Privacy Policy

1. Purpose

Snapshot Educational Solutions Pty Ltd (ABN 90 665 866 437) ("Snapshot", "we", "us", or "our") is committed to protecting the privacy of all individuals whose personal information we collect and manage. This Privacy Policy explains how we collect, hold, use, and disclose personal information in connection with the Snapshot platform and related services.

 

This policy applies to all users of the Snapshot platform, including teachers, school administrators, students, parents and carers, and any other individuals whose personal information is collected in connection with Snapshot services.

 

Snapshot operates in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Privacy and Data Protection Act 2014 (Vic), the Information Privacy Principles (IPPs), and the Health Records Act 2001 (Vic) where applicable. Where Snapshot provides services to government schools under contractual arrangements with a Department of Education, Snapshot is bound by applicable privacy obligations as if it were the Department for the purposes of handling personal information under those arrangements.

 

1. Kinds of Personal Information We Collect and Hold

Snapshot collects and holds personal information that is reasonably necessary to provide and operate our platform. The kinds of personal information we collect depend on how the platform is used by a school and may include the following:

1.1 Information Provided Directly

• Full name

• Email address

• School or organisation name and role

• Account login credentials (passwords are stored in hashed form only)

• Communications sent to us, including support requests and feedback

 

1.2 Student Information

Where Snapshot is used by a school, limited student information may be stored, including:

• Student name

• Year level and class or group assignments

• Timetable information

• Learning records, attendance notes, or wellbeing records entered by authorised school staff

• Homework submissions and assessment information

Schools remain the data controller for student information. Snapshot processes student data only on behalf of, and under the direction of, the school.

1.3 Parent and Carer Information

Where a school uses the Snapshot parent communication features, we may collect:

• Parent or carer name

• Email address

• Relationship to student

• Communications and responses submitted through the platform

1.4 Automatically Collected Information

We may automatically collect technical information when users access the platform, including:

• Device type and operating system

• Browser type (for web access)

• IP address

• App usage and interaction data

• Log and diagnostic data

This information is used to maintain system performance, security, and reliability. It is not used to identify individual users for marketing purposes.

 

2. How We Collect Personal Information

Snapshot collects personal information through the following means:

• Directly from individuals: When users create an account, submit information through the platform, or contact us for support.

• From schools and authorised administrators: Schools provide staff and student data during school onboarding, typically by uploading CSV or Excel files or entering information through the Snapshot administration console.

• From parents and carers: When parents or carers register for or interact with the Snapshot parent communication features.

• Automatically through the platform: Technical and usage data is collected automatically when users access Snapshot via web, mobile, or desktop applications.

Snapshot does not collect personal information from third-party data brokers, social media platforms, or any source other than the individuals themselves and the schools that engage our services.

 

3. Purposes for Which We Collect, Hold, Use, and Disclose Personal Information

Snapshot collects, holds, and uses personal information for the following purposes:

• To provide, operate, and maintain the Snapshot platform and its features

• To authenticate users and manage access to school-specific environments

• To enable teachers, students, parents, and administrators to collaborate within their school

• To deliver customer support and respond to enquiries

• To communicate important service updates, maintenance notifications, and security alerts

• To improve platform features, usability, and performance

• To comply with legal and regulatory obligations, including obligations under government contracts

• To detect, prevent, and respond to security incidents, fraud, or misuse

• To fulfil reporting obligations to Departments of Education where required under contractual arrangements

We do not use personal information for marketing to individual users. We do not sell, rent, or trade personal information to any third party.

 

4. Recipients of Personal Information

Snapshot may disclose personal information to the following categories of recipients, only to the extent necessary to provide our services:

4.1 Cloud Infrastructure Provider

• Google Cloud Platform / Firebase: Snapshot's platform is hosted on Google Cloud Platform infrastructure located in Australia (Sydney region, australia-southeast1). Google provides cloud hosting, database, authentication, and storage services. Google processes data in accordance with its Cloud Data Processing Addendum and does not access Snapshot customer data for its own purposes.

4.2 Email Delivery Services

• Transactional email providers: Used to send account verification emails, password reset emails, and platform notifications to users. These providers process email addresses and message content only for the purpose of delivering communications on behalf of Snapshot.

4.3 Departments of Education

• Where Snapshot provides services to government schools under a panel or contractual arrangement, we may be required to provide reports, data, or access to personal information to the relevant Department of Education in accordance with our contractual obligations.

4.4 Legal and Regulatory Disclosure

• Snapshot may disclose personal information where required or authorised by law, including in response to a court order, subpoena, or lawful request by a government authority, or where disclosure is necessary to protect the rights, safety, or property of users or the platform.

Snapshot does not disclose personal information to advertisers, data brokers, or any third party for commercial purposes unrelated to the delivery of our services.

4.5 Application Verification (reCAPTCHA Enterprise)

Snapshot uses Google reCAPTCHA Enterprise for application attestation and bot protection on the Snapshot login page. reCAPTCHA Enterprise collects browser behavioural signals (including interaction patterns, browser metadata, and timing data) to verify that requests originate from the legitimate Snapshot application rather than automated tools. This processing occurs on the login page before user authentication. Google operates as a data processor for reCAPTCHA Enterprise under the Google Cloud Data Processing Addendum, with Snapshot Educational Solutions as the data controller. reCAPTCHA Enterprise data is not used by Google for advertising or any purpose other than providing the reCAPTCHA service to Snapshot.

 

5. Consequences of Not Providing Personal Information

Providing personal information to Snapshot is generally required in order to access and use the platform. If an individual chooses not to provide personal information, or if a school chooses not to provide staff or student data, the following consequences may apply:

• Users may be unable to create an account or access the platform

• Schools may be unable to onboard staff and students or configure their Snapshot environment

• Certain platform features, such as parent communication, homework submission, or wellbeing tracking, may be unavailable or limited

• Snapshot may be unable to provide customer support in relation to a specific account or issue

Where the collection of specific information is optional rather than required, this will be indicated at the point of collection.

 

6. Accessing and Correcting Your Personal Information

Individuals have the right to request access to the personal information that Snapshot holds about them, and to request the correction of any information that is inaccurate, incomplete, out of date, or misleading.

6.1 How to Request Access or Correction

Requests for access to or correction of personal information can be made by contacting Snapshot at the details provided in Section 11 of this policy. We will respond to access requests within 30 days and will provide information in a commonly used format.

For student data, requests should generally be directed to the relevant school in the first instance, as the school is the data controller for student information. The school may then liaise with Snapshot if required.

6.2 Verification

Snapshot may require verification of identity before processing access or correction requests to ensure the security of personal information.

6.3 Refusal

In limited circumstances, Snapshot may refuse an access or correction request where permitted by law, for example where providing access would pose a serious threat to the safety of any individual, or would unreasonably impact the privacy of another person. If we refuse a request, we will provide written reasons for the refusal.

 

7. How to Make a Privacy Complaint

If an individual believes that Snapshot has breached the Australian Privacy Principles or any applicable privacy law, they may lodge a complaint with us.

7.1 How to Lodge a Complaint

Privacy complaints should be submitted in writing to:

Snapshot Educational Solutions Pty Ltd

Email: privacy@snapshot-solutions.com

Subject line: Privacy Complaint

7.2 How We Handle Complaints

Upon receipt of a privacy complaint, Snapshot will:

• Acknowledge receipt of the complaint within 5 business days

• Investigate the complaint and assess whether a breach has occurred

• Provide a written response to the complainant within 30 days, outlining our findings and any remedial action taken or proposed

• Where a complaint cannot be resolved within 30 days, we will notify the complainant of the reason for the delay and provide an estimated timeframe for resolution

7.3 External Complaints

If a complainant is not satisfied with Snapshot's response, they may escalate the complaint to:

• The Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au

• The Office of the Victorian Information Commissioner (OVIC): www.ovic.vic.gov.au

 

8. Overseas Disclosure of Personal Information

Snapshot does not disclose personal information to overseas recipients in the ordinary course of its operations.

 

All Snapshot platform data, including personal information, is stored and processed on Google Cloud Platform infrastructure located in Australia (Sydney region, australia-southeast1). Snapshot does not replicate, transfer, or store customer data in data centres outside Australia.

Snapshot does not use overseas-based sub-processors to process personal information on its behalf.

In the event that an overseas disclosure of personal information were to become necessary in the future (for example, due to a change in service providers), Snapshot would:

• Obtain consent from the relevant school, Department of Education, or individual (as applicable) before any overseas transfer

• Ensure that appropriate safeguards are in place to protect the personal information in accordance with the Australian Privacy Principles

• Update this Privacy Policy to identify the relevant countries

Where Snapshot provides services to government schools under a contractual arrangement that prohibits overseas transfer of data, Snapshot will comply with those contractual restrictions regardless of the terms of this policy.

 

9. Development and Support Personnel

Snapshot engages a small number of overseas-based development contractors who contribute to platform development and testing. These contractors do not have access to any production environments, customer data, or personal information. They work exclusively in demonstration and development environments that contain only synthetic test data.

This arrangement does not constitute an overseas disclosure of personal information for the purposes of APP 8, as no personal information is accessible to or held by these contractors.

​

10. Data Storage and Security

Snapshot takes the security of personal information seriously and implements technical and organisational measures to protect it from misuse, interference, loss, unauthorised access, modification, or disclosure. These measures include:

• All data is hosted on Google Cloud Platform infrastructure located in Australia (Sydney region)

• All data in transit is encrypted using TLS 1.2 or higher

• All data at rest is encrypted using AES-256 encryption

• Role-based access controls restrict access to personal information to authorised personnel only

• Multi-factor authentication is required for administrative and production system access

• Server-side authentication controls include failed login tracking and temporary account lockout

• Comprehensive audit logging tracks access to and changes in platform data

• School data is isolated in separate per-school database environments to prevent cross-school access

Snapshot's security controls are described in further detail in our Information Security Policy and are subject to regular review and improvement.

 

11. Data Retention

Snapshot retains personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, or as required by law or contractual obligation.

When data is no longer required, Snapshot will securely delete or de-identify the information. Upon termination or expiry of a school's subscription, Snapshot will manage data in accordance with the applicable contractual requirements, which may include returning data to the school and securely deleting all copies within a specified timeframe.

 

12. Children's Privacy

Snapshot is designed for use in educational settings. Student accounts and data are created and managed by schools and educators, not by students directly. Snapshot does not knowingly collect personal information from children outside of a school-authorised context.

Schools are responsible for obtaining any necessary consents from parents or carers for the collection and use of student data through the Snapshot platform. Snapshot processes student data only under the direction of, and on behalf of, the school.

 

13. Cookies and Analytics

Snapshot websites and web applications may use cookies and similar technologies to support platform functionality, maintain user sessions, and analyse usage patterns. Users can manage cookie preferences through their browser settings. Snapshot uses Google reCAPTCHA Enterprise on the login page for bot protection and application verification. reCAPTCHA may collect browser behavioural signals for this purpose. Snapshot does not use cookies for advertising or third-party tracking purposes.

 

14. Changes to This Policy

Snapshot may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. Any material changes will be published on our website and, where appropriate, communicated to schools and users. We encourage users to review this policy periodically.

 

15. Contact Us

If you have any questions about this Privacy Policy, wish to request access to or correction of your personal information, or wish to make a privacy complaint, please contact:

Snapshot Educational Solutions Pty Ltd

ABN: 90 665 866 437

Privacy enquiries: privacy@snapshot-solutions.com

General enquiries: info@snapshot-solutions.com

Website: https://www.snapshot-solutions.com