Privacy Policy
Last Updated: March 15, 2025
At vaxilora, we're serious about protecting your privacy. This isn't just a legal document—it's our commitment to being transparent about what information we collect, why we need it, and what we do with it.
We operate under Australian privacy legislation, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If something here doesn't make sense or you want more details, reach out. We're happy to explain.
1. Information We Collect
Running a financial education platform means we need certain information to provide our services properly. Here's what we typically collect and why:
Personal Information You Provide
When you sign up for courses or contact us, we collect basic details like your name, email address, and phone number. For course enrolments starting in late 2025 and through 2026, we also collect billing information and your professional background—this helps us tailor content to your experience level.
- Contact details: name, email address, phone number, mailing address
- Account credentials: username, password (encrypted), security questions
- Professional information: job title, industry, years of experience with financial modelling
- Payment details: credit card information (processed through secure third-party providers)
- Communication preferences: how you want to hear from us
Technical Information We Collect Automatically
Like most websites, we automatically collect certain technical information when you visit. This includes your IP address, browser type, device information, and which pages you view. We use this to improve site performance and understand how people navigate our educational content.
About Cookies: We use cookies to remember your login, track your course progress, and understand how people use our site. You can disable cookies in your browser, but some features might not work properly. Our cookie preferences tool lets you control which non-essential cookies we use.
2. How We Use Your Information
We're not in the business of collecting data for the sake of it. Everything we collect serves a specific purpose related to providing and improving our financial modelling education services.
| Purpose | Information Used | Legal Basis |
|---|---|---|
| Delivering course content and materials | Account details, course enrolment data, progress tracking | Contract performance |
| Processing payments | Billing information, transaction records | Contract performance |
| Sending course updates and educational content | Email address, communication preferences | Legitimate interest / Consent |
| Improving our platform and courses | Usage data, feedback, technical information | Legitimate interest |
| Providing customer support | Contact details, support correspondence | Contract performance |
| Complying with legal obligations | All relevant information as required | Legal obligation |
We occasionally send emails about new courses, updates to existing materials, or relevant industry insights. You can opt out of marketing emails anytime—there's an unsubscribe link in every message. We'll still send essential emails about your account and courses though.
3. Sharing Your Information
We don't sell your personal information. Period. But we do work with certain trusted partners to run our business effectively. Here's who might see your data and why:
Service Providers
We use third-party services for payment processing, email delivery, course hosting, and analytics. These companies only access the information they need to perform their specific functions, and they're contractually obligated to protect your data. Our payment processor, for example, handles your credit card details—we never see or store your full card numbers.
Legal Requirements
Sometimes we're legally required to disclose information—like if we receive a valid court order or subpoena. We'll only share what's legally required and will notify you when possible, unless prohibited by law.
Important: If vaxilora is acquired by or merges with another company, your information would likely be transferred. We'd notify you before this happens and inform you of any new privacy practices that might apply.
4. Your Privacy Rights
Under Australian privacy law, you have several rights regarding your personal information. We've made it straightforward to exercise these rights—no legal jargon or bureaucratic runaround.
Access Your Data
You can request a copy of all personal information we hold about you. We'll provide this within 30 days in a commonly used electronic format.
Correct Your Data
Found an error or something outdated? Let us know and we'll fix it promptly. You can update most information directly in your account settings.
Delete Your Data
You can request deletion of your personal information, subject to certain exceptions (like records we're legally required to keep for tax purposes).
Object to Processing
You can object to certain uses of your information, particularly for marketing purposes. We'll respect your wishes unless we have compelling legitimate grounds.
Restrict Processing
In certain circumstances, you can ask us to temporarily stop processing your information while we resolve a concern you've raised.
Data Portability
You can request your data in a structured, machine-readable format to transfer to another service provider.
To exercise any of these rights, send an email to support@vaxilora.com with "Privacy Request" in the subject line. We'll verify your identity and respond within 30 days. If we can't fulfill your request for some reason, we'll explain why.
5. Data Security
Protecting your information is something we take seriously. We use industry-standard security measures, but we're also realistic—no system is 100% secure. Here's what we do to minimize risks:
- Encryption: All data transmitted between your browser and our servers uses TLS encryption
- Secure storage: Passwords are hashed using bcrypt, and sensitive data is encrypted at rest
- Access controls: Only authorized staff can access personal information, and access is logged
- Regular security audits: We conduct periodic security assessments and penetration testing
- Secure payment processing: We use PCI-DSS compliant payment processors
- Regular backups: Data is backed up daily with encrypted, geographically distributed storage
Despite our security measures, no internet transmission is completely secure. You play a role too—use a strong password, don't share your login credentials, and log out when using shared computers. If you suspect unauthorized access to your account, contact us immediately.
6. Data Retention
We don't keep your information forever. Here's how long we typically retain different types of data:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of account + 2 years | Service provision and legal compliance |
| Course progress and materials | Duration of account + 2 years | Educational continuity and support |
| Payment records | 7 years | Tax and accounting requirements |
| Support communications | 3 years | Service improvement and dispute resolution |
| Marketing preferences | Until you opt out or 5 years of inactivity | Respecting communication preferences |
| Website analytics | 26 months | Platform improvement and analysis |
After these periods, we securely delete or anonymize your information. If you close your account, we'll delete your personal data within 90 days, except for information we're legally required to retain.
7. International Data Transfers
Our servers are primarily located in Australia, but some of our service providers operate internationally. When we transfer data outside Australia, we ensure appropriate safeguards are in place, such as standard contractual clauses or Privacy Shield certification where applicable.
Most notably, our email service provider and cloud backup systems have servers in the United States and Europe. These providers are carefully selected based on their security practices and compliance with international privacy standards.
8. Children's Privacy
Our services are designed for adults in professional settings. We don't knowingly collect information from anyone under 18. If you're a parent and believe your child has provided us with personal information, contact us and we'll delete it promptly.
9. Changes to This Policy
We update this policy occasionally to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we'll notify you by email and post a notice on our website at least 30 days before the changes take effect.
The "Last Updated" date at the top of this page shows when we last revised the policy. We encourage you to review it periodically, especially before providing any new personal information.
10. Complaints and Concerns
If you have concerns about how we handle your personal information, we want to know. Contact our privacy team first—most issues can be resolved directly with us.
If you're not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Their contact details are available at oaic.gov.au.
Questions About Your Privacy?
We're here to help. Whether you want to exercise your privacy rights, have questions about this policy, or just want to understand something better, get in touch.