GoHiMark was built privacy-first. Australian data centres, encrypted storage, strict access controls, and a commitment to never selling or misusing student information.
Security isn't a feature we added — it's embedded in every layer of how GoHiMark works.
All student data is stored exclusively in Australian data centres located in Sydney and Melbourne. We never transfer student data offshore.
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Encryption keys are managed in AWS KMS with automatic rotation.
Role-based access control ensures teachers only see their own classes, students see only their own data, and administrators have audited elevated access.
GoHiMark is designed to meet Australian privacy and security requirements for educational institutions.
Dedicated security incident response team with documented procedures. Data breach notification within 72 hours as required under the Notifiable Data Breaches scheme.
Annual third-party penetration testing by CREST-certified security firms. Internal security reviews conducted quarterly.
We believe student data belongs to students and schools — not to technology companies. These commitments are written into our contracts, not just our marketing.
All data stored in Australian data centres — no offshore transfers ever
Student data is never sold, shared with advertisers, or used for any commercial purpose outside GoHiMark
Student data is never used to train any external AI model
You own your data — export or delete it at any time, including after contract termination
Transparent Data Processing Agreement (DPA) available on request
Privacy Impact Assessment (PIA) documentation available for procurement teams
GoHiMark is designed to satisfy the regulatory and contractual requirements of Australian schools.
| Framework | Scope | Status | Notes |
|---|---|---|---|
| Privacy Act 1988 (Cth) | Federal — all Australian organisations | Compliant | All 13 Australian Privacy Principles (APPs) implemented |
| ACSC Information Security Manual | Australian Cyber Security Centre guidance | Aligned | Essential Eight strategies implemented |
| NSW NESA Data Governance | NSW schools using NESA-approved tools | Compliant | Meets NESA data governance requirements |
| Victorian Education Department | Victorian government and Catholic schools | Aligned | Aligned with DET data handling guidelines |
| Notifiable Data Breaches (NDB) | Federal — mandatory reporting scheme | Compliant | 72-hour notification process in place |
| General Data Protection Regulation (GDPR) | EU — applies where EU residents use the platform | Compliant | Cookie consent, data subject rights, DPA available |
Common questions from IT teams and procurement officers.
Our team is happy to provide documentation for your IT review, complete your security questionnaire, or join a call with your IT director.