← Back to login

Privacy Policy

Covered by Callixo · Effective 17 March 2026 · Version 1.0

Executive Summary

Covered is an AI-native childcare management system (CCMS) designed to support Australian early childhood education (ECE) centres. Our system processes deeply sensitive personal information: children's details, educator credentials, medical records, court orders, and incident reports.

At Covered, privacy is not a feature — it is the foundation of our service.

1. Privacy Philosophy

Covered operates under these inviolable privacy principles:

  1. Client data is sacred. Information stored in our system belongs to educators, families, and children. We are custodians, not owners.
  2. Zero tolerance for exposure. Any compromise of personally identifiable information (PII) is a critical incident treated with SEV1 escalation.
  3. Privacy by design. Privacy architecture is built into every layer — database, API, authentication, compliance logic — not bolted on as an afterthought.
  4. Australian context. We operate under Australian Privacy Principles, the Privacy Act 1988 (Cth), and the Notifiable Data Breaches scheme. Our infrastructure is physically located in Australia (Sydney region).
  5. Minimalism. We collect and retain only what is necessary for childcare management and regulatory compliance.
  6. Transparency. Organisations using Covered know exactly what data we hold, how we protect it, who can access it, and how long we keep it.

2. Australian Privacy Principles (APPs) Compliance

Covered complies with all 13 Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Cth). Key highlights:

  • APP 1 — Transparency: This policy is publicly available. Organisations are required to share it with educators and families during enrolment.
  • APP 2 — Pseudonymity:External API calls use deterministic pseudonyms (e.g., "Educator 1", "Service A") rather than real identifiers.
  • APP 3 — Collection: Data collection is limited to fields necessary for childcare management and regulatory compliance.
  • APP 6 — Use & Disclosure: Data is used only for its primary purpose. Data is never sold or shared for marketing.
  • APP 8 — Security: TLS 1.3 in transit, AES-256-GCM field-level encryption at rest for critical PII, row-level security for multi-tenancy.
  • APP 10 — Access: Educators and families can view and correct their own data via self-service dashboards.
  • APP 12 — Subject Access: Individuals can request their data via privacy@coveredapp.com.au. Response within 30 days.

3. Data Security

  • Encryption in transit: TLS 1.3 for all data transmission
  • Encryption at rest: Field-level AES-256-GCM for critical PII (WWCC numbers, TFNs, medical records, court orders)
  • Database security: Row-Level Security (RLS) enforced at the database level for complete multi-tenancy isolation
  • PII redaction: All AI API calls go through a server-side redaction service with deterministic pseudonyms. Fail-closed: if redaction fails, the API call is blocked.
  • Infrastructure: All data hosted in Sydney, Australia. No sensitive data leaves Australian jurisdiction except via PII-redacted external API calls.
  • Access controls: Role-based access, session management with timeout, audit logging of all data access

4. External Service Providers

Covered shares limited data with the following providers:

  • Anthropic (Claude API): PII-redacted compliance data only (pseudonymised)
  • Stripe: Billing data (organisation name, email, payment method)
  • Resend: Email notifications (recipient email + sanitised content)
  • Twilio: SMS notifications (recipient phone + sanitised content)
  • Supabase: Database infrastructure (data residency within Australia)

5. Data Retention

  • Active records:Retained while the organisation's subscription is active
  • Educator records: 7 years after departure (regulatory requirement)
  • Children's records: 7 years after the child turns 25 (or until age 25, whichever is later)
  • Financial records: 7 years (ATO requirement)
  • Audit logs: Immutable, retained for the life of the organisation
  • Deleted data: Soft-deleted immediately, hard-deleted after retention period expires

6. Your Rights

As an individual whose data is stored in Covered, you have the right to:

  • Access your personal information
  • Request correction of inaccurate data
  • Request deletion of your data (subject to regulatory retention requirements)
  • Export your data in machine-readable format (CSV, JSON)
  • Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

7. Contact

For privacy inquiries, data access requests, or complaints:

Email: privacy@coveredapp.com.au

Company: Callixo Pty Ltd

Location: Australia

If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Covered by Callixo · Australian Childcare Compliance