Privacy Policy
Last updated: 2026-05-08
Hearth Homeschool ("Hearth", "we", "our", "us") is committed to protecting your family's privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
1. Who we are
Hearth Homeschool is operated by RS Software (ABN 99 159 631 004), Australia. Our registered contact for privacy matters is privacy@hearthhomeschool.com.au.
2. The data we collect
We collect only what we need to operate Hearth for you:
- Account data. Email address, hashed password, sign-in timestamps. Required to create and authenticate your account.
- Family profile. Country, state/territory, family approach (e.g. structured / interest-led), and any optional context you provide.
- Children's profiles. First name (or nickname), age, year level, learning interests, and optional notes you choose to record. This data is entered by you, the parent; Hearth does not collect it directly from your children.
- Activity logs. Text descriptions, photos, and voice recordings you upload to capture your child's homeschool activities.
- AI-derived metadata. Curriculum mappings, transcripts, and learning-area classifications produced by AI from the content you upload.
- Billing data. Stripe customer ID, subscription status, trial-end date. We do not store full card numbers; payments are processed by Stripe.
- Technical data. IP address, browser type, and basic usage signals (page loads, error events) for security and reliability.
3. How we use your data
- To provide the Service: authenticate sign-ins, save your logs, generate curriculum mappings, render dashboards.
- To process AI features: send the content you upload to our AI sub-processors (see §5) so we can map activities, transcribe voice, and produce reports.
- To bill you: pass your customer ID and subscription state to Stripe for payment processing.
- To communicate with you: send transactional emails (account confirmation, password reset, billing receipts) via Resend.
- To secure and improve the Service: detect abuse, debug errors, and prioritise improvements.
We do not sell your data, share it with advertisers, or use Your Content to train AI models.
Automated decision-making (ADM). Hearth uses AI (Anthropic Claude, OpenAI Whisper, Voyage AI) to interpret your activity descriptions and map them to curriculum descriptors. These suggestions are probabilistic and informational only — they do not make automatic decisions about your child's enrolment status, learning level, or registration compliance. You always control what is recorded, what is included in reports, and what is submitted to your registration body. You may opt out of AI-assisted features at any time in Settings → AI suggestions. We disclose this use of AI in line with the Australian Privacy Act 2024 amendments effective 10 December 2026.
4. Children's privacy
Hearth is built for parents to record their own children's homeschool activities. We do not market to children, do not knowingly collect data directly from children, and do not allow children to create their own accounts. The data you record about your children is treated with extra care:
- Stored in Australia (Supabase Sydney region,
ap-southeast-2). - Protected by row-level security so only you (and any co-parent you invite) can read it.
- Photos and voice recordings are stored in private storage buckets that require an authenticated request scoped to your family.
- Excluded from any third-party AI provider's training pipeline by contract.
If you are a child or under 18, please ask a parent or guardian to use Hearth on your behalf.
5. Sub-processors
We use the following service providers to operate Hearth. Each is bound to confidentiality and to handling your data only for the purposes we instruct.
| Provider | Purpose | Region |
|---|---|---|
| Supabase | Database, authentication, file storage | Sydney, Australia |
| Cloudflare | Web hosting, CDN, DDoS protection | Global (cached at the edge) |
| Stripe | Payment processing | United States (PCI-DSS Level 1) |
| Anthropic (Claude) | Activity-to-curriculum interpretation | United States |
| OpenAI (Whisper) | Voice-note transcription | United States |
| Voyage AI | Curriculum vector embeddings | United States |
| Resend | Transactional email delivery | United States |
6. International data transfers
Some of our sub-processors (Anthropic, OpenAI, Voyage AI, Stripe, Resend) are based in the United States. When we send data to them under APP 8.1, we take reasonable steps to ensure they handle your data consistently with the APPs — including contractual zero-retention and no-training commitments for AI providers, and PCI-DSS Level 1 certification for Stripe.
7. How long we keep your data
- Active account: for as long as your account exists.
- After you delete your account: we delete your data within 30 days, except records we are required by law to retain (e.g. tax records linked to billing — held for 7 years per Australian Taxation Office requirements).
- Backups: automated database backups are kept for 30 days; deleted data clears from backups in that window.
- Anonymised analytics: aggregate usage signals (no personally identifiable information) may be kept indefinitely.
8. Your rights
Under the Privacy Act, you have the right to:
- Access the personal information we hold about you. Most of it is visible in the app; for anything else, email privacy@hearthhomeschool.com.au.
- Correct inaccurate data. You can edit family and child profiles directly in the app, or contact us if you cannot.
- Delete your data by closing your account in Settings → Account → Delete account in the Hearth app, or from hearthhomeschool.com.au/delete-account on the web. Closure soft-deletes your account immediately and permanently deletes your data after a 30-day grace period — sign back in within that window to reverse the deletion. Active subscriptions are cancelled at deletion; if you are the owner of a multi-parent family, ownership transfers to your first co-parent before deletion.
- Withdraw consent for AI processing — you can stop using AI features at any time, although the core experience depends on them.
- Lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au) if you believe we have mishandled your data.
9. Security
We use TLS in transit, encryption at rest, row-level security to scope every database query to your family, and private storage buckets for photos and voice. We follow the principle of least privilege for our own staff access. No system is 100% secure — if we ever suffer a data breach that meets the threshold for harm under the Notifiable Data Breaches scheme, we will notify affected users and the OAIC promptly.
10. Cookies and tracking
Hearth uses minimal cookies — essentially what is required to keep you signed in (a Supabase auth session in localStorage and a Cloudflare bot-protection cookie). We do not use third-party advertising cookies, cross-site trackers, or behavioural ad networks. We may use Cloudflare Web Analytics, which is privacy-respecting and does not set tracking cookies or collect personal data.
11. Marketing communications
We only email you about your account (confirmations, billing, security). We do not send marketing emails without your explicit opt-in. If we add a newsletter in the future, you'll be able to opt out from any email.
12. Changes to this Policy
If we update this Policy, we'll change the "Last updated" date and, for material changes, notify you by email or in-app at least 14 days before the change takes effect.
13. Contact us
Privacy questions, access requests, complaints — email privacy@hearthhomeschool.com.au. We aim to respond within 30 days, as required by APP 12.