Placeholder — pending legal review

Privacy.

How Attuniq collects, uses, stores, and shares personal data. We've written it in plain language wherever the law allows. Where legal language is required, we've kept it as readable as we can.

Last updated: [date — to be set at publication] Effective: [date — to be set at publication]

Who we are

Attuniq is operated by [legal entity name and registration details — to confirm]. If you're using Attuniq through a partner organisation — your school, your training provider, your employer, your AMEP provider — that organisation is the data controller for your records, and Attuniq is the data processor. The relationship is governed by a data processing agreement with the partner.

If you're using Attuniq as an individual through our individual entry, Attuniq is both controller and processor.

What we collect

We collect what we need to operate the platform. Data minimisation is the design principle.

  • Account information — name, email, role.
  • Practice records — scenario completions, scores, feedback, recordings.
  • Usage data — pages visited, features used, technical telemetry.
  • Information you provide voluntarily — support requests, accessibility preferences.

How we use it

  • To provide the practice and assessment service.
  • To produce evidence packs for partners and learners.
  • To improve the platform, with appropriate de-identification.
  • To meet legal and regulatory obligations.

Who we share it with

  • The partner organisation, where you're using Attuniq through a partner.
  • Service providers under contract — hosting, analytics, support tooling.
  • Authorities, where legally required.
Never sold. Never used for advertising. A brand commitment, not a regulatory minimum.

Where we store it

[To be drafted — hosting region, encryption posture, transfer mechanisms.] We host data in the region appropriate to the partner's jurisdiction. For Australian partners, that means Australian residency by default.

How long we keep it

[To be drafted — retention policies aligned to regulatory timelines per partner sector.] The retention policy is specific, not generic — what data category, kept for how long, who can access it during that period, and how it's destroyed at end of retention.

Your rights

[To be drafted — depends on jurisdiction. Australian Privacy Principles, GDPR equivalents where applicable, etc.] You can:

  • Access your data.
  • Correct your data.
  • Delete your data, subject to legal retention requirements.
  • Export your data.
  • Withdraw consent.
  • Make a complaint.

How to contact us

For privacy questions or to exercise your rights, email [email protected].

Changes to this policy

We'll publish updates here, with a clear "last updated" date. Material changes will be notified to current users.