Privacy policy
Last updated: 20 May 2026
MindMap Services respects your privacy. This policy explains how we handle personal information when you use our website, learning portal, tutoring programs, consulting services, and related enquiries. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) where they apply to us.
Who we are
MindMap Services (“we”, “us”, “our”) is a registered business in Australia that provides education, tutoring, consulting, and related professional services. For the purposes of the Privacy Act 1988 (Cth), we are the organisation responsible for the personal information described in this policy. You can contact us using the details at the end of this document.
Scope
This policy applies to personal information we collect through mindmapservices.com, our client portal, enrolment and payment flows, email and phone communications, live and online sessions, and in-person services where we provide them. It does not cover third-party websites linked from our site; those services have their own privacy policies.
What personal information we collect
The information we collect depends on how you interact with us. It may include: identity and contact details (name, email, phone, address); parent or carer details where a student account is linked; student profile information (such as first name, year level, school or program context, and learning goals); account credentials and role (parent, student, staff); session and scheduling information; homework submissions, feedback, grades, and messages within the portal; billing and payment records (processed via our payment providers—we do not store full card numbers); technical data (IP address, device/browser type, log-in times, and cookies necessary for security and authentication); and enquiry or consultation content you send us voluntarily.
How we collect information
We collect personal information directly from you (forms, enrolment, portal registration, email, phone, and sessions), from a parent or carer who creates or manages a student account, and automatically when you use our website or portal (for example, server logs and essential cookies). We may also receive limited information from schools or organisations where we deliver services under agreement, but only where permitted and relevant to delivery.
Why we collect, use, and disclose information
We collect and use personal information for purposes including: providing and administering tutoring, consulting, and related services; creating and managing portal accounts; scheduling lessons and communicating about programs; safeguarding students and meeting child-protection obligations; processing enrolments and payments; improving our materials, systems, and service quality; responding to enquiries and complaints; complying with law (including tax, record-keeping, and regulatory requirements); and sending service-related notices. We only use or disclose information for other purposes—with your consent, where you would reasonably expect it, or where required or authorised by law.
Direct marketing
We may send information about programs, events, or services by email or SMS where permitted. You can opt out at any time using the unsubscribe link in a message or by contacting us. We do not sell personal information to third parties for their marketing.
Disclosure to other parties
We may disclose personal information to: tutors, educators, and staff involved in delivering your program; IT, hosting, email, payment, and authentication providers who assist us under contract; professional advisers (such as lawyers or accountants) when necessary; regulators or law enforcement where required by law; and other parties you authorise (for example, a school co-ordinating a program). We require service providers that handle personal information on our behalf to protect it and use it only for the agreed purpose.
Overseas disclosure
Some of our technology providers may store or process data outside Australia (for example, cloud hosting). Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles the information in line with the APPs, including through contractual protections, unless an exception under the Privacy Act applies.
Cookies and similar technologies
We use cookies and similar technologies that are strictly necessary for sign-in, security, and basic site function. Optional analytics or marketing cookies, if used, will be described in a cookie notice and, where required, will rely on your consent. You can manage cookies through your browser settings, though some features may not work if essential cookies are disabled.
Security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Measures include access controls, encrypted connections (HTTPS), role-based portal permissions, and staff training on confidentiality and safeguarding. No online system is completely secure; please use a strong password and notify us promptly if you suspect unauthorised access to an account.
Data breaches
If we become aware of a data breach that is likely to result in serious harm, we will assess the incident and, where required under the Notifiable Data Breaches scheme, notify affected individuals and the Office of the Australian Information Commissioner (OAIC).
Retention
We retain personal information only for as long as needed for the purposes above, including legal, accounting, and safeguarding requirements. Educational records, session notes, and portal content are generally kept for the duration of the engagement and for a defined period afterwards to support continuity, disputes, and safeguarding—typically up to seven years for financial records where tax law applies, unless a longer period is required. We securely destroy or de-identify information when it is no longer needed.
Access and correction
Under APP 12 and APP 13, you may request access to the personal information we hold about you and ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond within a reasonable period (ordinarily within 30 days). We may need to verify your identity. In limited cases, law may permit us to refuse access—for example, where it would unreasonably affect another person’s privacy—and we will explain our reasons if that occurs.
Children and young people
Our services are often used by students under 18. A parent or carer account is usually the primary relationship for billing, notices, and consent. Student accounts are configured to collect only information needed for learning and safeguarding. We encourage parents and carers to review portal activity and contact us with any concerns about a young person’s use of our services.
Complaints
If you have a privacy complaint, contact us first at info@mindmapservices.com with sufficient detail for us to investigate. We will acknowledge your complaint and aim to resolve it promptly. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.
Changes to this policy
We may update this policy from time to time to reflect changes in our practices or the law. The “Last updated” date at the top of this page shows when it was last revised. Material changes will be highlighted on our website where appropriate.
Contact us
For privacy enquiries, access or correction requests, or complaints, email info@mindmapservices.com or use our contact form at mindmapservices.com/contact. We deliver services online across Australia. If you need this policy in another format, contact us and we will try to assist.