Cookie Notice

1.1 About this Notice

This Cookies & Similar Technologies Notice explains how Yuzee uses cookies and similar technologies when you use our website, web app, mobile app, dashboards, login pages, payment pages, chat features, offer tools and related services.

Yuzee is owned and operated by FRESH FUTURES AUSTRALIA PTY LTD (ABN 61 165 988 198), Queensland 4006, Australia.

We use cookies and similar technologies to help Yuzee work properly, keep accounts secure, support login, prevent fraud, deliver core features, support chat and notifications, process payments, diagnose technical issues and improve reliability.

When we say “Yuzee”, “we”, “us” or “our”, we mean FRESH FUTURES AUSTRALIA PTY LTD (ABN 61 165 988 198) and the Yuzee platform.

When we say “you” or “your”, we mean any person using Yuzee, including students, job seekers, career users, parents, guardians, institution users, company users, employer users, partner users and other visitors.

1.2 Why this Notice matters

Yuzee is an education, career, pathway, chat, offer and support platform.

Because Yuzee helps users explore study, work, skills, institutions, companies, offers and pathways, the platform needs certain technologies to operate safely and reliably.

Some technologies are essential. For example, we need them to let you log in, keep your account secure, prevent automated abuse and process payments.

Some technologies support features you choose to use, such as chat, messaging and push notifications.

Some technologies help us understand technical problems, such as crashes, bugs and app performance issues.

This Notice explains these technologies in a clear way so you can understand what is used, why it is used and what choices you have.

1.3 What this Notice covers

This Notice covers cookies and similar technologies used in connection with Yuzee, including:

• acookies;
• bbrowser local storage;
• cbrowser session storage;
• dIndexedDB;
• emobile app storage;
• fauthentication tokens;
• glogin session storage;
• hpush notification tokens;
• idevice or app identifiers;
• jcrash logs;
• kdiagnostics tools;
• lpayment-related storage;
• mchat and messaging storage; and
• nsimilar technologies that store or access information on your browser, device or app.

Not all of these technologies are technically “cookies”, but we explain them together because they can perform similar functions.

1.4 Where this Notice applies

This Notice applies when you use or interact with Yuzee through:

• athe Yuzee website;
• bthe Yuzee web app;
• cthe Yuzee mobile app;
• dYuzee login and authentication pages;
• eYuzee dashboards;
• fYuzee institution tools;
• gYuzee company and employer tools;
• hYuzee partner tools;
• iYuzee chat and messaging features;
• jYuzee Request Multiple Offers features;
• kYuzee offer tools;
• lYuzee payment pages;
• mYuzee support tools; and
• nany other Yuzee service that uses cookies or similar technologies.

1.5 Essential and optional technologies

Some technologies are essential for Yuzee to work.

Essential technologies are needed for things like login, account security, fraud prevention, payment processing and core platform operation. These cannot be switched off inside Yuzee because the platform may not work properly without them.

Other technologies may be optional.

Optional technologies may include analytics and diagnostics tools that help us find bugs, diagnose crashes and improve the platform. Where required or where Yuzee gives you a choice, you can accept, reject or manage optional technologies.

1.6 Our approach

Yuzee aims to be clear and practical about cookies and similar technologies.

We do not want this Notice to be confusing or alarming.

Our goal is to explain:

• awhat technologies we use;
• bwhy we use them;
• cwhich technologies are essential;
• dwhich technologies are optional;
• ewhich third-party providers may be involved;
• fwhat information may be stored or accessed;
• ghow you can manage your choices; and
• hwhere you can contact us with questions.

1.7 No advertising cookie use currently

Yuzee does not currently use advertising cookies or cross-site advertising trackers.

We do not currently use cookies to follow you across other websites for advertising.

If this changes in the future, we will update this Notice and provide choices where required.

1.8 Relationship with our Privacy Policy

Some information collected through cookies and similar technologies may be personal information if it identifies you or can reasonably identify you.

Yuzee handles personal information in accordance with our Privacy Policy.

This Notice should be read together with:

• aour Privacy Policy;
• bour Terms and Conditions;
• cany Collection Notice we provide;
• dany product-specific terms;
• eany payment terms; and
• fany privacy or consent settings available in Yuzee.

If you want to understand how Yuzee handles personal information generally, please read our Privacy Policy.

1.9 Updates to this Notice

We may update this Notice from time to time if our technologies, providers, services, app features, website features, payment tools, security tools, analytics tools, diagnostics tools or legal obligations change.

The “Last updated” date at the top of this Notice will show when it was last updated.

If we make important changes, we may notify you through the website, app, email, account notice or another reasonable method.

1.10 Contact

If you have questions about this Notice or how Yuzee uses cookies and similar technologies, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

Yuzee uses cookies and similar technologies to help the platform work safely and reliably.

Some of these technologies are essential. They help with login, account security, fraud prevention, payment processing and core platform operation.

Some technologies support features you choose to use, such as chat, messaging and push notifications.

Some technologies help us find and fix technical problems, such as crashes, errors and performance issues.

Yuzee does not currently use advertising cookies or cross-site advertising trackers.

2.1 Essential technologies

Essential technologies are always active because Yuzee needs them to operate.

They help us:

• alet you log in;
• bkeep you signed in;
• cprotect your account;
• dmanage secure sessions;
• eprevent fraud and automated abuse;
• fsupport payment processing;
• gkeep core platform features working; and
• hmaintain platform security.

You cannot switch off essential technologies inside Yuzee. If you block them through your browser or device settings, parts of Yuzee may not work properly.

2.2 Functional technologies

Functional technologies support useful features on Yuzee.

They may help us:

• adeliver chat messages;
• bsupport messaging features;
• csend push notifications if you allow them;
• dremember notification settings;
• esupport user-selected features;
• fmaintain app or browser feature state; and
• gimprove your experience when using the platform.

Some functional technologies only activate when you use or allow the relevant feature.

For example, if you decline browser or device notification permission, Yuzee will not send push notifications to that browser or device.

2.3 Analytics and diagnostics technologies

Analytics and diagnostics technologies help Yuzee understand and fix technical problems.

They may help us:

• aidentify app crashes;
• bdiagnose website errors;
• cunderstand performance issues;
• dinvestigate bugs;
• eimprove reliability;
• fsupport users when something goes wrong; and
• gimprove the overall Yuzee experience.

Where required or where Yuzee gives you a choice, you can choose whether to allow optional analytics and diagnostics technologies.

2.4 Session diagnostics

Yuzee may use session diagnostic tools to help understand how technical issues happen.

These tools may show technical information such as screens visited, clicks, taps, navigation steps, errors and network activity.

Yuzee does not use session diagnostics for advertising.

Yuzee aims to limit, mask or block sensitive information from diagnostic tools where possible.

Where session diagnostics are optional, you can manage your choice through Yuzee’s Privacy & Cookies settings.

2.5 Advertising technologies

Yuzee does not currently use advertising cookies or cross-site advertising trackers.

We do not currently use cookies to follow you across other websites for advertising.

If this changes in the future, we will update this Notice and provide choices where required.

2.6 Your choices

You can manage optional cookies and similar technologies where Yuzee provides a choice.

Depending on the platform and settings available, you may be able to:

• aaccept optional analytics and diagnostics;
• breject optional analytics and diagnostics;
• cmanage your preferences;
• ddisable browser notifications;
• echange app notification permissions;
• fclear cookies and local storage through your browser;
• gclear app storage through your device settings; and
• hcontact Yuzee with privacy questions.

Essential technologies cannot be switched off inside Yuzee because they are needed for the platform to work.

2.7 Our simple promise

Yuzee uses cookies and similar technologies to run the platform, protect accounts, support features, process payments, prevent abuse and improve reliability.

We aim to explain these technologies clearly, use them for appropriate purposes, and give you choices where required or where Yuzee provides optional settings.

3.1 Cookies

Cookies are small files stored by your browser when you visit a website.

Cookies can help a website remember information about your visit, browser, session or settings.

Yuzee may use cookies for purposes such as:

• alogin;
• bsession management;
• caccount security;
• dfraud prevention;
• epayment processing;
• fremembering certain settings;
• gsupporting website functionality; and
• hhelping the platform work correctly.

Some cookies are essential for Yuzee to work. Others may be optional depending on their purpose.

3.2 Local storage

Local storage is browser storage that allows a website or web app to store information on your device.

Unlike some cookies, local storage is not automatically sent with every browser request.

Yuzee may use local storage to support:

• alogin state;
• bauthentication tokens;
• cuser session information;
• dplatform settings;
• eapp state;
• fsecurity checks;
• gfeature preferences; and
• hother information needed for the web app to work.

Some local storage may remain on your device until you log out, clear your browser storage, or the information is replaced or removed by Yuzee.

3.3 Session storage

Session storage is temporary browser storage.

It is usually used to store information for the current browser tab or session.

Yuzee may use session storage for short-term purposes such as:

• alogin flow steps;
• btemporary app state;
• cform progress;
• dsecurity checks;
• enavigation state;
• fpayment flow support; and
• gother temporary platform functions.

Session storage is generally cleared when the relevant browser tab or session ends.

3.4 IndexedDB

IndexedDB is a browser database that can store structured information on your device.

Yuzee may use IndexedDB directly or through third-party services such as Firebase.

IndexedDB may be used to support:

• aauthentication state;
• bpush notification tokens;
• capp performance;
• doffline or cached functionality;
• efeature state;
• fmessaging or notification support; and
• gother technical platform functions.

IndexedDB helps some services work reliably in a browser environment.

3.5 Mobile app storage

If you use the Yuzee mobile app, Yuzee may use storage managed by your iOS or Android device.

Mobile app storage can support:

• alogin;
• bsecure authentication flows;
• capp settings;
• dpush notifications;
• emessaging;
• fcrash diagnostics;
• gapp performance;
• hsecurity checks; and
• iplatform reliability.

Mobile app storage is not the same as browser cookies, but it may perform a similar role inside the app.

You may be able to manage some app permissions or clear app data through your device settings.

3.6 Authentication tokens

Authentication tokens help Yuzee confirm that you are logged in and authorised to access your account.

Yuzee may use authentication tokens to:

• akeep you signed in;
• bprotect your account;
• cauthorise secure API requests;
• dprevent unauthorised access;
• emanage login sessions;
• fsupport logout;
• gsupport account security; and
• hconnect your session to the correct Yuzee account.

Authentication tokens are essential for secure platform access.

If authentication tokens are blocked, deleted or expired, you may be signed out or asked to log in again.

3.7 Push notification tokens

If you allow push notifications, Yuzee may create or use a push notification token for your browser or device.

A push notification token helps Yuzee send notifications to the correct browser or device.

Push notifications may be used for:

• aaccount alerts;
• bmessage alerts;
• coffer updates;
• dRMO updates;
• ereminder notifications;
• fsupport updates;
• gsecurity alerts; and
• hother platform-related notifications.

If you decline browser or device notification permission, Yuzee will not send push notifications to that browser or device.

You can usually change notification permissions through your browser, device settings or Yuzee account settings where available.

3.8 Chat and messaging storage

Yuzee may use chat and messaging technologies to deliver messages, support conversations and keep chat features working.

These technologies may store technical information such as:

• asession state;
• bmessage delivery state;
• cuser or channel identifiers;
• dnotification state;
• edevice or browser state;
• fchat feature settings; and
• gother information needed for messaging to work.

If chat or messaging storage is blocked, chat features may not work properly.

3.9 Payment-related technologies

When you use payment features, Yuzee or its payment providers may use cookies or similar technologies to support secure payment processing.

Payment-related technologies may help with:

• apayment security;
• bfraud prevention;
• ccard tokenisation;
• dpayment session management;
• etransaction verification;
• freceipts;
• gpayment support; and
• hdispute or refund support.

Payment-related technologies are generally required to complete payment-related actions.

3.10 Diagnostics technologies

Yuzee may use diagnostics technologies to understand technical issues and improve reliability.

Diagnostics technologies may include:

• aerror reports;
• bcrash logs;
• capp version information;
• dbrowser information;
• edevice information;
• foperating system information;
• gtechnical event logs;
• hnetwork error information;
• isession diagnostics; and
• jother technical information needed to find and fix problems.

Where diagnostics technologies are optional, you can manage your choice through Yuzee’s Privacy & Cookies settings where available.

3.11 Session diagnostics and recordings

Yuzee may use session diagnostics to help understand how technical issues occur.

Session diagnostics may show technical information such as:

• ascreens or pages visited;
• bclicks or taps;
• cnavigation steps;
• derror context;
• enetwork activity;
• fapp behaviour; and
• gtechnical events.

Yuzee does not use session diagnostics for advertising.

Yuzee aims to limit, mask or block sensitive information from diagnostic tools where possible.

If session diagnostics are optional, you can opt out through Yuzee’s Privacy & Cookies settings where available.

3.12 Similar technologies

Yuzee may use other technologies that perform similar functions to cookies, local storage, session storage, IndexedDB or mobile app storage.

These may include technologies used by browsers, mobile operating systems, app frameworks, payment providers, messaging providers, security providers, analytics providers or diagnostics providers.

We use the phrase “cookies and similar technologies” in this Notice so users can understand the full range of technologies that may store, access or recognise information on a browser, device or app.

3.13 Why we explain these technologies together

Not every technology described in this Notice is technically a cookie.

However, many of them can help Yuzee recognise a session, remember settings, support features, protect accounts, process payments, deliver notifications or diagnose technical problems.

For that reason, this Notice explains cookies and similar technologies together in one place.

4.1 What “essential technologies” means

Essential technologies are cookies and similar technologies that Yuzee needs to operate safely and correctly.

These technologies are required for core platform functions such as:

• alogin;
• bauthentication;
• caccount security;
• dsecure session management;
• efraud and bot prevention;
• fpayment processing;
• gsecure API access;
• haccount access;
• ilogout;
• jpreventing unauthorised access; and
• kkeeping the platform available and reliable.

Essential technologies are always active when needed.

You cannot switch off essential technologies inside Yuzee because the platform may not work properly without them.

4.2 Login and authentication

Yuzee uses authentication technologies to let you log in and access your account securely.

Yuzee may use authentication services such as:

• aKeycloak;
• bFirebase Authentication;
• cYuzee’s own authentication systems; and
• drelated login and session services.

These services may use cookies, local storage, session storage, IndexedDB, mobile app storage or authentication tokens to confirm that you are logged in and authorised to access your account.

4.3 Keycloak authentication

Yuzee uses Keycloak to support login, single sign-on and session management.

When you log in, Keycloak may set secure session cookies on Yuzee’s authentication domain.

These cookies help Yuzee:

• amanage your login session;
• bkeep you signed in across pages;
• cidentify your active authentication session;
• drestore interrupted login flows;
• esupport secure logout;
• freduce unauthorised access risk; and
• gmaintain account security.

If these cookies are blocked or deleted, you may not be able to log in or stay signed in.

4.4 Yuzee authentication tokens

During and after login, Yuzee may store authentication tokens or login-state information in your browser or mobile app.

These may include access tokens, refresh tokens, ID tokens or other secure session information.

Yuzee uses these tokens to:

• aconfirm your identity;
• bauthorise secure API requests;
• cconnect your browser or app session to your Yuzee account;
• dkeep you signed in;
• erefresh your session without requiring repeated login;
• fapply the correct account permissions;
• gprotect account access; and
• hsupport logout and session expiry.

Authentication tokens are essential for secure platform access.

If they are blocked, cleared or expired, you may be signed out or asked to log in again.

4.5 Firebase Authentication

Yuzee may use Firebase Authentication to support secure login and account-related services.

Firebase Authentication may store authentication state in your browser or app, including through IndexedDB or app storage.

Yuzee may use Firebase Authentication to:

• asupport secure user authentication;
• bmaintain account session state;
• csupport push notification binding where relevant;
• dconnect a logged-in account with platform features;
• esupport secure app functionality; and
• fmaintain platform reliability.

This authentication storage is essential where it is needed for login, account access or secure platform operation.

4.6 Account security and session protection

Yuzee uses essential technologies to protect accounts and sessions.

These technologies may help Yuzee:

• aconfirm that a session is valid;
• bprevent unauthorised account access;
• creduce account takeover risk;
• dprotect profile access;
• eprotect messages and offer information;
• fprotect documents;
• gmanage account permissions;
• hdetect suspicious login activity;
• isupport secure logout;
• jexpire sessions where appropriate; and
• kmaintain platform security.

Blocking or deleting these technologies may reduce security or prevent Yuzee from working correctly.

4.7 Fraud and bot prevention

Yuzee may use Google reCAPTCHA or similar technologies to help detect bots, automated abuse, suspicious registrations and fraudulent activity.

These technologies may be used on:

• aregistration forms;
• baccount creation forms;
• clogin flows;
• dpassword reset flows;
• esecurity checks;
• fpayment-related checks; and
• gother areas where abuse prevention is needed.

Google reCAPTCHA or similar services may load third-party scripts and may set or access cookies or similar storage.

These technologies are essential where they are used for security, fraud prevention or bot prevention.

If they are blocked, some forms or security checks may not work.

4.8 Payment processing

When you make a payment through Yuzee, payment providers such as Stripe may use cookies or similar technologies to process the payment securely.

Payment technologies may support:

• apayment session management;
• bfraud detection;
• cpayment security;
• dcard tokenisation;
• etransaction verification;
• freceipt support;
• grefund support;
• hdispute support; and
• icompliance with payment-provider requirements.

Payment technologies are essential when you use payment features.

If payment-related technologies are blocked, payments may not work or may not be secure.

4.9 Payment technologies should be limited to payment use

Yuzee aims to use payment-related technologies only where they are needed for payment-related features.

For example, payment-provider scripts should generally load on payment screens or payment-related workflows rather than across unrelated parts of the platform.

Yuzee may update this Notice if payment providers, payment tools or payment processing practices change.

4.10 Core platform operation

Yuzee may use essential storage or similar technologies to keep the platform operating correctly.

These technologies may support:

• aapp loading;
• bsecure navigation;
• clogin flow state;
• daccount state;
• euser permissions;
• fsecure API calls;
• gsecurity checks;
• hplatform stability;
• ierror prevention;
• jlogout;
• ksession expiry; and
• lbasic platform reliability.

These technologies are required for Yuzee to provide the service users request.

4.11 Essential technologies cannot be disabled inside Yuzee

Essential technologies cannot be switched off inside Yuzee because they are needed for the platform to work.

If you block essential technologies through your browser, device or network settings, you may not be able to:

• alog in;
• bstay signed in;
• ccreate an account;
• daccess your account;
• euse secure platform features;
• fcomplete security checks;
• gcomplete payments;
• haccess protected content;
• iuse some app features;
• jreceive required account notices; or
• kuse Yuzee properly.

4.12 Clearing essential storage

You can usually clear cookies, local storage, session storage, IndexedDB or app storage through your browser or device settings.

If you do this, Yuzee may not remember your session or settings.

Clearing essential storage may:

• asign you out;
• bremove login state;
• cremove authentication tokens;
• dinterrupt payment flows;
• einterrupt registration flows;
• frequire you to complete security checks again;
• grequire you to log in again; or
• hprevent some features from working until the required storage is recreated.

4.13 Essential technologies and personal information

Some essential technologies may involve information that identifies you or can reasonably identify you when linked with your Yuzee account.

This may include authentication identifiers, session identifiers, account identifiers, device or browser information, security logs or payment-related technical information.

Yuzee handles personal information in accordance with its Privacy Policy.

4.14 Third-party essential providers

Yuzee may use third-party providers for essential technologies.

These may include:

• aKeycloak for authentication and session management;
• bFirebase Authentication for authentication support;
• cGoogle reCAPTCHA for fraud and bot prevention;
• dStripe for payment processing; and
• eother service providers that support secure platform operation.

These providers may process information in accordance with their own privacy notices and service terms.

4.15 Changes to essential technologies

Yuzee may update, replace or add essential technologies as the platform changes.

This may happen if Yuzee changes:

• aauthentication systems;
• bsecurity systems;
• cpayment providers;
• dfraud prevention tools;
• eapp infrastructure;
• faccount protection tools;
• glogin flows;
• happ features;
• ilegal requirements; or
• jsecurity requirements.

If the change is important, Yuzee may update this Notice and notify users where appropriate.

5.1 What functional technologies are

Functional technologies help Yuzee provide features that improve your experience or support features you choose to use.

These technologies may support:

• achat;
• bmessaging;
• cpush notifications;
• dnotification preferences;
• eapp preferences;
• fuser-selected features;
• gfeature settings;
• hmessage delivery;
• imessage status;
• jactivity feeds;
• kin-app alerts;
• ldevice or browser preferences; and
• mother platform features.

Some functional technologies are only used when you use or allow the relevant feature.

For example, if you allow push notifications, Yuzee may use push notification technologies to send notifications to your browser or device.

5.2 Chat and messaging

Yuzee may use chat and messaging technologies to support conversations between users, institutions, companies, employers, partners, counsellors, advisors and Yuzee support.

These technologies may be used to:

• asend messages;
• breceive messages;
• cdisplay chat threads;
• dshow message history;
• esupport message delivery;
• fsupport message status;
• gsupport unread message counts;
• hsupport attachments where available;
• isupport activity feeds where available;
• jsupport notifications about new messages;
• ksupport chat moderation and safety features;
• lsupport user support; and
• mkeep chat features working reliably.

Yuzee may use third-party providers such as GetStream.io, QuickBlox or other messaging providers to provide these features.

5.3 Chat and messaging storage

Chat and messaging features may use cookies or similar technologies to store or access technical information.

This may include:

• asession state;
• bchat user identifiers;
• cchannel identifiers;
• dmessage delivery status;
• eunread message status;
• fnotification state;
• gconnection state;
• hdevice or browser state;
• iapp feature state;
• jauthentication state for chat services;
• kmessage-related metadata; and
• lother technical information needed to provide messaging features.

This storage helps Yuzee deliver chat and messaging features correctly.

5.4 Push notifications

Yuzee may use push notification technologies to send notifications to your browser or device if you allow them.

Push notifications may be used for:

• aaccount alerts;
• bsecurity alerts;
• cnew message alerts;
• doffer updates;
• eRMO updates;
• fapplication updates;
• ginterview reminders;
• hcourse or job reminders;
• isupport updates;
• jpayment or subscription alerts;
• kimportant platform notices; and
• lother Yuzee-related notifications.

Yuzee may use Firebase Cloud Messaging or similar providers to support push notifications.

5.5 Push notification tokens

If you allow push notifications, Yuzee may create or use a push notification token for your browser or device.

A push notification token helps Yuzee send notifications to the correct browser, device or app installation.

Push notification tokens may be refreshed, replaced or removed over time.

If you reinstall the app, change device, clear app data, change browser settings or revoke notification permission, a push notification token may stop working or may need to be replaced.

5.6 Notification permission

Push notifications require permission from your browser, device or operating system.

If you decline notification permission, Yuzee will not send push notifications to that browser or device.

You can usually manage notification permissions through:

• ayour browser settings;
• byour iOS settings;
• cyour Android settings;
• dyour device settings;
• eYuzee app settings, where available; or
• fYuzee account settings, where available.

If notification permission is disabled, some alerts may not appear as push notifications, but you may still receive important service messages through other channels where permitted.

5.7 Notification preferences

Yuzee may allow you to manage notification preferences.

Notification preferences may relate to:

• amessage alerts;
• boffer updates;
• cRMO updates;
• dcourse reminders;
• ejob reminders;
• fapplication reminders;
• gaccount alerts;
• hsupport updates;
• imarketing preferences;
• jpush notifications;
• kemail notifications;
• lSMS notifications; and
• mother communication settings.

Yuzee may use cookies or similar technologies to remember your preferences.

Some important service, legal, security, account, payment or safety messages may still be sent even if you turn off optional notifications.

5.8 User-selected features

Some technologies are used only when you choose or use a particular feature.

For example, functional technologies may activate when you:

• ause chat;
• bopen a message thread;
• callow push notifications;
• dupdate notification settings;
• eupload or view attachments;
• fuse an activity feed;
• guse an institution dashboard;
• huse a company or employer dashboard;
• iuse an offer workflow;
• juse RMO features;
• kuse account preferences;
• luse app settings; or
• muse other selected platform features.

If you do not use a feature, the related functional technology may not be active or may collect less information.

5.9 App and feature state

Yuzee may use cookies or similar technologies to remember app and feature state.

This may include information such as:

• awhether you are logged in;
• bwhich feature you are using;
• cwhether a notification has been shown;
• dwhether a banner has been dismissed;
• ewhether a setting has been saved;
• fwhether a message thread has been opened;
• gwhether a feature tutorial has been completed;
• hdevice or browser preferences;
• iapp display preferences;
• jlanguage or region settings where available;
• kfeature flags; and
• lother information needed to make the platform work smoothly.

5.10 Functional technologies and personal information

Some functional technologies may involve personal information if the information identifies you or can reasonably identify you.

For example, chat identifiers, message metadata, notification tokens, account identifiers, device identifiers or feature settings may be linked to your Yuzee account.

Yuzee handles personal information in accordance with its Privacy Policy.

5.11 Impact if functional technologies are disabled

If you block or disable functional technologies, some Yuzee features may not work properly.

This may affect:

• achat;
• bmessage delivery;
• cmessage status;
• dunread message counts;
• epush notifications;
• fnotification preferences;
• gaccount preferences;
• happ settings;
• ifeature settings;
• jactivity feeds;
• ksupport features;
• ldashboard features; and
• mother user-selected features.

Yuzee may still work for basic access, but some features may be limited, unavailable or less reliable.

5.12 Third-party functional providers

Yuzee may use third-party providers to support functional technologies.

These providers may include:

• aGetStream.io for chat, messaging or activity features;
• bQuickBlox for messaging, notifications or related communication features;
• cFirebase Cloud Messaging for push notifications; and
• dother providers that support platform functionality.

These providers may process technical information needed to deliver the relevant feature.

Third-party providers may process information in accordance with their own privacy notices and service terms.

5.13 Changes to functional technologies

Yuzee may update, replace, add or remove functional technologies as the platform changes.

This may happen if Yuzee changes:

• achat providers;
• bmessaging providers;
• cpush notification providers;
• dnotification settings;
• edashboard features;
• fmobile app features;
• gwebsite features;
• hRMO features;
• ioffer features;
• juser settings;
• ksupport features; or
• lplatform infrastructure.

If the change is important, Yuzee may update this Notice and notify users where appropriate.

6.1 What analytics and diagnostics technologies are

Analytics and diagnostics technologies help Yuzee understand and fix technical problems.

Yuzee may use these technologies to:

• aidentify app crashes;
• bidentify website errors;
• cdiagnose technical issues;
• dunderstand app stability;
• eunderstand platform reliability;
• finvestigate bugs;
• gimprove performance;
• hsupport users when something goes wrong;
• iunderstand whether a feature is working correctly;
• jmonitor technical health;
• kprevent repeated technical failures; and
• limprove the Yuzee experience.

These technologies are used to help operate and improve Yuzee.

They are not used to sell advertising data.

6.2 When analytics and diagnostics may be used

Yuzee may use analytics and diagnostics technologies when you use:

• athe Yuzee website;
• bthe Yuzee web app;
• cthe Yuzee mobile app;
• dlogin features;
• eaccount features;
• fchat features;
• gmessaging features;
• hoffer features;
• iRequest Multiple Offers features;
• jinstitution dashboards;
• kcompany or employer dashboards;
• lpayment-related features;
• msupport features; and
• nother Yuzee platform features.

Analytics and diagnostics may be used differently depending on whether you are using the website, web app, mobile app or a specific platform feature.

6.3 Error monitoring

Yuzee may use error monitoring tools to detect and understand technical problems.

Error monitoring may help us understand:

• awhere an error happened;
• bwhen an error happened;
• cwhat app or website version was affected;
• dwhat device, browser or operating system was involved;
• ewhether the issue affected one user or many users;
• fwhether the issue affected a specific feature;
• gwhat technical steps happened before the error;
• hwhether an API or network request failed;
• iwhether a page or screen failed to load; and
• jhow Yuzee can fix the issue.

Yuzee may use providers such as Rollbar or similar tools for error monitoring.

6.4 Mobile crash reporting

If you use the Yuzee mobile app, Yuzee may use crash reporting tools to understand app crashes and stability issues.

Yuzee may use Firebase Crashlytics or similar tools on iOS and Android.

Crash reporting may collect technical information such as:

• adevice type;
• boperating system;
• capp version;
• dcrash time;
• estack trace;
• ferror logs;
• gcrash event details;
• hdevice state at the time of the crash;
• itechnical breadcrumbs leading to the crash; and
• jother technical information needed to understand the crash.

Crash reporting helps Yuzee identify, prioritise and fix mobile app stability problems.

6.5 Session diagnostics overview

Yuzee may use session diagnostics to help understand how technical issues happen.

Session diagnostics may show technical information such as:

• ascreens or pages visited;
• bclicks or taps;
• cnavigation steps;
• dtechnical events;
• eerror context;
• fnetwork activity;
• gapp behaviour;
• hbrowser behaviour; and
• iplatform performance issues.

Session diagnostics can be more sensitive than ordinary crash logs because they may show how a user moved through the app or website.

Yuzee explains session diagnostics and session replay in more detail in the next section of this Notice.

6.6 What analytics and diagnostics may collect

Analytics and diagnostics technologies may collect technical information such as:

• adevice type;
• bbrowser type;
• coperating system;
• dapp version;
• ewebsite version;
• fscreen or page name;
• gfeature area;
• htime and date;
• ierror messages;
• jstack traces;
• kcrash logs;
• ltechnical event logs;
• mnetwork error information;
• nperformance information;
• osession identifiers;
• pdiagnostic identifiers;
• qplatform environment;
• ruser account identifier where needed for support; and
• sother technical information needed to diagnose and fix problems.

Some diagnostic information may be linked to your Yuzee account if needed to provide support, investigate an issue or understand a technical problem.

6.7 Sensitive information and diagnostics

Yuzee does not use diagnostics technologies for the purpose of collecting sensitive personal information.

However, because Yuzee is an education, career, chat, offer and pathway platform, some screens or technical events may involve information that is personal or sensitive.

Sensitive information may include:

• apasswords;
• bpayment card details;
• cidentity documents;
• duploaded documents;
• ehealth information;
• fdisability information;
• gfinancial hardship information;
• hvisa or work-rights information;
• idetailed profile information;
• jeducation history;
• kcareer history;
• lchat content;
• mRMO records;
• noffer records;
• oapplication information; and
• pother personal information.

Yuzee aims to limit, mask or block sensitive information from analytics and diagnostics tools where possible.

6.8 Masking, blocking and minimisation

Yuzee may use safeguards to reduce the amount of personal information captured by analytics and diagnostics technologies.

These safeguards may include:

• amasking fields;
• bblocking sensitive screens;
• cblocking sensitive containers;
• dremoving unnecessary user details;
• elimiting what information is sent to providers;
• fanonymising or limiting IP address capture where possible;
• glimiting access to diagnostic records;
• husing diagnostic data only for approved purposes;
• ilimiting retention periods;
• jlowering diagnostic sampling rates;
• kdisabling diagnostic recording where appropriate; and
• lreviewing diagnostics settings from time to time.

Yuzee aims to avoid collecting more diagnostic information than is reasonably needed to identify and fix technical problems.

6.9 User choices for analytics and diagnostics

Where required or where Yuzee provides a choice, analytics and diagnostics technologies are optional.

You may be able to:

• aaccept analytics and diagnostics;
• breject analytics and diagnostics;
• cmanage your analytics and diagnostics preferences;
• dchange your choice later through Privacy & Cookies settings;
• edisable some app permissions through your device settings;
• fclear browser storage; or
• gcontact Yuzee with privacy questions.

If you reject optional analytics and diagnostics, some crash reports, error reports or session diagnostic information may not be sent to Yuzee.

This may make it harder for Yuzee to identify and fix problems affecting your experience.

6.10 Rollbar

Yuzee may use Rollbar or similar tools for error monitoring, crash diagnostics and technical issue investigation.

Rollbar may help Yuzee:

• adetect errors;
• bunderstand where errors happen;
• cgroup similar errors;
• dinvestigate technical issues;
• eidentify affected app or website versions;
• funderstand technical events leading to an error;
• gsupport debugging;
• hsupport user support; and
• iimprove platform reliability.

Where Rollbar is used for optional analytics or diagnostics, Yuzee aims to provide notice and choices where required.

6.11 Firebase Crashlytics

Yuzee may use Firebase Crashlytics or similar tools in the mobile app to understand crashes and stability issues.

Firebase Crashlytics may help Yuzee:

• aidentify crashes;
• bunderstand crash frequency;
• cunderstand affected app versions;
• didentify device or operating system issues;
• eunderstand stack traces;
• fprioritise fixes;
• gimprove app stability; and
• hsupport technical troubleshooting.

Crashlytics information is used for technical reliability and app improvement.

6.12 Tools not currently used

Yuzee does not currently use all analytics tools that may appear in code, planning documents or old service files.

Based on Yuzee’s current review, the following tools are not currently active:

• aFirebase Analytics;
• bMicrosoft Clarity;
• cPostHog;
• dFirebase Performance Monitoring; and
• eFirebase Remote Config.

If Yuzee activates any new analytics, diagnostics, heatmap, session recording or performance monitoring tool in the future, Yuzee will update this Notice and provide choices where required.

6.13 No advertising purpose

Yuzee does not use analytics and diagnostics technologies to sell advertising data.

Yuzee does not currently use advertising cookies or cross-site advertising trackers.

Analytics and diagnostics technologies are used to help Yuzee operate, protect and improve the platform.

6.14 Access to diagnostics data

Yuzee may allow authorised personnel or service providers to access analytics and diagnostics data where needed.

This may include access for:

• aengineering;
• bproduct support;
• ctechnical support;
• dsecurity review;
• eprivacy review;
• fincident response;
• gbug fixing;
• hplatform reliability;
• icomplaint review; and
• jlegal or compliance purposes where required.

Access should be limited to people who need it for an authorised purpose.

6.15 Retention of diagnostics data

Yuzee aims to keep analytics and diagnostics data only for as long as reasonably needed for the purpose for which it was collected.

Retention may depend on:

• athe type of diagnostic data;
• bthe provider used;
• caccount settings;
• dlegal requirements;
• esupport needs;
• fsecurity needs;
• gincident response needs;
• hproduct reliability needs; and
• idispute or complaint needs.

Some provider-specific retention periods may need to be confirmed in the relevant provider account settings.

6.16 Changes to analytics and diagnostics technologies

Yuzee may update, replace, add or remove analytics and diagnostics technologies as the platform changes.

This may happen if Yuzee changes:

• aerror monitoring tools;
• bcrash reporting tools;
• csession diagnostic tools;
• dapp monitoring tools;
• ewebsite monitoring tools;
• fperformance tools;
• gsupport workflows;
• htechnical infrastructure;
• iprivacy settings;
• jconsent settings;
• klegal requirements; or
• lsecurity requirements.

If the change is important, Yuzee may update this Notice and notify users where appropriate.

6.17 Contact about analytics and diagnostics

If you have questions about analytics and diagnostics technologies, or if you want to ask how Yuzee handles diagnostic information, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

7.1 What session replay is

Yuzee may use session replay or session diagnostic tools to help understand technical issues that happen on the website, web app or mobile app.

Session replay is a diagnostic tool that can show how a user moved through a website or app before, during or after a technical issue.

It may help Yuzee understand what happened when something did not work as expected.

Session replay is different from ordinary crash reporting because it may show interaction information such as navigation, clicks, taps, page changes and technical events.

7.2 Why Yuzee may use session replay

Yuzee may use session replay or session diagnostics to:

• afind bugs;
• bdiagnose technical problems;
• cunderstand app crashes;
• dunderstand website errors;
• einvestigate broken features;
• fimprove platform reliability;
• gsupport users when something goes wrong;
• hunderstand whether an issue affects one user or many users;
• iimprove app and website performance;
• jtest whether important workflows are working correctly; and
• kimprove the Yuzee experience.

Yuzee does not use session replay for advertising.

Yuzee does not use session replay to sell advertising data.

7.3 What session replay may capture

Where session replay or session diagnostics are enabled, they may capture technical interaction information such as:

• ascreens or pages visited;
• bbuttons clicked;
• ctaps;
• dnavigation steps;
• escrolling;
• fscreen changes;
• gtechnical events;
• herror context;
• inetwork activity;
• japp behaviour;
• kbrowser behaviour;
• ldevice or browser information;
• mtiming information;
• napp version;
• owebsite version; and
• pother technical information needed to understand the issue.

Session replay may be linked to an error report or diagnostic event so Yuzee can understand what happened before the issue occurred.

7.4 What session replay is not used for

Yuzee does not use session replay to:

• ashow advertising;
• bsell advertising data;
• cfollow users across unrelated websites;
• dcreate advertising profiles;
• emonitor users for non-technical reasons;
• fmake final decisions about offers, applications, courses or jobs;
• gassess user suitability for opportunities;
• hreplace human support;
• icollect passwords intentionally;
• jcollect payment card details intentionally;
• kcollect uploaded documents intentionally; or
• lcollect sensitive information intentionally.

Session replay is intended for technical diagnostics, support and reliability improvement.

7.5 Sensitive information and session replay

Because Yuzee is an education, career, chat, offer and pathway platform, some screens may contain personal or sensitive information.

Sensitive information may include:

• apasswords;
• bpayment details;
• cidentity documents;
• duploaded documents;
• eresumes;
• ftranscripts;
• gcertificates;
• hhealth information;
• idisability information;
• jmental health information;
• kfinancial hardship information;
• lvisa information;
• mwork-rights information;
• ndetailed profile information;
• oeducation history;
• pcareer history;
• qchat content;
• rRMO records;
• soffer records;
• tapplication information;
• ucounselling or support information; and
• vother personal or sensitive information.

Yuzee aims to limit, mask or block sensitive information from session replay and session diagnostic tools where possible.

7.6 Areas Yuzee aims to block or mask

Yuzee aims to block, mask or avoid recording sensitive areas of the platform where possible.

This may include:

• apassword fields;
• bemail fields where appropriate;
• cpayment fields;
• dpayment card information;
• eidentity document areas;
• fuploaded document areas;
• gprofile details;
• happlication forms;
• ihealth or disability fields;
• jfinancial hardship fields;
• kvisa or work-rights fields;
• lchat content;
• mRMO records;
• noffer records;
• ocounselling or support notes;
• pprivate messages;
• qsensitive search results;
• rsensitive user dashboards;
• sadmin tools; and
• tany other area Yuzee reasonably considers sensitive.

Yuzee may use blocking, masking, ignoring, sampling and other controls to reduce what is captured.

7.7 Consent and user choice

Where required or where Yuzee provides a choice, session replay and session diagnostics are optional.

Yuzee aims to provide users with a way to accept, reject or manage optional analytics and diagnostics technologies.

If session replay is optional and you reject analytics and diagnostics, session replay should not run for your session.

You may be able to change your choice later through Yuzee’s Privacy & Cookies settings.

Essential technologies may still operate even if you reject optional analytics and diagnostics.

7.8 Session replay should not run before consent where consent is required

Where consent is required, Yuzee should not start session replay before the user has accepted analytics and diagnostics.

This means session replay should not load before the user has been given clear information and a real choice.

Yuzee may still use essential security, login or payment technologies where needed for the platform to work.

7.9 Sampling

Yuzee may limit how often session replay is used.

Sampling means session replay is used only for some sessions, some errors, some environments, some workflows or some technical issues.

Sampling may help reduce the amount of diagnostic information collected.

Yuzee may use higher sampling for serious technical errors and lower sampling for lower-risk situations.

Yuzee should avoid recording all sessions unless there is a clear technical need, appropriate safeguards and a lawful basis to do so.

7.10 Internal testing and support use

Yuzee may use session replay or session diagnostics for internal testing, quality assurance, debugging or support.

Where possible, Yuzee should use internal test accounts, staging environments, restricted test environments or limited diagnostic modes for internal testing.

Yuzee should avoid using real user sessions for internal testing unless necessary and appropriately controlled.

7.11 Access to session replay data

Access to session replay data should be limited to authorised people who need access for an approved purpose.

This may include authorised people involved in:

• aengineering;
• bproduct support;
• ctechnical support;
• dsecurity review;
• eprivacy review;
• fincident response;
• gbug fixing;
• hplatform reliability;
• icomplaint review; and
• jlegal or compliance purposes where required.

Yuzee should not allow general staff access to session replay data unless access is necessary for their role.

7.12 Retention of session replay data

Yuzee aims to keep session replay data only for as long as reasonably needed for the purpose for which it was collected.

Retention may depend on:

• athe provider used;
• baccount settings;
• cthe type of issue being investigated;
• dtechnical support needs;
• esecurity needs;
• fprivacy needs;
• gcomplaint or dispute needs;
• hlegal obligations; and
• iplatform reliability needs.

Yuzee should confirm the applicable retention period in the relevant provider settings.

7.13 Session replay providers

Yuzee may use providers such as Rollbar or similar tools for session replay and session diagnostics.

These providers may process diagnostic information for Yuzee so Yuzee can identify and fix technical issues.

Third-party providers may process information in accordance with their own privacy notices, service terms and data processing arrangements.

7.14 Session replay and personal information

Session replay data may become personal information if it identifies you or can reasonably identify you.

For example, session replay may be personal information if it is linked to your Yuzee account, user ID, device, support request or platform activity.

Yuzee handles personal information in accordance with its Privacy Policy.

7.15 Session replay and young or vulnerable users

Yuzee may be used by young users, students, job seekers, international users, users with disability, users experiencing hardship and other users who may need extra care.

Yuzee should take extra care before using session replay in areas involving young or vulnerable users.

Yuzee should not use session replay in a way that unfairly exposes sensitive information, support needs, documents, private messages, offer records or user circumstances.

7.16 User support and troubleshooting

If you contact Yuzee support about a technical problem, Yuzee may use diagnostic information to help understand the issue.

Where session replay is available and permitted, it may help Yuzee understand what happened before the issue occurred.

Yuzee may still ask you to provide screenshots, device details, app version, browser details or other information if needed.

7.17 No guarantee that every sensitive item will be blocked

Yuzee aims to limit, mask or block sensitive information from session replay and session diagnostics where possible.

However, no masking or blocking system is perfect.

Users should avoid entering unnecessary sensitive information into Yuzee unless it is needed for the relevant feature, support request, offer, application or platform purpose.

If you believe sensitive information has been captured or exposed through a diagnostic tool, contact Yuzee.

7.18 Changes to session replay practices

Yuzee may update, replace, add, remove or change session replay or session diagnostic tools as the platform changes.

This may happen if Yuzee changes:

• adiagnostics providers;
• berror monitoring tools;
• csupport workflows;
• dprivacy settings;
• econsent settings;
• fmasking controls;
• gsampling controls;
• hmobile app features;
• iwebsite features;
• jlegal requirements; or
• ksecurity requirements.

If the change is important, Yuzee may update this Notice and notify users where appropriate.

7.19 Contact about session replay

If you have questions about session replay or session diagnostics, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

8.1 No advertising cookies currently

Yuzee does not currently use advertising cookies or cross-site advertising trackers.

We do not currently use cookies to follow you across unrelated websites for advertising.

We do not currently use cookie data to sell advertising profiles.

8.2 What advertising cookies usually do

Advertising cookies or similar technologies may be used by some websites or apps to:

• ashow targeted advertising;
• bmeasure advertising campaigns;
• cbuild advertising audiences;
• drecognise users across unrelated websites;
• epersonalise ads based on browsing behaviour;
• fretarget users after they leave a website;
• gshare advertising data with ad networks; or
• hmeasure ad performance across different websites or apps.

Yuzee does not currently use these types of advertising cookies or cross-site advertising trackers.

8.3 Yuzee’s current position

Yuzee currently uses cookies and similar technologies mainly to:

• aoperate the platform;
• bsupport login;
• cprotect accounts;
• dprevent fraud and automated abuse;
• esupport chat and messaging;
• fsend push notifications where allowed;
• gprocess payments;
• hdiagnose technical problems;
• iimprove reliability; and
• jsupport user experience.

Yuzee does not currently use advertising cookies to track users across unrelated websites.

8.4 Marketing communications are different

Marketing communications are different from advertising cookies.

Yuzee may send or allow marketing, promotional or product-related communications where permitted.

These communications may include:

• aemails;
• bSMS messages;
• cpush notifications;
• din-app messages;
• enewsletters;
• fproduct updates;
• gcampaign messages;
• hcourse-related updates;
• ijob-related updates;
• joffer-related updates;
• kRMO-related updates; and
• lpartner or organisation communications where permitted.

Marketing communications are managed through Yuzee’s Privacy Policy, communications preferences, unsubscribe tools, consent settings and applicable law.

8.5 Consent and unsubscribe for marketing

Where consent is required, Yuzee will aim to obtain consent before sending marketing communications.

Marketing communications should clearly identify the sender and provide a way to unsubscribe or opt out where required.

Users may be able to manage marketing preferences through:

• aunsubscribe links;
• bSMS opt-out instructions;
• cnotification settings;
• daccount settings;
• ePrivacy & Cookies settings;
• fcommunication preferences; or
• gby contacting Yuzee.

Some service, account, legal, security, payment or safety messages may still be sent even if you opt out of marketing.

8.6 Service messages are not the same as marketing

Yuzee may send service, account, safety, security, payment, support or legal messages even if you opt out of marketing.

These may include messages about:

• aaccount access;
• bpassword resets;
• csecurity alerts;
• dprivacy notices;
• echanges to terms;
• fpayment receipts;
• gsubscription status;
• hRMO status;
• ioffer status;
• jsupport requests;
• ksafety concerns;
• ldata or privacy requests; and
• mother messages needed to provide or protect the platform.

Yuzee will aim not to disguise marketing messages as service messages.

8.7 Sensitive information and advertising

Yuzee should not use sensitive information for advertising targeting.

Sensitive information may include:

• ahealth information;
• bdisability information;
• cmental health information;
• dfinancial hardship information;
• evisa information;
• fwork-rights information;
• gidentity documents;
• huploaded documents;
• icounselling or support information;
• jchat content;
• kRMO records;
• loffer records;
• mdetailed education history;
• ndetailed career history; and
• oother sensitive personal information.

If Yuzee ever introduces advertising technologies, Yuzee should not use sensitive information for advertising targeting unless it is lawful, clearly explained and appropriate.

8.8 Future advertising technologies

Yuzee may update this Notice if advertising technologies are introduced in the future.

If Yuzee starts using advertising cookies, cross-site advertising trackers, retargeting pixels, advertising IDs or similar advertising technologies, Yuzee will update this Notice and provide choices where required.

Future advertising-related technologies may include:

• aadvertising cookies;
• btracking pixels;
• cretargeting pixels;
• dadvertising IDs;
• ecross-site measurement tools;
• fad campaign measurement tools;
• gconversion tracking tools;
• hlookalike audience tools;
• icustom audience tools; or
• jsimilar advertising technologies.

Yuzee should not activate these technologies without appropriate review, notice and user choices where required.

8.9 Advertising provider changes

If Yuzee introduces advertising providers in the future, Yuzee may identify them in this Notice or in a cookie preference centre where appropriate.

Yuzee may also explain:

• athe provider name;
• bthe purpose of the technology;
• cwhether the technology is optional;
• dwhat information may be collected;
• ehow long the technology may remain active;
• fwhether information may be shared with the provider;
• ghow users can manage choices; and
• hwhere users can find more information.

8.10 User control

Where Yuzee provides marketing or advertising choices, users may be able to:

• aopt out of marketing emails;
• bopt out of marketing SMS messages;
• cmanage push notification settings;
• dmanage in-app message settings where available;
• ereject optional advertising technologies if introduced;
• fchange cookie preferences;
• gclear browser cookies and storage;
• hchange mobile app permissions; and
• icontact Yuzee with questions.

Marketing choices and cookie choices may be managed separately because they relate to different technologies and communication channels.

8.11 Changes to this section

Yuzee may update this section if:

• aYuzee introduces advertising cookies;
• bYuzee introduces cross-site advertising trackers;
• cYuzee introduces advertising IDs;
• dYuzee introduces conversion tracking;
• eYuzee changes marketing tools;
• fYuzee changes communication preferences;
• gYuzee changes consent settings;
• hlaws or guidance change;
• iprovider requirements change; or
• jYuzee changes how it uses marketing or advertising technologies.

If the change is important, Yuzee may update this Notice and notify users where appropriate.

9.1 Why Yuzee uses third-party providers

Yuzee may use third-party providers to help operate, secure and improve the platform.

These providers may support:

• alogin;
• bauthentication;
• caccount security;
• dfraud and bot prevention;
• echat;
• fmessaging;
• gpush notifications;
• hpayment processing;
• ierror monitoring;
• jcrash diagnostics;
• ksession diagnostics;
• lplatform reliability;
• mtechnical support; and
• nother platform functions.

Yuzee uses third-party providers so that important platform features can work safely, securely and reliably.

9.2 Provider summary

The table below summarises the main third-party providers Yuzee may use for cookies and similar technologies.

Provider

Main purpose

Technology category

When it may be active

Keycloak

Login, authentication and session management

Essential

When you register, log in, stay signed in, access your account or log out

Firebase Authentication

Authentication support and account session support

Essential

When authentication or account session services are used

Firebase Cloud Messaging

Push notifications

Functional

When push notifications are enabled or supported

Firebase Crashlytics

Mobile crash reporting and app stability diagnostics

Analytics and diagnostics

When using the Yuzee mobile app, subject to Yuzee settings and choices where available

Google reCAPTCHA

Fraud, bot and abuse prevention

Essential

When security checks are needed, such as registration, login or suspicious activity checks

Rollbar

Error monitoring, crash diagnostics and session diagnostics

Analytics and diagnostics

When diagnostics are enabled, subject to Yuzee settings and choices where available

GetStream.io

Chat, messaging or activity features

Functional

When chat, messaging or activity features are used

QuickBlox

Messaging, chat or communication features

Functional

When messaging or communication features are used

Stripe

Payment processing and payment-fraud prevention

Essential for payments

When payment features are used

Yuzee may update this table if providers are added, removed, replaced or used differently.

9.3 Keycloak

Yuzee may use Keycloak for login, authentication, single sign-on and session management.

Keycloak may use cookies or similar technologies to:

• amanage login sessions;
• bkeep you signed in;
• csupport secure logout;
• dsupport account security;
• econnect your login session with your Yuzee account;
• fmanage authentication flows;
• gsupport user permissions; and
• hreduce unauthorised access risk.

Keycloak technologies are essential where they are needed for login, authentication or account security.

9.4 Firebase Authentication

Yuzee may use Firebase Authentication to support authentication and account session functions.

Firebase Authentication may use browser storage, IndexedDB, mobile app storage or similar technologies to:

• asupport secure authentication;
• bmaintain authentication state;
• csupport account access;
• dsupport mobile app login;
• econnect your session with your account; and
• fhelp keep platform access secure.

Firebase Authentication technologies are essential where they are needed for login or account access.

9.5 Firebase Cloud Messaging

Yuzee may use Firebase Cloud Messaging to support push notifications.

Firebase Cloud Messaging may use device or browser tokens so Yuzee can send notifications to the correct browser, device or app installation.

Push notifications may relate to:

• aaccount alerts;
• bmessage alerts;
• coffer updates;
• dRMO updates;
• ereminder notifications;
• fsecurity alerts;
• gsupport updates; and
• hother platform-related notifications.

Push notifications usually require permission from your browser or device.

If you do not allow push notifications, Yuzee will not send push notifications to that browser or device.

9.6 Firebase Crashlytics

Yuzee may use Firebase Crashlytics in the mobile app to help identify and fix crashes and app stability issues.

Firebase Crashlytics may collect technical information such as:

• aapp version;
• bdevice type;
• coperating system;
• dcrash time;
• eerror logs;
• fstack traces;
• gcrash event details;
• hdevice state at the time of the crash; and
• itechnical information needed to understand the crash.

Crashlytics is used for app reliability and technical troubleshooting.

Where required or where Yuzee gives you a choice, crash diagnostics may be managed through analytics and diagnostics preferences.

9.7 Google reCAPTCHA

Yuzee may use Google reCAPTCHA or similar tools to help protect the platform from bots, spam, automated abuse and suspicious activity.

reCAPTCHA may be used on:

• aregistration forms;
• blogin flows;
• cpassword reset flows;
• dpayment-related checks;
• esupport forms;
• fsecurity checks; and
• gother areas where fraud or abuse prevention is needed.

reCAPTCHA may load third-party scripts and may set or access cookies or similar technologies.

Where reCAPTCHA is used for security, fraud prevention or bot prevention, it is treated as essential.

9.8 Rollbar

Yuzee may use Rollbar or similar tools for error monitoring, crash diagnostics, technical debugging and session diagnostics.

Rollbar may help Yuzee:

• adetect technical errors;
• bunderstand where errors happen;
• cgroup similar errors;
• dinvestigate bugs;
• eunderstand app or website performance issues;
• funderstand technical events leading to an error;
• gsupport technical troubleshooting;
• himprove platform reliability; and
• isupport user support.

If Rollbar session diagnostics or session replay are used, Yuzee explains this in the session replay section of this Notice.

Where Rollbar is used for optional analytics or diagnostics, Yuzee aims to provide notice and choices where required.

9.9 GetStream.io

Yuzee may use GetStream.io to support chat, messaging, activity feeds or related communication features.

GetStream.io technologies may help Yuzee:

• asend messages;
• breceive messages;
• cdisplay message threads;
• dsupport unread message counts;
• esupport message delivery status;
• fsupport activity features;
• gsupport chat notifications;
• hsupport user-to-organisation communication; and
• ikeep messaging features reliable.

GetStream.io technologies are functional where they support chat or user-selected messaging features.

9.10 QuickBlox

Yuzee may use QuickBlox to support messaging, chat, communication or notification-related features.

QuickBlox technologies may help Yuzee:

• aconnect users and organisations through messaging;
• bsupport chat sessions;
• csupport message delivery;
• dsupport communication features;
• esupport notification-related features;
• fsupport communication reliability; and
• gsupport platform messaging workflows.

QuickBlox technologies are functional where they support chat or communication features.

9.11 Stripe

Yuzee may use Stripe or another payment provider to process payments securely.

Stripe may use cookies or similar technologies to support:

• apayment processing;
• bpayment session management;
• cfraud prevention;
• dcard tokenisation;
• etransaction verification;
• freceipt support;
• grefund support;
• hdispute support; and
• ipayment-provider compliance.

Payment technologies are essential when payment features are used.

Yuzee aims to use payment-provider technologies only where they are needed for payment-related features.

9.12 Provider privacy notices and terms

Third-party providers may process information in accordance with their own privacy notices, service terms, data processing terms and security practices.

Users can review provider privacy information through the relevant provider’s website.

Yuzee may also provide links to provider privacy notices in this Notice, the Privacy Policy, a cookie preference centre or a help centre article where appropriate.

9.13 Third-party provider access

Third-party providers may receive or process information only as needed to provide their services to Yuzee, support the platform, meet legal or security requirements, or perform the function described in this Notice.

The information processed may depend on:

• athe provider;
• bthe feature used;
• cthe user’s device or browser;
• daccount status;
• econsent or preference settings;
• fsecurity needs;
• gpayment needs;
• hsupport needs;
• idiagnostics settings; and
• japplicable law.

9.14 Cross-border processing

Some third-party providers may process or store information outside Australia.

Where this happens, Yuzee will handle personal information in accordance with its Privacy Policy and applicable law.

Yuzee’s Privacy Policy explains more about cross-border disclosures and service providers.

9.15 Providers not currently active

Yuzee may test, plan or include references to tools that are not currently active.

Yuzee should not describe a provider as active in this Notice unless the provider is actually active in production or otherwise used in connection with the platform.

Based on Yuzee’s current review, Yuzee should not list the following tools as active unless they are later enabled:

• aFirebase Analytics;
• bMicrosoft Clarity;
• cPostHog;
• dFirebase Performance Monitoring;
• eFirebase Remote Config; and
• fany other analytics, advertising, heatmap or tracking tool that is not currently active.

If any of these tools are activated later, Yuzee should update this Notice and provide choices where required.

9.16 Changes to third-party providers

Yuzee may add, remove, replace or change third-party providers over time.

This may happen if Yuzee changes:

• alogin systems;
• bauthentication tools;
• csecurity tools;
• dfraud prevention tools;
• echat providers;
• fmessaging providers;
• gnotification providers;
• hpayment providers;
• idiagnostics tools;
• janalytics tools;
• kmobile app tools;
• lwebsite tools;
• msupport tools; or
• nplatform infrastructure.

If the change is important, Yuzee may update this Notice and notify users where appropriate.

9.17 Questions about providers

If you have questions about Yuzee’s third-party providers or how cookies and similar technologies are used, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

10.1 General statement

The information collected through cookies and similar technologies depends on:

• athe Yuzee service you use;
• bthe feature you access;
• cwhether you are using the website, web app or mobile app;
• dwhether you are logged in;
• eyour browser or device settings;
• fyour notification permissions;
• gyour cookie and privacy choices;
• hwhether you use payment features;
• iwhether you use chat or messaging features;
• jwhether a technical error or crash occurs; and
• kthe third-party providers involved in delivering the relevant feature.

Yuzee does not collect every type of information from every user every time.

Some information is collected only when needed for a specific feature, security process, payment process, notification, diagnostic event or platform function.

10.2 Account and login information

Yuzee may collect, store or access account and login-related information through cookies and similar technologies.

This may include:

• aaccount identifiers;
• buser identifiers;
• csession identifiers;
• dauthentication tokens;
• eaccess tokens;
• frefresh tokens;
• gID tokens;
• hlogin state;
• ilogout state;
• jaccount permission information;
• kuser role or claim information;
• llogin-flow state;
• mauthentication-flow information;
• ntoken expiry information; and
• oother information needed to confirm secure access to your account.

This information helps Yuzee let you log in, stay signed in, access your account securely and use protected platform features.

10.3 Device, browser and app information

Yuzee may collect or access technical information about your browser, device or app.

This may include:

• abrowser type;
• bbrowser version;
• cdevice type;
• ddevice model;
• eoperating system;
• foperating system version;
• gapp version;
• hwebsite version;
• iscreen size or display information;
• jlanguage or region settings;
• ktime zone;
• lconnection information;
• mtechnical identifiers;
• ndevice or app identifiers;
• oIP-related technical information; and
• pother technical information needed to operate or secure the platform.

This information may be used for security, compatibility, troubleshooting, diagnostics and platform reliability.

10.4 Security and fraud-prevention information

Yuzee may collect or access information needed to protect the platform from fraud, bots, spam, automated abuse, suspicious registrations, account misuse and security threats.

This may include:

• areCAPTCHA results;
• bbot-risk information;
• csecurity-check status;
• dregistration-flow information;
• elogin-flow information;
• fpassword reset-flow information;
• gsuspicious activity signals;
• hfailed login information;
• itechnical request information;
• jdevice or browser security signals;
• kfraud-prevention provider information; and
• lother information needed to help protect Yuzee and its users.

This information is used to protect accounts, platform integrity and user safety.

10.5 Notification information

If you allow push notifications or use notification features, Yuzee may collect or store notification-related information.

This may include:

• apush notification tokens;
• bbrowser notification permission status;
• cdevice notification permission status;
• dnotification preferences;
• enotification delivery status;
• fnotification subscription status;
• gapp installation identifiers;
• hdevice or browser identifiers for notification delivery;
• imessage-alert settings;
• joffer-alert settings;
• kRMO-alert settings;
• laccount-alert settings; and
• mother information needed to send or manage notifications.

If you decline notification permission, Yuzee will not send push notifications to that browser or device.

10.6 Chat and messaging information

If you use chat, messaging or communication features, Yuzee may collect or store technical information needed to deliver those features.

This may include:

• achat user identifiers;
• bchannel identifiers;
• cmessage-thread identifiers;
• dmessage delivery status;
• eunread message status;
• fconnection state;
• gchat session state;
• hmessaging provider tokens;
• inotification state;
• jactivity-feed state;
• kattachment-related technical information;
• lmessage metadata;
• msupport-message metadata; and
• nother technical information needed for chat or messaging to work.

Yuzee may use this information to deliver messages, display message history, support message status, provide notifications and keep communication features reliable.

10.7 Payment-related information

If you use payment features, Yuzee or its payment provider may collect or access payment-related technical information.

This may include:

• apayment session information;
• bpayment-flow state;
• ctransaction identifiers;
• dpayment-provider tokens;
• ecard tokenisation information;
• ffraud-prevention signals;
• gpayment status;
• hreceipt information;
• irefund-related information;
• jdispute-related information;
• kpayment error information;
• lbilling workflow information; and
• mother information needed to process, secure or support payments.

Yuzee does not aim to store full payment card details through cookies or local storage.

Payment card details should be handled by Yuzee’s payment provider where payment features are used.

10.8 Diagnostics and error information

Yuzee may collect technical information through analytics and diagnostics tools to understand and fix technical issues.

This may include:

• aerror messages;
• berror type;
• cstack traces;
• dcrash logs;
• eapp crash information;
• fbrowser error information;
• gnetwork error information;
• hAPI error information;
• ifailed request information;
• jscreen or page name;
• kfeature area;
• lapp version;
• mwebsite version;
• noperating system;
• odevice type;
• pbrowser type;
• qtiming information;
• rtechnical event logs;
• sdiagnostic identifiers;
• tsupport-ticket context where relevant; and
• uother technical information needed to diagnose and fix issues.

Diagnostics information helps Yuzee improve reliability, fix bugs and support users.

10.9 Session replay and session diagnostic information

Where session replay or session diagnostics are enabled, Yuzee may collect technical interaction information.

This may include:

• ascreens or pages visited;
• bbuttons clicked;
• ctaps;
• dnavigation steps;
• escrolling;
• fscreen changes;
• gtechnical events;
• herror context;
• inetwork activity;
• japp behaviour;
• kbrowser behaviour;
• ldevice or browser information;
• mtiming information;
• napp version;
• owebsite version; and
• pother technical information needed to understand a technical issue.

Session replay and session diagnostics are used for technical diagnostics, support and platform reliability.

They are not used for advertising.

10.10 Sensitive information

Yuzee does not use cookies or similar technologies for the purpose of collecting sensitive information unnecessarily.

However, because Yuzee is an education, career, pathway, chat, offer and support platform, some screens may contain personal or sensitive information.

This may include:

• apasswords;
• bpayment card details;
• cidentity documents;
• duploaded documents;
• eresumes;
• ftranscripts;
• gcertificates;
• hhealth information;
• idisability information;
• jmental health information;
• kfinancial hardship information;
• lvisa information;
• mwork-rights information;
• ndetailed profile information;
• oeducation history;
• pcareer history;
• qchat content;
• rRMO records;
• soffer records;
• tapplication information;
• ucounselling or support information; and
• vother personal or sensitive information.

Yuzee aims to limit, mask or block sensitive information from analytics, diagnostics and session replay tools where possible.

10.11 Information from third-party providers

Third-party providers may collect or process information when their technologies are used on Yuzee.

This may include providers used for:

• aauthentication;
• baccount security;
• cfraud prevention;
• dbot prevention;
• epush notifications;
• fchat;
• gmessaging;
• hpayment processing;
• icrash reporting;
• jerror monitoring;
• ksession diagnostics; and
• lplatform reliability.

The information collected or processed by a provider depends on the provider, the feature used and the user’s settings.

Third-party providers may process information in accordance with their own privacy notices, service terms and data processing arrangements.

10.12 When technical information becomes personal information

Technical information may be personal information if it identifies you or can reasonably identify you.

For example, technical information may become personal information if it is linked to:

• ayour Yuzee account;
• byour user ID;
• cyour device;
• dyour browser;
• eyour login session;
• fyour support request;
• gyour payment;
• hyour chat activity;
• iyour RMO activity;
• jyour offer activity; or
• kyour platform activity.

Yuzee handles personal information in accordance with its Privacy Policy.

10.13 Minimisation

Yuzee aims to collect and use only the information reasonably needed for the relevant purpose.

This may include purposes such as:

• aoperating the platform;
• bproviding secure login;
• cprotecting accounts;
• dpreventing fraud;
• eprocessing payments;
• fdelivering messages;
• gsending notifications;
• hdiagnosing errors;
• ifixing crashes;
• jimproving platform reliability;
• ksupporting users;
• lmeeting legal obligations; and
• mprotecting Yuzee and its users.

Yuzee aims not to collect more information through cookies and similar technologies than is reasonably needed for the relevant purpose.

10.14 No sale of cookie data for advertising

Yuzee does not currently use advertising cookies or cross-site advertising trackers.

Yuzee does not currently sell cookie data for advertising profiles.

If this changes in the future, Yuzee will update this Notice and provide choices where required.

10.15 Contact

If you have questions about the information collected through cookies and similar technologies, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

11.1 Your choices

Yuzee aims to give you clear choices about optional cookies and similar technologies.

Depending on the platform, device, browser and settings available, you may be able to:

• aaccept optional technologies;
• breject optional technologies;
• cmanage preferences by category;
• dchange your choices later;
• edisable browser notifications;
• fchange mobile app notification permissions;
• gclear cookies and browser storage;
• hclear app storage through your device settings; and
• icontact Yuzee with privacy questions.

Essential technologies remain active because Yuzee needs them to operate safely and correctly.

11.2 Essential technologies remain active

Essential technologies are needed for Yuzee to work.

These include technologies used for:

• alogin;
• bauthentication;
• caccount security;
• dsecure session management;
• efraud and bot prevention;
• fpayment processing;
• gsecure API access;
• hplatform security;
• ilogout;
• jaccount access; and
• kcore platform operation.

You cannot switch off essential technologies inside Yuzee.

If you block essential technologies through your browser, device or network settings, Yuzee may not work properly.

11.3 Optional technologies

Optional technologies are not always required for Yuzee to provide the core service.

Optional technologies may include:

• aanalytics technologies;
• bdiagnostics technologies;
• csession replay technologies;
• dperformance monitoring technologies;
• eoptional product-improvement technologies;
• foptional marketing technologies; and
• gadvertising technologies if Yuzee introduces them in the future.

Where required or where Yuzee gives you a choice, you can accept, reject or manage optional technologies.

11.4 Accept all optional technologies

If you choose “Accept all” or a similar option, Yuzee may use optional technologies listed in the preference centre.

This may allow Yuzee to use optional technologies for purposes such as:

• aanalytics;
• bdiagnostics;
• ccrash reporting;
• derror monitoring;
• esession diagnostics;
• fperformance improvement;
• gproduct improvement; and
• hany future optional category that is clearly explained to you.

Accepting optional technologies does not change the way essential technologies operate.

11.5 Reject optional technologies

If you choose “Reject optional” or a similar option, Yuzee will aim not to use optional technologies that are covered by that choice.

This may mean Yuzee will not use optional technologies for:

• aanalytics;
• bdiagnostics;
• csession replay;
• dperformance monitoring;
• eproduct improvement;
• fadvertising if introduced in the future; or
• gother optional purposes shown in the preference centre.

Essential technologies may still operate because they are needed for Yuzee to work.

11.6 Manage preferences by category

Yuzee may allow you to manage preferences by category.

The categories may include:

• aEssential technologies;
• bFunctional technologies;
• cAnalytics and diagnostics technologies;
• dSession replay or session diagnostics;
• eMarketing technologies; and
• fAdvertising technologies, if introduced in the future.

Essential technologies will usually be marked as always active.

Other categories may allow you to switch them on or off, depending on the feature, platform, law and Yuzee settings.

11.7 Changing your choices later

You may be able to change your choices later through Yuzee’s Privacy & Cookies settings.

These settings may be available through:

• athe cookie banner;
• bthe cookie preference centre;
• cwebsite footer links;
• daccount settings;
• eapp settings;
• fPrivacy & Cookies settings;
• gnotification settings; or
• hby contacting Yuzee.

If you change your choice, the change may apply from that point forward.

Some technologies may already have been used before you changed your choice.

11.8 Consent before optional technologies

Where consent is required, Yuzee should not load or activate optional technologies before you have made a choice.

This includes optional technologies such as:

• aoptional analytics;
• boptional diagnostics;
• coptional session replay;
• doptional performance monitoring;
• eoptional advertising technologies; and
• fother optional technologies that require consent.

Yuzee may still use essential technologies before you make a choice because they are needed for security, login, fraud prevention, payment processing or core platform operation.

11.9 Session replay choices

Session replay and session diagnostics may be more sensitive than ordinary analytics because they may show interaction information such as screens visited, clicks, taps, navigation steps, errors and technical events.

Where session replay is optional, Yuzee should provide a way to accept or reject it.

If you reject optional analytics and diagnostics, session replay should not run for your session where it is covered by that choice.

Yuzee may also provide a separate session replay preference if needed.

11.10 Browser controls

You can usually control cookies and browser storage through your browser settings.

Depending on your browser, you may be able to:

• ablock cookies;
• bdelete cookies;
• cclear local storage;
• dclear session storage;
• eclear IndexedDB;
• fblock third-party cookies;
• gmanage site permissions;
• hmanage notification permissions; and
• iuse private or incognito browsing modes.

If you block or clear browser storage, Yuzee may not remember your login session, preferences or settings.

Some features may not work properly.

11.11 Mobile app controls

If you use the Yuzee mobile app, you may be able to manage some choices through your device settings.

Depending on your device, you may be able to:

• adisable push notifications;
• bchange app permissions;
• cclear app data;
• duninstall the app;
• erestrict background activity;
• freset advertising or device identifiers where available;
• gmanage privacy permissions; and
• huse Yuzee app settings where available.

Clearing app data or uninstalling the app may remove login state, preferences, tokens and stored app data from your device.

11.12 Notification choices

Push notifications require permission from your browser or device.

If you do not allow push notifications, Yuzee will not send push notifications to that browser or device.

You can usually change notification permission through:

• abrowser settings;
• biOS settings;
• cAndroid settings;
• ddevice settings;
• eYuzee app settings where available; or
• fYuzee account settings where available.

Some service, account, legal, security, safety or payment messages may still be sent through other permitted channels.

11.13 Marketing choices

Cookie choices and marketing choices may be separate.

You may be able to manage marketing choices through:

• aunsubscribe links;
• bSMS opt-out instructions;
• caccount communication settings;
• dnotification settings;
• eemail preferences;
• fapp settings;
• gPrivacy & Cookies settings where available; or
• hby contacting Yuzee.

If you opt out of marketing, Yuzee may still send service, legal, account, security, safety, payment, support or transactional messages where permitted.

11.14 Shared devices and browsers

If more than one person uses the same browser or device, cookie and technology choices may affect all users of that browser or device.

Yuzee may not always know whether the person making a choice is the device owner, account holder or another user.

Where possible, Yuzee will aim to respect the most recent preference provided through that browser, device, app or account.

11.15 Logged-out and logged-in choices

Yuzee may store cookie and technology choices differently depending on whether you are logged in.

If you are logged out, choices may be stored in your browser or device.

If you are logged in, choices may also be linked to your Yuzee account where Yuzee supports account-based preferences.

If you use a different browser, device or app installation, you may need to set your choices again.

11.16 Consent records

Yuzee may keep records of cookie and technology choices.

These records may include:

• ayour preference selection;
• bthe date and time of the selection;
• cthe version of the cookie notice or preference centre shown;
• dthe categories selected;
• ethe browser or device context;
• faccount context if you were logged in; and
• gother information needed to manage or evidence your choice.

Yuzee may keep consent records for compliance, audit, security, support or dispute purposes.

11.17 Changes that may require a new choice

Yuzee may ask you to make a new choice if:

• athis Notice changes materially;
• bYuzee introduces new optional technologies;
• cYuzee introduces advertising technologies;
• dYuzee changes analytics or diagnostics providers;
• eYuzee changes session replay settings;
• fYuzee changes purposes for optional technologies;
• gyour previous preference expires;
• hyour browser or device storage is cleared;
• iyou use a new browser, device or app installation; or
• jlegal requirements change.

11.18 Consequences of rejecting optional technologies

If you reject optional technologies, Yuzee will aim to respect your choice.

However, some things may be affected.

For example:

• aYuzee may receive fewer diagnostic reports;
• bYuzee may find it harder to investigate bugs affecting you;
• cYuzee may receive less information about crashes;
• dYuzee may not be able to view session diagnostics;
• eYuzee may have less information to improve performance; and
• fsome optional features may be limited if they depend on the rejected technology.

Rejecting optional technologies should not prevent you from using essential Yuzee features that do not depend on those optional technologies.

11.19 Contact about choices

If you have questions about cookie choices, consent, preferences, notification settings or optional technologies, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

12.1 Cookie banner

Yuzee may show a cookie banner or similar notice when you first visit or use the platform.

The banner helps explain that Yuzee uses cookies and similar technologies.

The banner may also allow you to accept, reject or manage optional technologies.

Essential technologies may be used before you make a choice because they are needed for login, account security, fraud prevention, payment processing and core platform operation.

Optional technologies should not be activated before your choice where consent is required.

12.2 Suggested banner wording

Yuzee may use wording similar to the following:

“Yuzee uses essential technologies to keep the platform secure, support login, process payments and make core features work. We also use optional analytics and diagnostics to help find bugs and improve reliability. You can accept optional technologies, reject optional technologies or manage your choices.”

The banner may include buttons such as:

• aAccept all;
• bReject optional; and
• cManage preferences.

12.3 Clear and fair choices

Yuzee aims to make cookie and technology choices clear and fair.

This means:

• ausers should receive clear information before optional technologies are activated where consent is required;
• boptional choices should not be hidden;
• crejecting optional technologies should not be harder than accepting them;
• doptional categories should not be pre-selected where consent is required;
• ethe banner should not use confusing or misleading wording;
• fthe banner should not pressure users to accept optional technologies;
• gthe preference centre should be easy to find; and
• husers should be able to change their choice later where Yuzee provides that option.

12.4 Preference centre

Yuzee may provide a cookie and technology preference centre.

The preference centre may let you manage categories of technologies.

The categories may include:

• aEssential technologies;
• bFunctional technologies;
• cAnalytics and diagnostics technologies;
• dSession replay and session diagnostics;
• eMarketing technologies; and
• fAdvertising technologies, if introduced in the future.

Yuzee may update the categories if platform features, technologies, providers or legal requirements change.

12.5 Essential technologies

Essential technologies are always active because Yuzee needs them to operate safely and correctly.

These technologies may support:

• alogin;
• bauthentication;
• caccount security;
• dfraud and bot prevention;
• epayment processing;
• fsecure API access;
• glogout;
• hsession management;
• iplatform security; and
• jcore platform operation.

The preference centre may show essential technologies as “Always active” or “Required”.

You cannot switch off essential technologies inside Yuzee.

12.6 Functional technologies

Functional technologies support features such as chat, messaging, notifications and user-selected platform functions.

The preference centre may explain that functional technologies help Yuzee:

• adeliver chat messages;
• bsupport messaging;
• csend push notifications where allowed;
• dremember notification preferences;
• esupport account or app settings;
• fsupport dashboards;
• gsupport selected features; and
• hkeep feature workflows reliable.

Where functional technologies are optional, Yuzee may allow you to manage them.

Some functional technologies may be needed for a feature you choose to use.

12.7 Analytics and diagnostics technologies

Analytics and diagnostics technologies help Yuzee find and fix technical issues.

The preference centre may explain that these technologies help Yuzee:

• aidentify app crashes;
• bdiagnose website errors;
• cunderstand technical bugs;
• dimprove platform reliability;
• einvestigate performance issues;
• fsupport users when something goes wrong; and
• gimprove the Yuzee experience.

Where analytics and diagnostics are optional, you may be able to switch them on or off.

12.8 Session replay and session diagnostics

Session replay and session diagnostics may be shown as a separate category because they can be more sensitive than ordinary analytics.

The preference centre may explain that session replay or session diagnostics may help Yuzee understand technical issues by showing interaction information such as screens visited, clicks, taps, navigation steps, errors and technical events.

Yuzee does not use session replay for advertising.

Where session replay is optional, Yuzee should allow users to accept or reject it.

Yuzee should not activate optional session replay before consent where consent is required.

12.9 Advertising technologies

Yuzee does not currently use advertising cookies or cross-site advertising trackers.

If Yuzee introduces advertising technologies in the future, the preference centre may include an advertising category.

This category may cover technologies used for:

• atargeted advertising;
• bretargeting;
• cadvertising campaign measurement;
• dconversion tracking;
• eadvertising audiences;
• fcross-site tracking; or
• gsimilar advertising purposes.

Yuzee should update this Notice and provide choices where required before activating advertising technologies.

12.10 Example preference centre wording

Yuzee may use preference-centre wording similar to the following:

“Manage your Yuzee privacy and cookie choices. Essential technologies are required for Yuzee to work and cannot be switched off inside Yuzee. Optional technologies help us improve reliability, diagnose problems and support selected features. You can change your choices at any time.”

Yuzee may include category descriptions such as:

• aEssential technologies — required for login, security, payments and core platform operation. Always active.
• bFunctional technologies — support chat, messaging, notifications and selected features.
• cAnalytics and diagnostics — help us find crashes, errors and performance issues.
• dSession replay and session diagnostics — help us understand technical issues by showing interaction steps. Optional where shown.
• eAdvertising technologies — not currently used by Yuzee.

12.11 Saving choices

Yuzee may save your cookie and technology choices.

If you are logged out, Yuzee may save your choices in your browser, device or app.

If you are logged in, Yuzee may also save your choices to your Yuzee account where account-based preferences are supported.

If you use a different browser, device or app installation, you may need to set your choices again.

If you clear cookies, local storage, IndexedDB, app storage or similar technologies, your saved choices may be removed and Yuzee may ask you to choose again.

12.12 Changing choices later

Yuzee should provide a way to change cookie and technology choices later.

This may be available through:

• aa “Privacy & Cookies” link;
• bthe website footer;
• caccount settings;
• dapp settings;
• enotification settings;
• fthe cookie banner;
• gthe preference centre; or
• hby contacting Yuzee.

Changes may apply from the time they are made.

Some technologies may already have been used before the change.

12.13 Re-prompting users

Yuzee may ask users to make a new choice if:

• athis Notice changes materially;
• bYuzee introduces new optional technologies;
• cYuzee introduces advertising technologies;
• dYuzee changes analytics or diagnostics providers;
• eYuzee changes session replay settings;
• fYuzee changes the purposes of optional technologies;
• gthe saved preference expires;
• hthe user clears browser or app storage;
• ithe user uses a new browser, device or app installation; or
• jlegal requirements change.

12.14 Consent and preference records

Yuzee may keep records of cookie and technology choices.

These records may include:

• athe choice selected;
• bthe categories accepted or rejected;
• cthe date and time of the choice;
• dthe version of this Notice;
• ethe version of the preference centre;
• faccount context if the user was logged in;
• gbrowser or device context where relevant; and
• hother information needed to manage or evidence the user’s choice.

Yuzee may keep these records for compliance, audit, support, security, dispute or legal purposes.

12.15 Shared devices and browsers

If a browser or device is used by more than one person, cookie and technology choices may affect all users of that browser or device.

Yuzee may not always know whether the person making the choice is the account holder, device owner or another user.

Where possible, Yuzee will aim to respect the most recent preference provided through that browser, device, app or account.

12.16 Accessibility and plain language

Yuzee aims to make the cookie banner and preference centre clear, accessible and easy to understand.

Yuzee should avoid unnecessary legal jargon, technical language or confusing design.

The banner and preference centre should be usable on:

• adesktop browsers;
• bmobile browsers;
• ctablets;
• dthe Yuzee mobile app;
• eassistive technologies where reasonably possible; and
• fdifferent screen sizes.

12.17 Internal implementation note

Yuzee should not publish or rely on the cookie banner unless the technical implementation matches the wording.

Before publication, Yuzee should confirm that:

• aoptional analytics do not load before consent where consent is required;
• boptional diagnostics do not load before consent where consent is required;
• csession replay does not run before consent where consent is required;
• doptional categories are not pre-selected where consent is required;
• e“Reject optional” is as easy to use as “Accept all”;
• fthe preference centre can be reopened later;
• gchoices are stored correctly;
• hconsent records are kept where needed;
• iessential technologies are clearly marked;
• jinactive tools are not listed as active;
• kthe mobile app provides equivalent information and settings where appropriate; and
• lthe wording matches Yuzee’s actual production configuration.

12.18 Contact about cookie choices

If you have questions about the cookie banner, preference centre or your choices, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

13.1 Mobile app storage

If you use the Yuzee mobile app, Yuzee may use storage managed by your iOS or Android device.

Mobile app storage is not the same as browser cookies, but it can perform similar functions.

Yuzee may use mobile app storage to support:

• alogin;
• bauthentication;
• caccount security;
• dsecure session management;
• eapp settings;
• fnotification settings;
• gpush notifications;
• hmessaging;
• icrash reporting;
• jdiagnostics;
• kapp reliability;
• lfraud prevention; and
• mother mobile app features.

This Notice explains mobile app storage together with cookies and similar technologies so users can understand how Yuzee works across website, web app and mobile app environments.

13.2 Authentication and login storage

Yuzee may use mobile app storage to support secure login and account access.

This may include storage for:

• alogin state;
• bauthentication flow state;
• caccount session state;
• daccess tokens;
• erefresh tokens;
• fID tokens;
• gPKCE code verifiers;
• hpending login exchange information;
• ilogin synchronisation information;
• jpending login URLs;
• ksign-in or sign-up flow state; and
• lother information needed to complete or maintain secure login.

This information helps Yuzee confirm that you are authorised to access your account and use protected app features.

If authentication storage is cleared, expired or blocked, you may be signed out or asked to log in again.

13.3 Push notification tokens

If you allow push notifications, Yuzee may use a push notification token for your device or app installation.

A push notification token helps Yuzee send notifications to the correct device.

Yuzee may use push notification tokens for:

• aaccount alerts;
• bsecurity alerts;
• cmessage alerts;
• dchat alerts;
• eoffer updates;
• fRMO updates;
• gapplication updates;
• hsupport updates;
• ireminder notifications;
• jpayment or subscription alerts;
• kimportant platform notices; and
• lother Yuzee-related notifications.

If you decline push notifications, Yuzee will not send push notifications to that device.

13.4 Notification permission

Push notifications require permission from your device or operating system.

You can usually allow, deny or change notification permission through your iOS or Android settings.

You may also be able to manage some notification preferences through Yuzee account settings or Yuzee app settings where available.

If notification permission is turned off, you may not receive push notifications from Yuzee on that device.

Some service, account, legal, security, payment, support or safety messages may still be sent through other permitted channels.

13.5 Notification preferences

Yuzee may allow you to manage notification preferences inside the mobile app.

Notification preferences may include:

• amessage notifications;
• bchat notifications;
• coffer notifications;
• dRMO notifications;
• eapplication notifications;
• freminder notifications;
• gaccount notifications;
• hsecurity notifications;
• isupport notifications;
• jpayment notifications;
• kmarketing notifications; and
• lother communication preferences.

Yuzee may use app storage or similar technologies to remember your notification preferences.

13.6 Mobile crash reporting

Yuzee may use mobile crash reporting tools to help identify and fix app stability problems.

Yuzee may use Firebase Crashlytics or similar tools to understand crashes on iOS and Android.

Crash reporting may collect technical information such as:

• aapp version;
• bdevice type;
• coperating system;
• dcrash time;
• estack trace;
• ferror logs;
• gcrash event details;
• hdevice state at the time of the crash;
• itechnical breadcrumbs leading to the crash; and
• jother technical information needed to understand the crash.

Crash reporting helps Yuzee improve mobile app reliability and fix technical issues.

13.7 Mobile diagnostics

Yuzee may use mobile diagnostics tools to understand app errors, crashes, performance issues and technical problems.

Mobile diagnostics may help Yuzee:

• adetect app errors;
• bunderstand crash causes;
• cinvestigate broken features;
• dtroubleshoot app issues;
• eimprove app stability;
• fsupport users when something goes wrong;
• gidentify affected app versions;
• hidentify affected device types; and
• iimprove the mobile experience.

Where mobile diagnostics are optional, Yuzee aims to provide notice and choices where required.

13.8 Session diagnostics in the mobile app

Yuzee may use session diagnostics or session replay in the mobile app to understand technical problems.

Session diagnostics may show technical information such as:

• ascreens viewed;
• btaps;
• cnavigation steps;
• dapp behaviour;
• eerror context;
• fnetwork activity;
• gapp version;
• hdevice information;
• itiming information; and
• jtechnical events.

Session diagnostics may be more sensitive than ordinary crash logs because they can show how a user moved through the app.

Yuzee explains session replay and session diagnostics in more detail in the session replay section of this Notice.

Where session diagnostics are optional, Yuzee should allow users to accept, reject or manage them.

13.9 Sensitive information in the mobile app

Yuzee may contain personal or sensitive information in the mobile app.

This may include:

• aprofile information;
• beducation history;
• ccareer history;
• dresumes;
• ecertificates;
• fuploaded documents;
• gidentity information;
• hhealth information;
• idisability information;
• jfinancial hardship information;
• kvisa information;
• lwork-rights information;
• mchat content;
• nRMO records;
• ooffer records;
• papplication information;
• qcounselling or support information; and
• rother personal or sensitive information.

Yuzee aims to limit, mask or block sensitive information from mobile analytics, diagnostics and session replay tools where possible.

13.10 Privacy and Cookies settings in the mobile app

Yuzee may provide a Privacy & Cookies section in the mobile app.

This section may allow you to:

• aview cookie and similar technology information;
• bmanage optional analytics and diagnostics;
• cmanage session replay choices where available;
• dmanage notification preferences;
• eview privacy links;
• faccess the Privacy Policy;
• gaccess this Notice;
• hchange optional technology settings;
• ireview communication preferences; and
• jcontact Yuzee with privacy questions.

Essential technologies will remain active because they are needed for the app to work safely and correctly.

13.11 Device settings

You may be able to manage some mobile app controls through your device settings.

Depending on your device, you may be able to:

• aturn notifications on or off;
• bchange notification categories;
• cclear app data;
• duninstall the app;
• erestrict background activity;
• freset certain device identifiers where available;
• gmanage app permissions;
• hmanage privacy permissions;
• imanage mobile data access;
• jmanage storage permissions; and
• kuse operating-system privacy controls.

Device settings may differ depending on your device, operating system version and app version.

13.12 Clearing app data or uninstalling the app

If you clear Yuzee app data or uninstall the mobile app, some locally stored information may be removed from your device.

This may include:

• alogin state;
• bauthentication tokens;
• capp preferences;
• dnotification preferences;
• epush notification tokens;
• fcached app data;
• gapp storage;
• hlocal diagnostic state; and
• iother locally stored information.

Clearing app data or uninstalling the app may sign you out, stop push notifications, reset preferences or require you to log in again.

Some information may still remain in Yuzee’s systems or third-party provider systems where it has already been submitted, processed or stored in accordance with Yuzee’s Privacy Policy.

13.13 Mobile app permissions

The Yuzee mobile app may ask for permissions depending on the features you use.

These permissions may relate to:

• apush notifications;
• bfile uploads;
• cdocument access;
• dcamera access;
• ephoto library access;
• fstorage access;
• gdevice security;
• hlocation, if a location-based feature is introduced; and
• iother app features.

Yuzee should only request permissions that are needed for the relevant feature.

If you deny a permission, the feature that depends on that permission may not work.

13.14 Mobile app updates

Yuzee may update the mobile app from time to time.

Updates may change:

• aapp features;
• bapp storage;
• clogin systems;
• dnotification systems;
• eanalytics tools;
• fdiagnostics tools;
• gsession replay settings;
• hchat tools;
• ipayment tools;
• jsecurity tools;
• kprivacy settings;
• lcookie settings; or
• mprovider integrations.

Yuzee may update this Notice if mobile app technologies or privacy choices change in an important way.

13.15 Mobile app provider changes

Yuzee may add, remove, replace or update mobile app providers.

This may include providers used for:

• aauthentication;
• bnotifications;
• cchat;
• dmessaging;
• epayments;
• fcrash reporting;
• gerror monitoring;
• hsession diagnostics;
• iapp security;
• jfraud prevention; and
• kapp reliability.

If a provider change is important, Yuzee may update this Notice and notify users where appropriate.

13.16 Contact about mobile app technologies

If you have questions about mobile app storage, notifications, crash reporting, diagnostics, permissions or privacy choices, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

14.1 How long cookies and similar technologies last

Cookies and similar technologies may last for different periods of time.

The duration may depend on:

• athe type of technology;
• bthe purpose of the technology;
• cwhether the technology is essential or optional;
• dwhether you are using the website, web app or mobile app;
• ewhether you are logged in;
• fyour browser settings;
• gyour device settings;
• hyour app settings;
• iyour cookie and privacy choices;
• jthe provider involved;
• ksecurity requirements;
• lpayment requirements;
• msupport requirements; and
• nlegal or compliance requirements.

Some technologies last only for a browsing session.

Other technologies may remain on your browser, device or app for longer unless they expire, are replaced, are deleted, or are cleared by you.

14.2 Session technologies

Some cookies and similar technologies are temporary.

They may last only while you are using a browser tab, browser session, app session, login flow, payment flow or security flow.

Session technologies may be used for:

• alogin steps;
• bauthentication flows;
• cfraud checks;
• dsecurity checks;
• etemporary app state;
• fpayment flows;
• gregistration flows;
• hform progress;
• inavigation state; and
• jother short-term platform functions.

These technologies may be deleted or expire when the relevant browser tab, browser session, app session or workflow ends.

14.3 Persistent technologies

Some cookies and similar technologies may remain on your browser, device or app for longer.

Persistent technologies may be used for:

• alogin state;
• bauthentication state;
• caccount preferences;
• dnotification preferences;
• ecookie choices;
• fapp settings;
• gdevice settings;
• hfeature settings;
• ipush notification tokens;
• jsecurity state;
• kdiagnostics settings;
• lapp reliability; and
• mother platform functions.

Persistent technologies may remain until they expire, are replaced, are removed by Yuzee, are cleared by you, or are removed by your browser, device or operating system.

14.4 Authentication and login storage

Authentication and login storage may remain active for as long as needed to support secure account access.

This may include:

• asession cookies;
• bauthentication tokens;
• caccess tokens;
• drefresh tokens;
• eID tokens;
• flogin state;
• gaccount session information;
• hsecure API authorisation information; and
• irelated authentication information.

Authentication storage may end, expire or be removed when:

• ayou log out;
• byour session expires;
• cyour token expires;
• dyour token is refreshed or replaced;
• eYuzee ends the session for security reasons;
• fyour account access changes;
• gyour browser or app storage is cleared;
• hyou uninstall the app;
• iyou change device; or
• jYuzee updates its authentication systems.

If authentication storage is removed, you may need to log in again.

14.5 Cookie and technology preference records

Yuzee may store your cookie and technology choices.

These choices may be stored in your browser, device, app or account.

Preference records may include:

• awhether you accepted optional technologies;
• bwhether you rejected optional technologies;
• ccategory-level preferences;
• dthe date and time of your choice;
• ethe version of this Notice;
• fthe version of the preference centre;
• gbrowser or device context; and
• haccount context if you were logged in.

Yuzee may keep preference records for compliance, audit, support, security, dispute or legal purposes.

Yuzee may ask you to choose again if your preference expires, storage is cleared, the Notice changes materially, or Yuzee introduces new optional technologies.

14.6 Push notification tokens

If you allow push notifications, Yuzee may use a push notification token for your browser, device or app installation.

Push notification tokens may remain active until:

• athe token expires;
• bthe token is refreshed;
• cthe token is replaced;
• dyou turn off notifications;
• eyou revoke notification permission;
• fyou clear app or browser storage;
• gyou uninstall the app;
• hyou change device;
• iyour browser or operating system removes the token;
• jYuzee removes the token; or
• kthe notification provider no longer recognises the token.

If a push notification token is removed or stops working, Yuzee may not be able to send push notifications to that browser, device or app installation.

14.7 Chat and messaging storage

Chat and messaging technologies may use storage to support message delivery, chat sessions, unread counts, connection state and notifications.

The duration of chat or messaging storage may depend on:

• athe messaging provider;
• bthe chat feature used;
• cwhether you are logged in;
• dyour device or browser settings;
• eyour notification settings;
• fyour account settings;
• gprovider configuration;
• hsupport requirements; and
• ilegal or compliance requirements.

Some chat or messaging storage may be temporary.

Other chat or messaging storage may remain longer to support message delivery, account state or feature reliability.

14.8 Payment-related technologies

Payment-related technologies may be used when you use payment features.

These technologies may remain active for the time needed to support:

• apayment session management;
• bpayment security;
• cfraud prevention;
• dcard tokenisation;
• etransaction verification;
• freceipts;
• grefunds;
• hdisputes;
• ipayment support; and
• jpayment-provider requirements.

Yuzee aims to use payment-provider technologies only where they are needed for payment-related features.

Payment-provider storage and retention may be controlled partly by the payment provider.

14.9 Fraud and security technologies

Fraud and security technologies may be used to protect Yuzee and its users.

These technologies may support:

• areCAPTCHA checks;
• bbot detection;
• csuspicious activity detection;
• daccount security;
• efailed login monitoring;
• fregistration abuse prevention;
• gpassword reset security;
• hpayment fraud prevention;
• iplatform integrity; and
• jsecurity incident investigation.

The duration of fraud and security records may depend on security needs, provider settings, risk level, legal requirements and platform protection requirements.

14.10 Analytics and diagnostics records

Analytics and diagnostics records may be kept for as long as reasonably needed to identify, investigate and fix technical issues.

This may include records such as:

• aerror reports;
• bcrash logs;
• cstack traces;
• dapp stability reports;
• ewebsite error reports;
• fnetwork error logs;
• gtechnical event logs;
• hperformance information;
• idiagnostic identifiers;
• jsupport context; and
• krelated troubleshooting information.

The retention period may depend on the provider, account settings, support needs, security needs, bug-fixing needs, incident response needs and legal requirements.

Yuzee aims not to keep analytics and diagnostics records longer than reasonably needed for the purpose for which they were collected.

14.11 Session replay and session diagnostic retention

If session replay or session diagnostics are used, the retention period should be limited to what is reasonably needed for technical diagnostics, support, incident review and platform reliability.

Session replay data may be more sensitive than ordinary error logs.

Yuzee should review session replay retention settings and avoid keeping session replay data longer than reasonably needed.

The exact retention period may depend on:

• athe provider used;
• bthe provider account settings;
• cthe diagnostic purpose;
• dsupport needs;
• esecurity needs;
• fprivacy needs;
• gcomplaint or dispute needs;
• hlegal obligations; and
• iplatform reliability needs.

Yuzee should confirm the applicable retention period in the relevant provider settings before publishing an exact retention period.

14.12 Local storage, session storage and IndexedDB

Browser storage may remain on your browser until it expires, is replaced, is removed by Yuzee, is removed by your browser, or is cleared by you.

This may include:

• alocal storage;
• bsession storage;
• cIndexedDB;
• dcached app data;
• elogin state;
• fauthentication state;
• gapp settings;
• hfeature settings;
• iFirebase storage;
• jnotification state;
• kmessaging state; and
• lother browser-based storage.

Clearing browser storage may sign you out, reset preferences, remove tokens, interrupt workflows or require you to log in again.

14.13 Mobile app storage

Mobile app storage may remain on your device until it expires, is replaced, is removed by Yuzee, is removed by the operating system, is cleared by you, or is removed when you uninstall the app.

Mobile app storage may include:

• alogin state;
• bauthentication tokens;
• capp preferences;
• dnotification preferences;
• epush notification tokens;
• fcached app data;
• gdiagnostics state;
• hmessaging state;
• iapp settings; and
• jother locally stored app information.

Clearing app data or uninstalling the app may sign you out, stop push notifications, reset preferences or require you to log in again.

14.14 Third-party provider retention

Some cookies and similar technologies are provided or processed by third-party providers.

Provider retention may depend on:

• aprovider settings;
• bservice terms;
• cdata processing terms;
• dprivacy notices;
• eaccount configuration;
• fpayment requirements;
• gsecurity requirements;
• hdiagnostics settings;
• isupport needs; and
• jlegal obligations.

Yuzee may not control every technical retention setting used by third-party providers, but Yuzee aims to use providers in a way that supports Yuzee’s privacy and security obligations.

14.15 Clearing cookies and similar technologies

You can usually clear cookies and browser storage through your browser settings.

You may also be able to clear app data through your device settings.

If you clear cookies or similar technologies, this may:

• asign you out;
• bremove login state;
• cremove authentication tokens;
• dreset cookie choices;
• ereset notification preferences;
• fremove push notification tokens;
• ginterrupt registration flows;
• hinterrupt payment flows;
• iremove app settings;
• jremove feature preferences;
• krequire you to complete security checks again; or
• lrequire you to log in again.

Clearing local storage does not necessarily delete information already stored in Yuzee’s backend systems or third-party provider systems.

14.16 Review, deletion and de-identification

Yuzee aims to review cookies, similar technologies and related records from time to time.

Where personal information is no longer needed for the purpose for which it was collected, Yuzee aims to destroy or de-identify it where required and where lawful and reasonable to do so.

Yuzee may retain information longer where needed for:

• aaccount security;
• bfraud prevention;
• cpayment records;
• dlegal obligations;
• edispute handling;
• fcomplaint handling;
• gsupport records;
• hplatform integrity;
• itechnical troubleshooting;
• jincident response;
• kbackup or archival processes; or
• lother lawful purposes.

14.17 Changes to storage duration

Yuzee may update storage duration and retention practices if:

• aproviders change;
• bprovider settings change;
• claws change;
• dsecurity requirements change;
• epayment requirements change;
• fdiagnostics tools change;
• gapp features change;
• hbrowser or mobile operating system behaviour changes;
• icookie preference settings change;
• jplatform infrastructure changes; or
• kYuzee changes its retention settings.

If the change is important, Yuzee may update this Notice and notify users where appropriate.

14.18 Contact about retention

If you have questions about how long Yuzee keeps cookies, similar technologies or related records, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

15.1 Yuzee’s security approach

Yuzee takes the security of cookies and similar technologies seriously.

We use cookies and similar technologies to support login, account security, fraud prevention, payments, chat, notifications, diagnostics and platform reliability.

Some of these technologies may involve personal information if the information identifies you or can reasonably identify you.

Yuzee aims to take reasonable steps to protect information collected, stored or accessed through cookies and similar technologies.

15.2 Technical safeguards

Yuzee may use technical safeguards to protect cookies and similar technologies.

These safeguards may include:

• asecure login systems;
• bencrypted connections;
• csecure session management;
• dsecure authentication tokens;
• etoken expiry;
• flogout controls;
• gaccess controls;
• hprovider security controls;
• ifraud-prevention tools;
• jbot-prevention tools;
• ksecure payment processing;
• lerror-monitoring controls;
• mdiagnostic masking;
• nsensitive-field blocking;
• osession-replay controls;
• prestricted access to diagnostic tools;
• qmonitoring and logging;
• rsecure configuration review; and
• sother technical controls appropriate to the platform.

Yuzee may update technical safeguards as the platform, technology, security risks and legal requirements change.

15.3 Organisational safeguards

Yuzee may use organisational safeguards to protect information collected through cookies and similar technologies.

These safeguards may include:

• ainternal privacy and security procedures;
• brole-based staff access;
• climiting access to authorised personnel;
• dlimiting access to authorised service providers;
• estaff training where appropriate;
• fsupport procedures;
• gincident response procedures;
• hprivacy review processes;
• isecurity review processes;
• jprovider review processes;
• kconsent and preference management;
• lretention review;
• mdeletion or de-identification processes where appropriate; and
• nother organisational controls appropriate to the platform.

Yuzee aims to limit access to cookie, storage, diagnostic and technical information to people who need access for an authorised purpose.

15.4 Sensitive information safeguards

Yuzee is an education, career, pathway, chat, offer and support platform.

Because of this, some areas of Yuzee may involve personal or sensitive information.

This may include:

• aprofile information;
• beducation history;
• ccareer history;
• dresumes;
• ecertificates;
• fuploaded documents;
• gidentity information;
• hhealth information;
• idisability information;
• jmental health information;
• kfinancial hardship information;
• lvisa information;
• mwork-rights information;
• nchat content;
• oRMO records;
• poffer records;
• qapplication information;
• rcounselling or support information; and
• sother personal or sensitive information.

Yuzee aims to apply extra care to areas that may contain sensitive information.

15.5 Masking and blocking sensitive information

Yuzee aims to limit, mask or block sensitive information from optional analytics, diagnostics and session replay tools where possible.

This may include masking or blocking:

• apassword fields;
• bpayment fields;
• ccard details;
• didentity document areas;
• euploaded document areas;
• fhealth information;
• gdisability information;
• hfinancial hardship information;
• ivisa or work-rights information;
• jdetailed profile areas;
• kapplication forms;
• lchat content;
• mprivate messages;
• nRMO records;
• ooffer records;
• pcounselling or support notes;
• qsensitive user dashboards;
• radmin tools; and
• sother areas Yuzee reasonably considers sensitive.

Yuzee may use technical controls such as field masking, screen blocking, container blocking, text masking, input ignoring and sampling controls.

15.6 Session replay safeguards

Session replay and session diagnostics can be more sensitive than ordinary crash logs because they may show how a user moves through the website, web app or mobile app.

Yuzee aims to use safeguards for session replay and session diagnostics.

These safeguards may include:

• arequiring consent where required;
• bgiving users a way to manage optional diagnostics where available;
• cdisabling session replay by default where appropriate;
• dusing session replay only for approved diagnostic purposes;
• ereducing the sample rate where appropriate;
• fblocking sensitive screens;
• gmasking sensitive fields;
• hrestricting access to authorised personnel;
• ilimiting retention;
• jreviewing provider settings;
• kreviewing session replay configuration;
• lavoiding session replay in high-risk areas unless appropriately controlled; and
• musing internal test accounts or internal builds for testing where possible.

Yuzee does not use session replay for advertising.

Yuzee does not use session replay to sell advertising data.

15.7 Authentication and token safeguards

Yuzee may use authentication tokens, session cookies and similar technologies to keep accounts secure.

Yuzee aims to protect authentication and session technologies through safeguards such as:

• asecure authentication systems;
• bsecure login flows;
• csession expiry;
• dtoken expiry;
• erefresh controls;
• fsecure logout;
• gaccount access controls;
• hrole-based permissions;
• ifraud-prevention checks;
• jsuspicious activity review;
• ksecure API authorisation;
• lreducing unauthorised access risk; and
• mreplacing or expiring tokens where appropriate.

If authentication tokens are cleared, expired or invalidated, you may be signed out or asked to log in again.

15.8 Payment safeguards

Yuzee may use payment providers such as Stripe to process payments securely.

Payment-related technologies may support:

• apayment security;
• bpayment session management;
• cfraud prevention;
• dcard tokenisation;
• etransaction verification;
• freceipt support;
• grefund support;
• hdispute support; and
• ipayment-provider compliance.

Yuzee does not aim to store full payment card details through cookies or local storage.

Payment card details should be handled by the payment provider where payment features are used.

Yuzee aims to load payment-provider technologies only where they are needed for payment-related features.

15.9 Provider safeguards

Yuzee may use third-party providers to support login, security, payments, messaging, notifications, analytics, diagnostics and platform reliability.

Yuzee aims to work with providers that support appropriate security and privacy practices.

Provider safeguards may include:

• acontractual protections;
• bprivacy notices;
• cservice terms;
• ddata processing terms;
• eaccess controls;
• fencryption controls;
• gsecurity certifications where available;
• hretention settings;
• iincident response processes;
• jaudit or compliance information where available; and
• kprovider configuration controls.

Third-party providers may process information in accordance with their own privacy notices, service terms and data processing arrangements.

15.10 Access to technical and diagnostic information

Yuzee aims to limit access to technical and diagnostic information.

Access may be given only where needed for an authorised purpose, such as:

• aengineering;
• bproduct support;
• ctechnical support;
• dsecurity review;
• eprivacy review;
• fincident response;
• gbug fixing;
• hplatform reliability;
• icomplaint review;
• jpayment support;
• klegal or compliance review; and
• lother authorised platform purposes.

Yuzee should not allow general staff access to sensitive diagnostic or session replay information unless access is needed for their role.

15.11 Security incidents

Yuzee may investigate security, privacy or technical incidents involving cookies and similar technologies.

This may include incidents involving:

• aunauthorised access;
• bunauthorised disclosure;
• cunauthorised modification;
• dmisuse;
• eloss;
• finterference;
• gcredential exposure;
• hprovider misconfiguration;
• itoken exposure;
• jsession replay misconfiguration;
• kpayment security issues;
• lnotification token issues;
• msuspicious activity;
• nfraud; or
• oother security concerns.

Yuzee may take steps such as restricting access, disabling a tool, rotating credentials, changing settings, notifying affected users where required, notifying regulators where required, or taking other reasonable action.

15.12 Credential and token security

Yuzee aims to protect credentials, tokens and provider keys.

This may include:

• aavoiding hardcoded secrets where possible;
• busing secure configuration management;
• cusing environment variables or secret-management systems;
• drotating exposed credentials;
• elimiting access to provider accounts;
• freviewing provider permissions;
• gmonitoring suspicious activity;
• hrestricting production credentials;
• iseparating test and production environments; and
• jreviewing security settings from time to time.

If Yuzee identifies a credential exposure risk, Yuzee may rotate the credential and update the relevant systems.

15.13 Data minimisation

Yuzee aims to limit cookies and similar technologies to what is reasonably needed for the relevant purpose.

This may include limiting:

• awhat information is stored;
• bhow long information is kept;
• cwho can access information;
• dwhich providers receive information;
• ewhich screens are included in diagnostics;
• fwhether session replay is active;
• ghow often session replay is used;
• hwhether sensitive fields are masked;
• iwhether optional tools load before choice; and
• jwhether inactive tools remain disabled.

Yuzee aims not to collect more information through cookies and similar technologies than is reasonably needed for the relevant purpose.

15.14 User safeguards

You can help protect your Yuzee account and device.

You should:

• akeep your password secure;
• bavoid sharing your account;
• clog out on shared devices;
• dkeep your browser and device updated;
• euse trusted devices where possible;
• favoid saving passwords on public devices;
• gclear cookies and storage on shared devices where appropriate;
• hbe careful with suspicious links or messages;
• iuse device security features where available;
• jreport suspicious account activity; and
• kcontact Yuzee if you believe your account or information may be at risk.

Yuzee is not responsible for security risks caused by a user sharing account access, losing device control, ignoring security warnings, or using compromised devices or networks.

15.15 No guarantee of complete security

Yuzee takes reasonable steps to protect information collected through cookies and similar technologies.

However, no website, app, network, device, provider, storage system or online service can be guaranteed to be completely secure.

Security risks may arise from:

• auser device compromise;
• bbrowser vulnerabilities;
• coperating system vulnerabilities;
• dnetwork attacks;
• ethird-party provider issues;
• fmalware;
• gphishing;
• haccount compromise;
• ilost or shared devices;
• jmisconfigured settings;
• khuman error;
• lunauthorised access; or
• mother events beyond Yuzee’s reasonable control.

Yuzee will continue to review and improve its security practices as the platform develops.

15.16 Changes to safeguards

Yuzee may update security and safeguard practices over time.

This may happen if Yuzee changes:

• asecurity tools;
• bauthentication systems;
• cpayment providers;
• dchat providers;
• ediagnostics providers;
• fanalytics settings;
• gsession replay settings;
• hmasking controls;
• iconsent settings;
• jmobile app features;
• kwebsite features;
• lprovider contracts;
• mlegal requirements; or
• nsecurity risks.

If the change is important, Yuzee may update this Notice and notify users where appropriate.

15.17 Contact about security and safeguards

If you have questions about Yuzee’s cookie, storage, diagnostic or security safeguards, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

16.1 Australian operator

Yuzee is owned and operated by FRESH FUTURES AUSTRALIA PTY LTD (ABN 61 165 988 198), Queensland 4006, Australia.

Yuzee is operated from Australia.

This Notice is written for Yuzee users, visitors, institutions, companies, employers, partners and other platform users in Australia and other locations where Yuzee may be accessed.

16.2 Third-party processing

Yuzee may use third-party providers to help deliver, secure and improve the platform.

These providers may support:

• alogin;
• bauthentication;
• caccount security;
• dfraud and bot prevention;
• epayment processing;
• fchat;
• gmessaging;
• hpush notifications;
• icrash reporting;
• jerror monitoring;
• ksession diagnostics;
• ltechnical support;
• mplatform hosting;
• nplatform reliability; and
• oother platform functions.

Some third-party providers may process, store, access or transfer information outside Australia.

16.3 Why overseas processing may happen

Overseas processing may happen because many technology providers operate global systems, servers, support teams, security systems and infrastructure.

This may apply to providers used for:

• aauthentication;
• bcloud services;
• cpayment processing;
• dfraud prevention;
• ebot prevention;
• fchat;
• gmessaging;
• hpush notifications;
• icrash reporting;
• jerror monitoring;
• kdiagnostics;
• lsecurity review;
• mincident response; and
• nsupport.

Overseas processing may also occur if a provider stores data in another country, accesses data from another country, uses subcontractors outside Australia or routes technical information through global systems.

16.4 What information may be processed overseas

Information processed overseas may depend on the provider, feature and user settings.

It may include:

• aaccount identifiers;
• bauthentication tokens;
• csession identifiers;
• ddevice information;
• ebrowser information;
• fapp version information;
• gnotification tokens;
• hchat or messaging technical information;
• ipayment-related technical information;
• jfraud-prevention information;
• ksecurity-check information;
• lcrash logs;
• merror reports;
• ndiagnostics information;
• osession diagnostic information where enabled;
• psupport-related technical information; and
• qother information needed to provide the relevant service.

Some of this information may be personal information if it identifies you or can reasonably identify you.

16.5 Yuzee’s approach to overseas providers

Yuzee aims to take reasonable steps when using overseas providers that may process personal information.

These steps may include:

• ausing reputable providers;
• breviewing provider privacy information;
• creviewing provider security information;
• dusing contractual terms where appropriate;
• eusing data processing terms where appropriate;
• fusing access controls;
• gconfiguring provider settings;
• hlimiting the information sent to providers where possible;
• ilimiting access to authorised users;
• jreviewing retention settings;
• kusing masking, blocking or minimisation where appropriate;
• lreviewing security and privacy settings; and
• mupdating this Notice where appropriate.

Yuzee may rely on third-party providers to provide important platform functions, but Yuzee aims to use those providers in a way that supports privacy and security.

16.6 Provider privacy notices and terms

Third-party providers may process information in accordance with their own privacy notices, service terms, security practices and data processing arrangements.

Yuzee may provide links to provider privacy notices through:

• athis Notice;
• bthe Privacy Policy;
• ca cookie preference centre;
• dthe website footer;
• eaccount settings;
• fapp settings; or
• ga help centre article.

Provider privacy notices may explain where the provider processes information, what information it processes, how long it keeps information and what rights or choices may apply.

16.7 Countries and regions

Yuzee may not always know in advance every country or region where a third-party provider may process, store or access information.

This may depend on:

• aprovider infrastructure;
• bprovider account settings;
• chosting regions;
• dbackup systems;
• esupport access;
• fsecurity monitoring;
• gsubcontractors;
• hpayment processing systems;
• imessaging systems;
• jnotification systems;
• kdiagnostics systems; and
• llegal or operational requirements.

Yuzee should not publish a fixed list of countries unless the list has been confirmed and can be kept up to date.

Where Yuzee publishes country or region information, Yuzee may update that information if providers, settings or infrastructure change.

16.8 International users

Yuzee may be accessed by users outside Australia.

If you access Yuzee from outside Australia, your information may be processed in Australia and may also be processed by third-party providers in other countries.

The privacy laws that apply to you may depend on:

• awhere you are located;
• bwhere Yuzee operates;
• cwhere the relevant provider operates;
• dthe type of information involved;
• ethe feature you use;
• fthe reason information is processed;
• gyour cookie and privacy choices; and
• happlicable law.

Users outside Australia may have additional rights depending on their location.

16.9 EU and UK users

If Yuzee is used by people in the European Union or United Kingdom, additional privacy and electronic communications rules may apply.

These rules may require clearer consent for some non-essential cookies and similar technologies.

This may include optional technologies such as:

• aanalytics;
• bdiagnostics;
• csession replay;
• dperformance monitoring;
• eadvertising technologies if introduced; and
• fsimilar technologies that store or access information on a device.

Where required, Yuzee should provide clear information and obtain appropriate consent before activating non-essential technologies.

16.10 Sensitive information and international processing

Yuzee may involve personal or sensitive information because it is an education, career, pathway, chat, offer and support platform.

Sensitive information may include:

• aidentity documents;
• buploaded documents;
• cresumes;
• dtranscripts;
• ecertificates;
• fhealth information;
• gdisability information;
• hmental health information;
• ifinancial hardship information;
• jvisa information;
• kwork-rights information;
• lchat content;
• mRMO records;
• noffer records;
• oapplication information;
• pcounselling or support information; and
• qother personal or sensitive information.

Yuzee aims to take extra care where third-party processing may involve personal or sensitive information.

Yuzee aims to limit, mask, block or minimise sensitive information sent to analytics, diagnostics and session replay providers where possible.

16.11 Service providers and subprocessors

Some third-party providers may use subprocessors to help provide their services.

Subprocessors may support:

• ahosting;
• bcloud infrastructure;
• cdata storage;
• dsecurity monitoring;
• epayment processing;
• fsupport;
• ganalytics;
• hdiagnostics;
• icommunications;
• jmessaging;
• kfraud prevention; and
• lother provider functions.

Yuzee may not directly control every subprocessor used by a provider, but Yuzee aims to use providers whose terms, privacy practices and security practices are appropriate for the relevant service.

16.12 Cross-border handling and Yuzee’s Privacy Policy

This Notice explains how cookies and similar technologies may involve third-party processing and overseas processing.

Yuzee’s Privacy Policy explains more about:

• ahow Yuzee collects personal information;
• bhow Yuzee uses personal information;
• chow Yuzee discloses personal information;
• doverseas disclosure and service providers;
• euser privacy rights;
• faccess and correction;
• gcomplaints; and
• hdata security.

This Notice should be read together with Yuzee’s Privacy Policy.

16.13 Provider changes

Yuzee may add, remove, replace or change third-party providers over time.

This may happen if Yuzee changes:

• aauthentication providers;
• bpayment providers;
• cfraud-prevention providers;
• dmessaging providers;
• echat providers;
• fnotification providers;
• ganalytics providers;
• hdiagnostics providers;
• ihosting providers;
• jsecurity providers;
• ksupport providers;
• lmobile app providers; or
• mwebsite providers.

If the change is important, Yuzee may update this Notice and notify users where appropriate.

16.14 No guarantee of same laws in every country

Privacy, data protection, electronic communications and government-access laws may differ between countries.

Information processed outside Australia may be subject to the laws of the country where it is processed.

Yuzee aims to take reasonable steps when using overseas providers, but laws and provider obligations may vary between jurisdictions.

16.15 Questions about international processing

If you have questions about international processing, third-party providers or overseas handling of information collected through cookies and similar technologies, you can contact us at:

[insert privacy contact email]

You can also read our Privacy Policy at:

17.1 Extra care

Yuzee may be used by students, young users, parents, guardians, schools, education providers, job seekers, career users and people who may need extra support.

Yuzee aims to take extra care where cookies and similar technologies may affect children, young users or vulnerable users.

This includes extra care around:

• apersonal information;
• bsensitive information;
• caccount security;
• dauthentication tokens;
• epush notifications;
• fchat and messaging technologies;
• gdiagnostic tools;
• hsession replay;
• iuploaded documents;
• joffer information;
• kRMO information;
• lsupport information; and
• mprivacy and cookie choices.

17.2 Who this section is about

In this section, “children, young users and vulnerable users” may include:

• ausers under 18;
• bschool students;
• cyoung job seekers;
• dyoung people exploring study, training or career pathways;
• eusers whose parent or guardian helps manage their account;
• fusers accessing Yuzee through a school, institution or partner;
• gusers with disability;
• husers with health or support needs;
• iusers experiencing financial hardship;
• jusers with visa or work-rights issues;
• kusers receiving counselling-style support or pathway support;
• lusers with limited digital literacy;
• musers who may be at risk of pressure, scams or exploitation; and
• nother users who may reasonably need extra care.

17.3 Minimal and appropriate use

Yuzee aims to use cookies and similar technologies in a way that is reasonable and appropriate for the platform.

For children, young users and vulnerable users, Yuzee aims to avoid collecting more information than is reasonably needed for the relevant purpose.

Cookies and similar technologies should be used to support purposes such as:

• asecure login;
• baccount protection;
• cfraud and bot prevention;
• dcore platform operation;
• echat and messaging where used;
• fnotifications where allowed;
• gpayment support where relevant;
• htechnical troubleshooting;
• isafety and security;
• jsupport; and
• kplatform reliability.

Yuzee does not currently use advertising cookies or cross-site advertising trackers.

17.4 No advertising tracking currently

Yuzee does not currently use advertising cookies or cross-site advertising trackers.

Yuzee does not currently use cookies to follow users across unrelated websites for advertising.

Yuzee should not use children’s or young users’ personal information, education information, support information, sensitive information, chat information, RMO information or offer information for advertising targeting.

If Yuzee introduces advertising technologies in the future, Yuzee should update this Notice and provide choices where required.

17.5 Sensitive information and extra care

Yuzee may involve information that needs extra care.

This may include:

• aidentity documents;
• buploaded documents;
• cresumes;
• dtranscripts;
• ecertificates;
• fhealth information;
• gdisability information;
• hmental health information;
• ifinancial hardship information;
• jvisa information;
• kwork-rights information;
• leducation history;
• mcareer history;
• nchat content;
• oRMO records;
• poffer records;
• qapplication information;
• rcounselling or support information; and
• sother personal or sensitive information.

Yuzee aims to limit, mask, block or minimise sensitive information from optional analytics, diagnostics and session replay tools where possible.

17.6 Session replay and young or vulnerable users

Session replay and session diagnostics may be more sensitive than ordinary technical logs because they may show how a user moves through the website, web app or mobile app.

Yuzee should take extra care before using session replay or session diagnostics in areas used by children, young users or vulnerable users.

Yuzee aims to avoid or restrict session replay in areas that may contain:

• aprivate profile information;
• buploaded documents;
• cidentity information;
• dpayment information;
• ehealth information;
• fdisability information;
• gfinancial hardship information;
• hvisa or work-rights information;
• ichat content;
• jRMO records;
• koffer records;
• lapplication information;
• mcounselling or support information;
• nyoung-user account information; and
• oschool or parent/guardian-related information.

Where session replay is optional, Yuzee should provide a way to accept, reject or manage it.

17.7 Notifications to young or vulnerable users

Yuzee may send push notifications, in-app notifications, emails or other messages where permitted.

For young or vulnerable users, Yuzee aims to ensure notifications are appropriate, relevant and not unnecessarily pressuring.

Notifications may relate to:

• aaccount security;
• blogin activity;
• cmessages;
• doffer updates;
• eRMO updates;
• fapplication updates;
• gsupport updates;
• hreminders;
• iprivacy notices;
• jpayment notices where relevant; and
• kother platform-related matters.

Yuzee should avoid using notification technologies in a way that unfairly pressures young or vulnerable users to make rushed education, career, payment, offer or application decisions.

17.8 Parent, guardian or school involvement

Some young users may use Yuzee with the involvement of a parent, guardian, school, institution or authorised representative.

Where relevant, Yuzee may provide information or settings that help parents, guardians or authorised representatives understand how cookies and similar technologies are used.

This may include information about:

• alogin;
• baccount security;
• cnotifications;
• dprivacy settings;
• ecookie choices;
• fcommunication settings;
• gdocument uploads;
• hsupport features;
• ioffer features; and
• jhow to contact Yuzee with questions.

Yuzee may apply different account, consent, access or communication settings depending on the user type, age, account structure, institution relationship or legal requirements.

17.9 School, institution and partner accounts

If a user accesses Yuzee through a school, institution, company, employer or partner, some cookies and similar technologies may support organisation-related features.

These may include:

• aaccount access;
• bdashboard access;
• cuser role management;
• dmessaging;
• eoffer workflows;
• fnotification settings;
• greporting tools;
• hsupport features;
• isecurity controls; and
• jplatform administration.

Organisation users must handle young-user and vulnerable-user information responsibly and in accordance with Yuzee’s Terms, Privacy Policy, Community Guidelines and applicable law.

17.10 Accessibility and clear information

Yuzee aims to make cookie and privacy information clear and accessible.

This is especially important for children, young users, vulnerable users and users with limited digital literacy.

Yuzee aims to use plain language where possible and avoid unnecessary technical or legal jargon.

Yuzee may provide privacy and cookie information through:

• athis Notice;
• bthe Privacy Policy;
• ccookie banners;
• dpreference centres;
• eaccount settings;
• fapp settings;
• ghelp centre content;
• honboarding screens;
• iparent or guardian information where relevant; and
• jsupport communications.

17.11 Reporting concerns

Users, parents, guardians, schools, institutions, organisations and partners may contact Yuzee if they have concerns about cookies, similar technologies, privacy settings, notifications, diagnostics or session replay.

Concerns may include:

• aunwanted notifications;
• bunclear cookie choices;
• cconcern about diagnostic tools;
• dconcern about session replay;
• econcern about sensitive information;
• fconcern about young-user information;
• gconcern about account access;
• hconcern about chat or messaging technologies;
• iconcern about documents or uploads;
• jconcern about marketing or communications; or
• kconcern about a third-party provider.