UniLoop
Legal · Privacy

Privacy Policy

How UniLoop Technologies collects, uses, protects and shares personal information — and why we deliberately hold as little of it as possible.

Effective: 1 July 2025Last updated: 1 July 2026UniLoop Technologies · ABN 32 607 301 459

01Overview

UniLoop Technologies (ABN 32 607 301 459) (“UniLoop”, “we”, “us”) builds a white-label suite of student-experience applications used by universities across the student lifecycle — from open days and orientation to community, mentoring and graduation. This Privacy Policy explains how we handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It covers our website and corporate activities, and describes the role we play when we process student information on behalf of a university client.

02Our privacy-first approach

We designed UniLoop so that the safest data is the data we never hold. Our architecture follows a deliberate “thin PII” posture:

  • The university remains the system of record. Identity and enrolment information live in the university’s systems; we read only what we need, when we need it, rather than bulk-copying it.
  • Pseudonymous by default. Inside UniLoop a person is represented by an opaque identifier. The small mapping between that identifier and a real person is encrypted and, in client-hosted deployments, kept entirely within the university’s own environment.
  • Collect the minimum. Each product requests only the attributes it genuinely needs — some, such as our Open Day app, can be used with just an email address or entirely anonymously.

The practical result is that, for most student data flowing through our products, the personal information we ourselves hold is minimal, short-lived, or non-identifying.

03Our role: controller and processor

Our obligations depend on the context in which we handle information:

  • When we act for a university (processor). For student personal information handled inside a university’s UniLoop products, the university is the controller and decides what is collected and why. UniLoop acts as a processor under a written Data Processing Agreement and handles that information only on the university’s documented instructions. Students should read their university’s own privacy notice for the full picture and direct access or correction requests to their university in the first instance.
  • When we act for ourselves (controller). For information about our website visitors, prospective clients, partners, suppliers and job applicants, UniLoop is the controller and this policy applies directly.

04Information we collect

Depending on how you interact with us, we may collect:

  • Contact and business details — name, work email, phone, organisation and role — when you enquire, request a demonstration, or enter into a contract with us.
  • Correspondence — the content of emails, support requests and messages you send us.
  • Website technical data — limited server logs and strictly-necessary cookie data needed to serve and secure the site. Our website runs no third-party advertising or analytics trackers (see our Cookies Policy).
  • Recruitment information — details you provide when applying for a role with us.

We generally collect personal information directly from you. Where we act as a processor, student information is provided to us by, or on the instructions of, the relevant university.

05How we use information

We use personal information to respond to enquiries and provide demonstrations; to deliver, support, secure and improve our products under our client contracts; to manage our relationships with clients, partners and suppliers; to meet our legal, contractual and security obligations; and to consider job applicants. We do not sell personal information, and we do not use student information for our own marketing.

06When we disclose information

We may disclose personal information to:

  • the relevant university client, for information we process on their behalf;
  • trusted service providers who help us run our business and infrastructure (for example, Australian-based cloud hosting), bound by confidentiality and data-protection terms and permitted to use it only to provide services to us; and
  • regulators, law enforcement or others where required or authorised by law.

We do not disclose personal information to third parties for their own marketing purposes.

07Storage, security & data residency

We host data in Australian regions by default. We apply layered safeguards including encryption of the sensitive identifier mapping, access controls, audit logging of access to identifying data, network isolation between clients, and testing aligned to recognised security practices. No system is perfectly secure, but we work continuously to protect information against loss, misuse and unauthorised access, in keeping with APP 11.

08Overseas disclosure

We aim to keep personal information in Australia. Where a limited class of data is handled outside Australia — for example, an international university partnership or a global support tool — we take reasonable steps to ensure the recipient handles it consistently with the APPs, and we will identify such arrangements in the relevant client agreement or notice.

09Retention & deletion

We keep personal information only as long as needed for the purpose it was collected, or as required by law or contract. Within our products, retention is configured per purpose and is deliberately short — for example, open-day data is purged after the event cycle and orientation data after the census period. We provide our university clients with self-service export and deletion tooling so records can be removed on request.

10Accessing & correcting your information

You may ask us for a copy of the personal information we hold about you, and to correct it if it is inaccurate (APPs 12 and 13). If your request relates to information we process on behalf of a university — such as your student records in a UniLoop product — please contact your university, as they control that information; we will support them in responding. We will respond within a reasonable period and will let you know if we are unable to act on a request, and why.

11Marketing & communications

Any marketing we send relates to our own products and is directed to business contacts. You can opt out at any time using the unsubscribe link or by contacting us, and we will stop. We do not use student data for marketing.

12Cookies

Our website uses only strictly-necessary cookies. We do not use advertising or third-party analytics cookies. Full details are in our Cookies Policy.

13Complaints & how to contact us

If you have a question, an access or correction request, or a concern about how we have handled personal information, contact our privacy team at privacy@uniloop.com.au. We take complaints seriously and will work with you to resolve them.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.

14Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal obligations. The current version is always published here with its effective date.