Privacy Policy

Last updated: December 6, 2024

1. Introduction

Katie ("we", "our", or "us") is committed to protecting the privacy of educators and the students they serve. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voice-first case management platform for special education teachers.

We understand the sensitive nature of student information and have designed our platform with privacy as a core principle, including compliance with Australian privacy laws including the Privacy Act 1988 (Cth) and the Health Records and Information Privacy Act 2002 (NSW).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Full name
  • School name (optional)
  • Authentication credentials via secure OAuth providers (Google) or magic link

2.2 Student Information

You may enter the following student information:

  • Student names (first name, last name, preferred name)
  • NSW Student ID (optional)
  • Disability category and NCCD adjustment level
  • Year level and class information

2.3 Voice Recordings and Case Notes

When you use our voice dictation feature:

  • Audio recordings are processed immediately and permanently deleted after transcription
  • We retain only the text transcript and extracted structured data
  • No audio files are stored long-term on our servers

2.4 Usage Data

We automatically collect:

  • Log data (IP address, browser type, access times)
  • Device information
  • Feature usage analytics (anonymized)

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain the Katie platform
  • Process voice recordings into structured case notes
  • Generate compliance reports for NCCD/NESA requirements
  • Improve our AI transcription and extraction accuracy
  • Send service-related communications
  • Ensure platform security and prevent fraud

4. Data Processing and AI Services

4.1 Transcription

Voice recordings are transcribed using Groq's Whisper API. Groq maintains a strict no-data-retention policy for API calls, meaning your audio is not stored or used for training after processing.

4.2 AI Extraction

Text analysis uses OpenRouter's API with privacy tokenization. Before any text is sent for analysis, student names are replaced with anonymous tokens (e.g., "STUDENT_A") to ensure no personally identifiable information leaves our secure environment.

5. Data Storage and Security

5.1 Data Sovereignty

All data is stored on servers located in Sydney, Australia (AWS ap-southeast-2 region) via our infrastructure provider Supabase. Your data never leaves Australian jurisdiction.

5.2 Security Measures

  • Encryption at rest using AES-256
  • Encryption in transit using TLS 1.2+
  • Row-level security ensuring teachers can only access their own data
  • Regular security audits and penetration testing
  • Secure authentication via industry-standard OAuth 2.0

5.3 Audio Retention

Zero audio retention: Audio files are deleted immediately after successful transcription. As a failsafe, any audio files are automatically purged within 7 days regardless of processing status.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share data only:

  • With service providers who assist in operating our platform (under strict confidentiality agreements)
  • To comply with legal obligations or valid legal process
  • To protect our rights, privacy, safety, or property
  • With your explicit consent

7. Your Rights

Under Australian privacy law, you have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

8. Data Retention

We retain your account and case note data for as long as your account is active. Upon account deletion, all associated data is permanently removed within 30 days. You may request earlier deletion by contacting us.

9. Children's Privacy

Katie is designed for use by educators, not students. We do not knowingly collect information directly from children. All student information is entered and managed by authorised educators as part of their professional duties.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of Katie after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@katieapp.au
Address: Sydney, NSW, Australia