Privacy Policy

Last updated: 17 March 2026

Summary: GoHiMark Pty Ltd (ACN 000 000 000) is committed to protecting the privacy of students, teachers, and school administrators who use our platform. All data is stored in Australian data centres. We do not sell data. We do not use student data to train AI models. This policy is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. About This Policy

This Privacy Policy explains how GoHiMark Pty Ltd ("GoHiMark","we", "us", "our") collects, uses, holds, and discloses personal information in connection with the GoHiMark platform and website. It applies to all users including school administrators, teachers, students, and website visitors.

This policy complies with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). For users who are residents of the European Economic Area, this policy also addresses our obligations under the General Data Protection Regulation (GDPR).

2. Who We Are

GoHiMark Pty Ltd is an Australian company providing AI-powered assessment software to K–12 educational institutions in Australia and internationally.

Data Controller (GDPR): GoHiMark Pty Ltd
ABN: 74 389 208 392
Email: privacy@gohimark.com.au

3. What Personal Information We Collect

We collect personal information in the following categories:

3.1 School Administrators and Teachers

  • Name, email address, and school affiliation
  • Role and year levels taught
  • Login credentials (passwords are hashed and never stored in plain text)
  • Usage data — features used, assessments created, time spent on platform
  • Communication records — emails and support tickets

3.2 Students

  • Name and school student identifier (provided by the school, not collected directly from students)
  • Year level and class enrolments
  • Assessment responses and results
  • Learning analytics — performance over time, concept mastery indicators
  • Session data — login times, device type (no persistent device identifiers)

3.3 Website Visitors

  • IP address and browser type (anonymised for analytics)
  • Pages visited and time on site
  • Form submissions (contact enquiries, demo requests)
  • Cookies — see our Cookie Policy for full details

4. How We Use Personal Information

We use personal information to:

  • Provide and improve the GoHiMark platform
  • Generate assessments, provide marking assistance, and deliver feedback
  • Generate analytics and reporting for teachers and school leaders
  • Communicate about subscriptions, updates, and support
  • Comply with our legal obligations
  • Respond to enquiries and support requests

We do not use personal information to:

  • Sell or share with third parties for advertising purposes
  • Train external AI or machine learning models
  • Profile individuals for purposes unrelated to education
  • Contact students directly without school authorisation

5. Data Storage and Residency

All GoHiMark data — including all student data — is stored exclusively in Australian data centres operated by Amazon Web Services (AWS) in Sydney (ap-southeast-2) and Melbourne (ap-southeast-4). We do not transfer personal data outside Australia except where explicitly required by law.

Where we use third-party service providers (sub-processors) who may process data outside Australia (for example, enterprise-tier AI API providers), we ensure those providers have executed Data Processing Agreements that:

  • Prohibit the use of data for model training
  • Require data to be deleted after processing
  • Comply with the Australian Privacy Principles or equivalent standards

6. Disclosure of Personal Information

We may disclose personal information to:

  • Service providers — AWS (hosting), and optionally enterprise AI API providers (under DPA)
  • The school — teachers, HODs, and administrators within the subscribing institution
  • Parents/guardians — only as permitted by the school's data governance policies
  • Regulatory authorities — where required by Australian law

We do not disclose personal information to any other third parties without explicit consent.

7. Data Retention

We retain personal information only for as long as necessary to provide the service or as required by law:

  • Active school subscriptions: Data retained for the duration of the subscription
  • Post-termination: 30-day data export window, then secure deletion within 60 days
  • Contact/enquiry data: Retained for 2 years unless deletion is requested
  • Anonymised analytics: May be retained indefinitely (not personal information)

8. Security

We implement appropriate technical and organisational measures to protect personal information, including:

  • AES-256 encryption at rest; TLS 1.3 in transit
  • Role-based access control with audit logging
  • Multi-factor authentication for administrator accounts
  • Annual third-party penetration testing
  • Documented Incident Response Plan

See our Security page for detailed information.

9. Your Rights

Under the Australian Privacy Act and/or GDPR, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — request that inaccurate information be corrected
  • Deletion — request deletion of your personal information (subject to legal obligations)
  • Portability (GDPR) — receive your data in a machine-readable format
  • Objection (GDPR) — object to processing based on legitimate interests
  • Restriction (GDPR) — request that processing be restricted in certain circumstances
  • Withdraw consent — where processing is based on consent

To exercise these rights, contact us at privacy@gohimark.com.au. We will respond within 30 days.

Students and their parents/guardians should contact their school in the first instance, as the school is the data controller for student assessment records.

10. Notifiable Data Breaches

GoHiMark complies with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. In the event of a data breach that is likely to result in serious harm, we will:

  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
  • Notify affected schools within 72 hours of determining a reportable breach has occurred
  • Assist schools in notifying affected individuals where required

11. Cookies

Our website uses cookies. For detailed information on the types of cookies we use, their purpose, and your choices, see our Cookie Policy.

12. Children's Privacy

GoHiMark is used by schools to manage student assessments. Students under the age of 18 use GoHiMark through their school account. Schools are responsible for obtaining appropriate consent from parents/guardians where required by applicable law, and for configuring their data governance settings appropriately.

We do not knowingly collect personal information directly from children without school mediation. If you believe we have inadvertently collected personal information from a child without appropriate consent, contact us immediately at privacy@gohimark.com.au.

13. GDPR — Additional Rights for EU Residents

Where GoHiMark processes the personal data of individuals located in the European Economic Area (EEA), the GDPR applies in addition to Australian privacy law. Our lawful bases for processing under GDPR are:

  • Contract performance — processing necessary to provide the platform to subscribing schools
  • Legitimate interests — platform security, fraud prevention, product analytics
  • Consent — marketing communications, optional analytics cookies
  • Legal obligation — compliance with applicable law

EEA residents may lodge complaints with their local supervisory authority. For Australian users, complaints may be lodged with the OAIC at oaic.gov.au.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to subscribers by email and a notice on our platform. The effective date at the top of this page indicates when the policy was last updated.

15. Contact Us

For all privacy enquiries:

  • Privacy Officer: privacy@gohimark.com.au
  • General: hello@gohimark.com.au