks for content-delivery or infrastructure-management purposes, but no identifiable personal data is transferred outside Australia without your explicit consent or as required by law.
Data Security
We protect personal information using industry-standard safeguards. All communication channels employ TLS 1.3 encryption. Data at rest in MongoDB Atlas and object storage is encrypted with AES-256.
Access to production systems is restricted by Clerk’s SSO and MFA enforcement and by fine-grained IAM roles for our engineering team. We maintain regular vulnerability scanning, quarterly penetration tests, and automated dependency checks to ensure our software and infrastructure remain secure against evolving threats.
Data Retention and Deletion
We retain personal information only for as long as it is required to fulfil the purposes outlined in this policy or to meet legal and compliance obligations. Usage logs and audit trails are archived with WORM (write-once, read-many) retention for a minimum of seven years.
You may request deletion or correction of your personal data at any time by contacting us. Upon verification of your identity, we will remove your profile and associated content unless retention is required by law or necessary for legitimate business purposes.
Your Rights and Choices
Under the APPs, you have the right to access the personal information we hold about you, to request corrections of inaccuracies, and to withdraw consent to certain processing activities.
If you believe we have breached your privacy, you may lodge a complaint with us using the contact details below. We will investigate and respond within a reasonable timeframe. You may also seek recourse through the Office of the Australian Information Commissioner (OAIC) if you remain dissatisfied.
Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we do, we will revise the “Last updated” date and publish the new policy on this page.
Significant changes affecting how we use personal information will be communicated to you in advance via email or in-app notification.
Contact Information
If you have any questions or concerns about this Privacy Policy or our data practices, please contact our Privacy Officer at:
Email: privacy@cetconnect.edu.au
Mailing Address: Privacy Officer, CET Cor, 123 Education Lane, Hobart TAS 7000, Australia.
We are committed to responding to all inquiries promptly and transparently.