Privacy Policy

Effective date: 29 April 2026

AI Lift-Off (“the Platform”) is operated by the Western Australian Data Science Innovation Hub (WADSIH). This Privacy Policy explains how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

The Platform is an educational tool designed for use in Australian school classrooms with students in Years 5–10 (approximately 10–15 years of age). It is intended to be used under teacher supervision as part of structured classroom activities.

For technical details on our safety and content-filtering measures, see our Safety & Privacy page.

APP 1 — Our Commitment

WADSIH is committed to managing personal information openly and transparently. This Privacy Policy explains how we handle personal information on the AI Lift-Off Platform. It is publicly available at /privacy-policy on the Platform and can be accessed without logging in.

We regularly review our practices and this policy. If we make material changes, we will update the effective date at the top of this page.

For questions about how we handle personal information, see Contact at the bottom of this page.

APP 2 — Using the Platform Without Identifying Yourself

AI Lift-Off is designed so that students do not need to provide their real name to use the Platform.

• Student usernames are set by the teacher and can be pseudonymous (e.g. “student01”, “table3-blue”).
• Display names are optional and can be a first name, nickname, or left blank.
• No email address, phone number, date of birth, home address, or guardian information is collected.

Teachers are encouraged to use anonymous identifiers where their school policy requires it, making the Platform effectively pseudonymous or anonymous for students.

APP 3 — What We Collect and Why

We collect only the personal information that is reasonably necessary for the Platform to function as an educational tool. We follow the principle of data minimisation.

Student Information

Teacher / School Information

• School code and name — used to identify and isolate the school’s data.
• Teacher password — stored as a bcrypt hash for authentication.

Automatically Collected Information

• AI interaction logs — every student prompt and AI response is logged, including timestamps and any content moderation actions taken. This is necessary for teacher oversight and student safety.
• AI-generated images — stored so teachers can review what was generated.
• Student-uploaded images — for machine-learning activities only. Faces are automatically detected and blurred on the student’s device before upload; unblurred originals never reach our servers.
• Student notes and help requests — text entered by students within the Platform for educational purposes.
• Bug reports — if submitted, may include browser user-agent string and screen size for debugging purposes.
• Block-coding projects — saved project data created by students using the visual coding tools.

How We Collect Information

Personal information is collected directly from teachers (who create student accounts) and from students (who enter prompts and content during classroom activities). We do not collect personal information about students from third parties.

APP 4 — Information We Receive but Don’t Request

Students may inadvertently include personal information (such as their full name, email, phone number, or address) in AI prompts. The Platform automatically detects this using multiple detection methods. When detected:

• The prompt is blocked and not sent to the AI model.
• A flag is created for the teacher to review.
• The student sees a neutral message that their request could not be processed.

Where personal information is received in this way, it is retained only as part of the safety log for teacher review. We do not use unsolicited personal information for any other purpose.

APP 5 — How We Notify You

This Privacy Policy serves as our primary collection notice. At the time of collection:

• Teachers are provided with this policy and the Safety & Privacy page when onboarding their school.
• Students are informed through their teacher that all AI interactions are logged and visible to the teacher.

We collect personal information for the following purposes:

1. Providing the educational platform (authentication, class management, AI tools).
2. Student safety (content filtering, PII detection, automatic flagging).
3. Teacher oversight (interaction logs, flag review, student management).
4. Platform maintenance and improvement (bug reports, error logs).

APP 6 — How We Use Your Information

We use personal information only for the purpose for which it was collected, or for a directly related purpose that the individual would reasonably expect.

Primary Uses

Disclosure to Third-Party Services

To provide the Platform, certain data is shared with the following service providers:

We do not sell personal information, share it with advertisers, or allow third parties to use children’s data for purposes unrelated to the Platform.

Optional Integrations

If a school enables the WizKid AI Tutor integration, the student’s name, display name, and year group may be shared with the WizKid platform to provision a tutoring account. This integration is off by default and must be explicitly enabled by the school administrator.

APP 7 — No Direct Marketing

We do not use personal information for direct marketing. We do not send marketing emails, promotional messages, or any unsolicited communications. We do not collect email addresses from students or teachers.

APP 8 — Where Your Data Is Processed

We take reasonable steps to store data within Australia. Our primary database and hosting infrastructure are located in Australia.

However, when student prompts are sent to AI models via OpenRouter, those prompts may be processed by AI model providers whose infrastructure is located outside Australia (including the United States and other jurisdictions).

Student prompts sent to AI models do not include student names, school names, or other identifying information beyond the content of the prompt itself.

We maintain Data Processing Agreements (DPAs) with our service providers where applicable to ensure data is handled in a manner consistent with the APPs.

APP 9 — Government Identifiers

We do not adopt, use, or disclose government-related identifiers (such as Tax File Numbers, Medicare numbers, or driver’s licence numbers) as our own identifiers. The Platform uses internally generated identifiers and school-chosen codes for identification.

If a student inadvertently includes a government identifier in an AI prompt, our PII detection system will flag and block the request.

APP 10 — Keeping Information Accurate

We take reasonable steps to ensure that the personal information we collect and use is accurate, up-to-date, complete, and relevant.

• Teachers can update student display names and reset passwords at any time through the teacher dashboard.
• School administrators can update school details.
• Since the Platform collects minimal personal information, the scope for inaccuracy is limited.

APP 11 — How We Protect Your Information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

Technical Safeguards

• Encryption in transit: All data is transmitted over HTTPS/TLS.
• Password hashing: All passwords are stored using industry-standard one-way hashing. Plain-text passwords are never stored or logged.
• Secure sessions: Login sessions use cryptographically signed tokens with automatic expiry.
• School-level data isolation: All data access is scoped to the authenticated school. Users from one school cannot access data from another.
• Face blurring: Student-uploaded images have faces automatically detected and blurred on the student’s device before upload. Unblurred images never reach our servers.
• Rate limiting: Built-in rate limits prevent automated abuse.
• Session revocation: Teachers can instantly revoke all student sessions school-wide.
• Regular security reviews: We conduct periodic reviews of our security practices.

Data Retention

Schools may request permanent deletion of their data by contacting us (see Contact section below). Upon receiving a verified deletion request, we will permanently remove the school’s data from our systems within a reasonable timeframe. Data may be retained longer if required by law.

APP 12 — Requesting Access to Your Information

Under the APPs, individuals have the right to request access to the personal information we hold about them.

• Teachers can view all student data, AI interaction logs, flagged content, and student notes through the teacher dashboard at any time.
• Students can view their own notes and class enrolments through the student interface.
• Schools can request a full export of their school’s data by contacting us.

To request access to personal information that is not available through the Platform’s interface, please contact us using the details in the Contact section below. We will respond to access requests within 30 days.

We may refuse access where permitted by law, for example if providing access would pose a serious threat to the life, health, or safety of any individual, or would unreasonably impact the privacy of others. If we refuse access, we will provide written reasons.

APP 13 — Correcting Your Information

We take reasonable steps to correct personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading, having regard to the purpose for which it is held.

• Teachers can update student usernames, display names, and passwords through the teacher dashboard at no cost.
• School administrators can update school names and settings.
• For corrections that cannot be made through the Platform, contact us using the details below.

Special Considerations for Minors

AI Lift-Off is designed for use by school students in Years 5–10 (approximately 10–15 years of age). We recognise the particular importance of protecting children’s personal information and have built the Platform with the following safeguards:

• Data minimisation: We collect the absolute minimum information needed. No email, phone, date of birth, or guardian details are required.
• Pseudonymous accounts: Teachers can create accounts using pseudonyms or codes instead of real names.
• Teacher-managed accounts: Students do not create their own accounts. All accounts are created and managed by teachers.
• Content safety: Multiple layers of content filtering protect students from inappropriate AI-generated content.
• Image protection: AI-generated images depicting minors are automatically restricted to non-photorealistic styles.
• Face blurring: Faces in student-uploaded images are automatically detected and blurred on the student’s device before upload.
• PII detection: If a student shares personal information in a prompt, it is automatically detected, blocked, and flagged for the teacher.
• Full teacher oversight: Every AI interaction is logged and available for teacher review.
• Supervised use: The Platform is designed as a supervised classroom tool, not for unsupervised home use.

No Cookies

AI Lift-Off does not use HTTP cookies—no session cookies, no tracking cookies, and no third-party cookies.

Browser Local Storage

The Platform uses your browser’s local storage to hold:

• Authentication token — a signed token that identifies your session. Cleared on logout.
• User preferences — accessibility settings such as text size, reduced motion, and high contrast mode.

Local storage data remains on your device only and is not transmitted to any third party. It can be cleared at any time by logging out or clearing your browser data.

How to Contact Us

If you have questions about this Privacy Policy, or for more information, please contact:

AI Lift-Off Program Coordinator, Western Australian Data Science Innovation Hub (WADSIH)

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the effective date at the top of this page and notify participating schools. We encourage you to review this policy periodically. Check the effective date at the top for the most recent update.