PPeerPlacement Back to home

Privacy Policy

Last updated: 3 May 2026

This Privacy Policy describes how PeerPlacement (“PeerPlacement”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information when you or your organisation use the PeerPlacement platform (the “Service”). It is designed to comply with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (“APPs”), the EU General Data Protection Regulation (“GDPR”) where applicable, and the Personal Information Protection Law of the People’s Republic of China (“PIPL”) where applicable.

1. Who we are

PeerPlacement provides a software platform used by education consultancies, agents, institutions, and students to manage international student placements. References to “you” mean any individual whose personal information we process — including platform users (consultancy staff, agents) and student applicants whose data is uploaded to the platform.

2. Information we collect

2.1 Information you give us

  • Account and profile data: name, email, phone, role, employer, language preference.
  • Authentication data: hashed passwords (when applicable), MFA secrets, session tokens.
  • Student application data uploaded to the platform: identity documents, academic transcripts, English-test results, financial records, personal statements, references, visa documents.
  • Communications: messages exchanged within the platform, support requests, demo enquiries.
  • Billing data for paying customers (handled via our payment processor).

2.2 Information we collect automatically

  • Usage telemetry: pages visited, actions taken, feature usage, error events.
  • Device and connection data: IP address, browser type, operating system, timestamps.
  • Cookies and similar technologies for authentication and preference storage.

2.3 Information generated by the Service

  • AI-generated outputs: document authenticity scores, application drafts, fit scores.
  • Audit log entries: who did what, and when, on each record.

3. How we use information

  • To deliver, secure, and improve the Service.
  • To verify document authenticity and assess applications using AI models, in accordance with the customer’s configuration.
  • To communicate with users about their account, security alerts, and product changes.
  • To meet legal, regulatory, accounting, and audit obligations.
  • With your consent, to send marketing about features relevant to your role.

4. Legal bases (GDPR / PIPL)

Where required by law, we rely on the following bases: performance of a contract, compliance with a legal obligation, your consent (which you can withdraw at any time), and our legitimate interests in operating and securing the Service.

5. Sharing and disclosure

We do not sell personal information. We share information only as needed to operate the Service:

  • With your organisation and other authorised users within your tenant.
  • With educational institutions and government bodies to whom an application is submitted, at your direction.
  • With sub-processors who help us run the Service (hosting, email delivery, AI inference, payment processing). The current list is available in our Data Processing Agreement.
  • To comply with applicable law, lawful requests, or to protect rights, property, or safety.
  • In connection with a corporate transaction such as a merger or acquisition, subject to confidentiality obligations.

6. International transfers

We host customer data in the region selected by each tenant (Australia by default). Where data is transferred across borders — for example, to a sub-processor located outside your region — we use appropriate safeguards such as Standard Contractual Clauses, PIPL-compliant separate consent where applicable, and contractual data protection terms.

7. Security

We use AES-256 encryption at rest with per-tenant keys, TLS 1.3 in transit, field-level encryption for sensitive identifiers, role-based access controls with field-level permissions, and an immutable audit trail. See our Security overview for more detail.

8. Retention

We retain personal information for as long as needed to provide the Service and meet legal obligations. Customers can configure retention windows in their tenant settings. When data is deleted, we destroy it from primary storage; encrypted backups are retained for a limited period before they are overwritten.

9. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, port, or object to processing of your personal information; to withdraw consent; and to lodge a complaint with a supervisory authority (such as the Office of the Australian Information Commissioner). To exercise any of these rights, contact us at privacy@peerplacement.com.

10. Children

The Service is intended for business users handling student records. Where student data relates to a minor, the customer is responsible for obtaining any required parental or guardian consent before uploading that data.

11. Changes

We may update this Privacy Policy from time to time. Material changes will be notified via the Service or by email. The “Last updated” date at the top of this page reflects the latest revision.

12. Contact

Privacy enquiries: privacy@peerplacement.com
General legal: legal@peerplacement.com