← Back to home

Privacy Policy

Last updated: 20 April 2026

The short version

Student data never leaves your browser. Student names, IDs, grades, attendance, and any file you upload are stored on your device in IndexedDB. We do not collect, transmit, or store student personal information on our servers — we literally cannot see it.

When you trigger an AI feature (schema mapping, intervention planning, cohort narration), a small amount of aggregated or pseudonymised data is sent to our backend and onwards to Google Gemini for processing. That data is designed so no individual student can be identified. Specifics below.

What stays on your device

  • Student names and identifiers from the CSVs or PDFs you upload
  • Grades, NAPLAN scores, attendance, pastoral records
  • Any notes, interventions, or IEPs you draft inside the app
  • Your workspace configuration, dashboard layout, theme
  • The mapping between real IDs and the pseudonyms we generate (“Student A01”)

All of the above is held in your browser's IndexedDB storage and can be cleared at any time by clicking the reset icon in the navigation or by clearing site data in your browser settings.

What we send to our backend

Only when you trigger an AI feature, and only the following shapes:

  • Aggregate cohort summaries — counts per year level, risk-band distribution, subject averages, top risk patterns. No names. No individual rows.
  • Pseudonymised evidence packets— when an agent works on a single student, we replace real names with pseudonyms (e.g. “Student A01”) before the data leaves your device. The name ↔ pseudonym mapping stays local.
  • Masked column profiles— when mapping an uploaded file's schema, we send header names and statistical profiles (data types, null fractions, masked sample shapes like “NNN” for three-digit numbers). No actual row values.

Our backend runs on Railway (AU/US regions) and calls Google Gemini for language model work. No raw PII reaches either system.

What we don't do

  • No third-party analytics or tracking scripts
  • No advertising cookies
  • No selling or sharing of any data, aggregate or otherwise
  • No training of our models on your data
  • No cross-tenant data access — your workspace is local to your browser

Optional sign-in

Signing in is optional. If you sign in (via Google or email), we store your name, email address, and a workspace identifier so you can return to the same workspace from another device. Student data is still never associated with your account or synced to our servers — only the workspace shell (layout, theme, role) syncs.

AI and automated decisions

Halo Explore uses AI to suggest interventions, risk interpretations, and written summaries. These are suggestions for a human to review and accept — they are not final decisions. Our AI features are designed in line with the Australian Privacy Principles and the automated decision-making transparency obligations coming into effect in December 2026. Every AI-generated artefact is labelled, traceable to the inputs that produced it, and can be discarded or rewritten by the educator.

Your rights

Because student data lives on your device, you have complete control over it. You can export, delete, or modify anything at any time. For any information we do hold (account email, workspace shell), you can request access or deletion by contacting us at privacy@dataclysm.au.

Changes to this policy

If we change anything material, we'll post the update here and note the change date at the top of the page. We won't change the “data never leaves your browser” guarantee without renaming the product.