Privacy Policy

CheckUnit is a platform for Australian university students to read and submit anonymous, verified reviews of their units. To make that work, we collect a small amount of information — primarily your university email address to confirm you're a real student. That's about it.

This policy is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It explains exactly what we collect, why we collect it, how long we keep it, and what rights you have over it. We wrote it to be read, not skipped. If something is unclear, email us at [email protected].

Interpretation and Definitions

Interpretation

Capitalised terms have specific meanings defined below. Those meanings apply whether the term appears in singular or plural form.

Definitions

For the purposes of this Privacy Policy:

• Company (referred to as either "the Company", "We", "Us" or "Our" in this Privacy Policy) refers to CheckUnit, [email protected].
• Country refers to Australia.
• Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.

• Personal Data (or "Personal Information") is any information that relates to an identified or identifiable individual.

  We use "Personal Data" and "Personal Information" interchangeably unless a law uses a specific term.

• Service refers to the Website.
• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• Website refers to CheckUnit, accessible from https://checkunit.au.
• You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with Your university email address (.edu.au) to verify Your status as a university student. Personally identifiable information We collect includes:

• Email address (including .edu.au university email addresses used for identity verification)

Email addresses collected for verification purposes are used to confirm Your identity as a university student and to link Your reviews internally for moderation and spam prevention. Reviews submitted through the Service are displayed without any association to Your email address. Please note that if You include personally identifiable information within the content of a review, that information will be visible to other users.

Review–Email Association

Reviews You submit are internally linked to Your verified email address for the purposes of spam prevention, moderation, and ensuring platform integrity. This association is retained for a moderation period of at most 30 days, after which the link between Your email address and Your reviews is permanently and irreversibly severed. You may request deletion of Your reviews at any time — including before the moderation period has elapsed (see "Delete Your Personal Data" below). After severance, We are unable to associate any review with any individual.

Usage Data

CheckUnit does not use cookies. We do not place any tracking or advertising cookies on your device. Our analytics are handled by a self-hosted instance of Umami, which is cookie-free and does not track you across sites.

Standard server-side usage data is collected automatically when you use the Service. This may include your IP address, browser type and version, the pages you visit, timestamps, and other diagnostic data used for security monitoring and service improvement.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service.
• To verify Your identity: to confirm Your status as a university student via Your .edu.au email address and a one-time verification code.
• To moderate content: to link reviews to verified email addresses internally for spam prevention and moderation purposes during the moderation period.
• To contact You: To contact You by email regarding updates or informative communications related to the Service, including security updates, when necessary or reasonable for their implementation.
• To manage Your requests: To attend and manage Your requests to Us.
• For business transfers: We may use Your Personal Data to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
• For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

We may share Your Personal Data in the following situations:

• With Service Providers: We may share Your Personal Data with Service Providers to monitor and analyze the use of our Service and to contact You. Our current Service Providers include Zoho Mail (for transactional emails) and self-hosted Umami (for anonymous, cookie-free website analytics).
• For business transfers: We may share or transfer Your Personal Data in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
• Anonymized review content: Reviews You submit are displayed publicly in anonymized form. Your email address and any other identifying information are never shown to other users.
• With Your consent: We may disclose Your Personal Data for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if We are required to retain Your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Where possible, We apply shorter retention periods and/or reduce identifiability by deleting, aggregating, or anonymizing data. Unless otherwise stated, the retention periods below are maximum periods ("up to") and We may delete or anonymize data sooner when it is no longer needed for the relevant purpose. We apply different retention periods to different categories of Personal Data based on the purpose of processing and legal obligations:

• Email Addresses
  • Verified email addresses: retained for the purposes of preventing duplicate registrations and ensuring platform integrity. You may request deletion at any time (see "Delete Your Personal Data" below).
• Review–Email Association
  • The internal link between Your email address and Your reviews is retained for at most 30 days, after which it is permanently and irreversibly severed. After severance, reviews cannot be traced back to any individual.
• Customer Support Data
  • Support tickets and correspondence: up to 24 months from the date of ticket closure to resolve follow-up inquiries, track service quality, and defend against potential legal claims.
• Usage Data
  • Website analytics data (anonymized usage data such as page views, referrers, and device type): up to 24 months from the date of collection, which allows us to analyze trends while respecting privacy principles.
  • Server logs (IP addresses, access times): up to 24 months for security monitoring and troubleshooting purposes.

Usage Data is retained in accordance with the retention periods described above, and may be retained longer only where necessary for security, fraud prevention, or legal compliance.

We may retain Personal Data beyond the periods stated above for different reasons:

• Legal obligation: We are required by law to retain specific data (e.g., financial records for tax authorities).
• Legal claims: Data is necessary to establish, exercise, or defend legal claims.
• Your explicit request: You ask Us to retain specific information.
• Technical limitations: Data exists in backup systems that are scheduled for routine deletion.

You may request information about how long We will retain Your Personal Data by contacting Us.

When retention periods expire, We securely delete or anonymize Personal Data according to the following procedures:

• Deletion: Personal Data is removed from Our systems and no longer actively processed.
• Backup retention: Residual copies may remain in encrypted backups for a limited period consistent with our backup retention schedule and are not restored except where necessary for security, disaster recovery, or legal compliance.
• Anonymization: In some cases, We convert Personal Data into anonymous data that cannot be linked back to You. This anonymized data may be retained indefinitely for research and analytics.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from Your jurisdiction.

Where required by applicable law, We will ensure that international transfers of Your Personal Data are subject to appropriate safeguards and supplementary measures where appropriate. The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

To request deletion of Your Personal Data, contact Us at [email protected]. You may choose one of the following options:

• Full deletion: Your email address and all associated reviews are permanently deleted from Our systems. The reviews will no longer appear on the platform.
• Anonymization: Your email address is permanently deleted and its link to Your reviews is irreversibly severed. Your reviews remain visible on the platform but can no longer be associated with any individual.

You may submit a deletion request at any time — including before the 30-day moderation period has elapsed, in which case We will delete the link and the associated reviews immediately. We will process all requests within 30 days. Please note that if the link between Your email and Your reviews has already been severed as part of Our standard moderation process, We may be unable to identify which reviews were Yours. In such cases, We will delete Your email address and confirm that no association to Your reviews exists.

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

Security of Your Personal Data

We take reasonable technical measures to protect your data. That said, no system connected to the internet is perfectly secure — we won't pretend otherwise. Our design minimises exposure by collecting little data and severing review–email links after moderation, so there is less sensitive data to protect in the first place.

Children's Privacy

CheckUnit is designed for university students. We require a valid .edu.au email address to submit a review, which in practice restricts access to enrolled university students. We do not knowingly collect information from anyone under the age of 18. If you believe a minor has submitted data through our platform, contact us at [email protected] and we will remove it promptly.

Links to Other Websites

Some pages on CheckUnit may link to external sites — university handbooks, faculty pages, and the like. We don't control those sites and aren't responsible for their privacy practices. Check their policies before sharing anything with them.

Changes to this Privacy Policy

If we make material changes to how we handle your data, we'll update the "Last updated" date at the top of this page and, where appropriate, post a notice on the site. We recommend checking back periodically. Continued use of CheckUnit after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

• By email: [email protected]
• By visiting this page on our website: https://checkunit.au/about#contact