🔒 Legal & Privacy

Privacy Policy

📅 Last updated: 1 June 2026 🏢 Issued by: kl8techgroup ✉️ kl8tech@kl8.au

1. Who We Are

Kl8.in is operated by kl8techgroup (ABN 77 923 391 849), an Australian technology company.

Contact: kl8tech@kl8.au

This Privacy Policy explains how we collect, use, store, and protect personal information. It applies to all teachers and school administrators using the Service.

2. Our Commitment to Privacy Law

We comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the NSW Privacy and Personal Information Protection Act 1998 (12 IPPs), and the Health Records and Information Privacy Act 2002 (HRIP Act). Student data is fully de-identified and medical/diagnostic records are prohibited.

3. What Personal Information We Collect

3.1 Teacher / Account Holder Information

  • Email address — used to verify your identity and send service notifications
  • Password — stored as a one-way cryptographic hash (bcrypt). We never store your password in readable form. Nobody at kl8techgroup can read your password.
  • School name and school logo — uploaded at your discretion for use on certificates and printed materials
  • Account settings and preferences

3.2 Student Roster Data

Teachers enter student records manually. To comply with the NSW PPIP Act, the platform operates a **de-identified student roster architecture**. We store only:

  • Student Code / Token (e.g., Student 1, S-A) — used to identify the student internally without recording their real name
  • Descriptor / Classroom Tag (optional, e.g. Blue Group — no real names)
  • Year level (e.g., Kindergarten, Year 1–12)
  • Class group (optional label)
  • Gender (M / F / X) — used only for grammatically correct pronoun generation in report comments; never for profiling or advertising
  • NCCD support level (None / Supplementary / Substantial / Extensive) — treated with the highest sensitivity
  • Teacher notes (optional, private) — strictly limited to general educational capabilities. We do not store health, diagnostic, behavioural, or medical records (e.g. ADHD, Autism, NDIS) in notes.
We do not collect student real names, email addresses, home addresses, phone numbers, photos, birth dates, or any other identifying information.

3.3 Community & Staff Room Data

If you post to the Community Hub or Staff Room, you choose your own display name. Your real name and school are never displayed publicly. Your account is linked to posts internally for moderation and deletion purposes only.

3.4 Usage Data

Standard server logs (IP addresses, browser type, access timestamps) for security monitoring only. Not used for marketing.

4. How We Use Personal Information

  • Account authentication and security
  • Generating certificates, lesson plans, worksheets
  • Sending verification and password reset emails
  • Displaying your school logo on printed materials
  • Generating grammatically correct report comments
  • NCCD-level differentiation in planning tools
  • Service security monitoring
We do NOT use your data for advertising, profiling, or machine learning model training.

5. How We Protect Your Information

🔒 Passwords
Converted to an irreversible bcrypt hash. Nobody can read them.
🍪 Auth Sessions
JWT token in an httpOnly cookie (inaccessible to JavaScript). Expires after 30 days.
🔐 Transmission
All data uses HTTPS/TLS encryption in transit.
💾 At Rest
Sensitive user data (school details, region setting) and student tokens/notes are encrypted using AES-256-GCM before storage. Gemini API keys are encrypted at rest.
👤 Data Isolation
All student records are cryptographically linked to your account. No other user can access your students.
🙈 Pseudonymity
Posts in Community Hub and Staff Room use display names you choose. Your real identity is never shown publicly.

6. Who We Share Information With

We do NOT sell, rent, or trade personal information.
  • Resend (email delivery) — your email is passed to Resend solely for transactional emails. No student data is shared.
  • Google Gemini API (AI Processing) — structured prompts containing de-identified rosters and lesson parameters are sent to Gemini for worksheet generation and comment suggestions. No personal student identifiers are sent.

7. Data Storage and Retention

Data stored within Australia or equivalent jurisdictions. Retained while your account is active plus a reasonable period for legal compliance. You can delete individual records at any time from within the app.

8. Your Rights Under the Australian Privacy Principles

APP 12

Access: Request a copy of your data. Email kl8tech@kl8.au

APP 13

Correction: Request correction of inaccurate information

Delete & Export

Self-service: export all your data or purge your account instantly via the "My Data & Privacy" panel under Profile Security. Alternatively, contact kl8tech@kl8.au (actioned within 30 days).

Complaints

Contact kl8tech@kl8.au first. If unsatisfied, contact the OAIC at oaic.gov.au

9. Children's Privacy

Kl8.in is for teachers and school staff only. We do not collect information directly from children. Students who join a live quiz enter only their assigned student code (e.g. S-1) on a shared device — not legal names, and not retained as a user account beyond the quiz session.

10. Changes to This Policy

We notify registered users of material changes by email. Continued use after notification constitutes acceptance.

11. Contact Us

kl8techgroup | Email: kl8tech@kl8.au | New South Wales, Australia