Privacy Policy

1. Introduction

LANTITE Practice ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services at lantite.com.au (the "Service").

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). By using our Service, you consent to the collection and use of your information as described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register and use our Service:

• Account Information: Email address, username, password (encrypted)
• Google Account Data: If you sign up via Google OAuth, we receive your name and email address from Google
• Payment Information: Processed securely through Stripe. We do not store your credit card details

2.2 Usage Data

We automatically collect information about how you use our Service:

• Progress Data: Questions answered, accuracy scores, XP points, level progression
• Learning Activity: Time spent on lessons, modules completed, quiz submissions
• LISA AI Interactions: Questions you ask our AI assistant (anonymized)
• Device Information: Browser type, operating system, device type
• Log Data: IP address, access times, pages viewed, referring URLs

2.3 Cookies and Tracking

We use cookies and similar tracking technologies:

• Essential Cookies: Session cookies for authentication (required for the Service to work)
• CSRF Tokens: Security tokens to prevent cross-site request forgery
• Google OAuth Cookies: For Google sign-in functionality
• Stripe Cookies: For secure payment processing

3. How We Use Your Information

We use your personal information for the following purposes:

• Provide the Service: Create and manage your account, deliver educational content
• Track Progress: Monitor your learning progress and personalize your experience
• Process Payments: Handle subscriptions, renewals, and refunds
• Communicate: Send transactional emails (password resets, subscription notifications)
• Improve Service: Analyze usage patterns to enhance features and content
• Customer Support: Respond to your inquiries and troubleshoot issues
• Security: Detect and prevent fraud, abuse, and technical issues
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with trusted third-party providers who help us operate the Service:

• Stripe: Payment processing (PCI DSS compliant) - they receive your payment details
• Google: OAuth authentication - they receive login requests
• Microsoft Azure: Cloud hosting (Australia region) - stores your data
• Azure Communication Services: Email delivery - receives your email address
• OpenAI: AI assistance (LISA) - receives anonymized question context, no personal identifiers

4.2 We Do NOT Share With

• Third-party advertisers or marketing companies
• Data brokers or analytics firms
• Other students or users (your progress is private)
• Social media platforms (except Google for OAuth)

4.3 Legal Disclosure

We may disclose your information if required by law, court order, or to protect our legal rights, prevent fraud, or ensure user safety.

5. Data Retention

We retain your information for the following periods:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Personal data deleted within 30 days (except as required by law)
• Payment Records: Retained for 7 years to comply with Australian tax laws
• Support Tickets: Retained for 2 years
• Anonymized Analytics: May be retained indefinitely for service improvement

6. Your Privacy Rights

Under Australian privacy law, you have the following rights:

6.1 Access Your Data

You can request a copy of the personal information we hold about you by using the Contact Support button on your profile page.

6.2 Correct Your Data

You can update your account information (email, username) directly from your profile page. If you believe any information is inaccurate, contact us to request corrections.

6.3 Delete Your Data

You can request deletion of your account and associated data by contacting us through the Contact Support button. Please note:

• Deletion is permanent and cannot be undone
• Some data may be retained as required by law (e.g., payment records)
• Anonymized data may be retained for analytics

6.4 Export Your Data

You can request an export of your personal data in a machine-readable format by contacting us through the Contact Support button.

6.5 Withdraw Consent

Where we rely on your consent to process your data, you can withdraw consent at any time. Note that withdrawing consent may affect your ability to use certain features of the Service.

7. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using SSL/TLS
• Encrypted Storage: Data stored on Azure servers with encryption at rest
• Secure Payments: Stripe handles all payment processing with PCI DSS Level 1 compliance
• Password Security: Passwords are hashed using industry-standard algorithms
• Access Controls: Limited employee access to personal data on a need-to-know basis
• Regular Audits: Periodic security reviews and updates

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use our Service or provide any personal information.

Users between 13-17 years old must have parental or guardian consent to use the Service. If we become aware that we have collected information from a child under 13 without parental consent, we will delete that information immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

• We will update the "Last Updated" date at the top of this page
• We will notify you via email or through a prominent notice on the Service
• Material changes will be announced at least 30 days before taking effect

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

10. Complaints and Contact

If you have concerns about how we handle your personal information, please contact us first using the Contact Support button on your profile page. We will investigate and respond to your complaint within a reasonable timeframe.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au