Privacy

Privacy Policy

This Policy explains what information Yuzee collects, how and why we use it, when we share it, how we keep it secure, and the choices and control you have over your own data — across study, skills, work and pathway services.

Fresh Futures Australia Pty LtdABN 61 165 988 198Compliant with the Privacy Act 1988 (Cth)

In plain terms

We collect the information needed to help you plan pathways and connect with institutions, employers and partners. We use it to personalise and improve the service, we protect it, and we don't sell it. You can access, correct, control and ask us to delete your information.

This Policy works alongside our Terms & Conditions, Community Guidelines, and any Collection Notice or consent shown to you when we collect information. Where a document gives you greater privacy protection, that protection applies.

Introduction and Privacy Commitment

1.1 About this Privacy Policy

This Privacy Policy explains how Yuzee collects, holds, uses, discloses, stores, protects and manages personal information.

It applies when you use or interact with Yuzee, including through our website, app, platform, AI features, matching tools, Request Multiple Offers features, dashboards, support channels, communications, paid services and related services.

This Privacy Policy is intended to help you understand:

awhat information Yuzee collects;
bhow Yuzee collects information;
cwhy Yuzee uses information;
dhow Yuzee may use AI, automation and data to personalise guidance;
ewhen Yuzee may share information;
fhow Yuzee protects information;
ghow long Yuzee may keep information;
hhow you can access or correct your information;
ihow you can contact Yuzee about privacy questions or complaints; and
jhow you can stay in control of your information and decisions.

1.2 Who we are

Yuzee is a platform that helps people explore study, training, career, job, pathway and service options.

Yuzee may provide tools and services such as:

aprofile creation;
bpersonalised guidance;
cAI-supported guidance;
dcourse matching;
ejob matching;
fskills matching;
gpathway recommendations;
hsuitability indicators;
idocument review;
jRequest Multiple Offers support;
koffer request support;
linstitution, employer and partner connections;
mcounselling-style support;
ndashboards and reporting for organisations; and
orelated platform services.

Yuzee’s legal details are:

Legal entity: ActiveFRESH FUTURES AUSTRALIA PTY LTD
Trading name: Yuzee
ABN/ACN: 61 165 988 198
Website: www.yuzee.com
App: Yuzee App Store
Registered office: ActiveFRESH FUTURES AUSTRALIA PTY LTD, 4006 QLD
Privacy contact: info@yuzee.com

1.3 Our privacy commitment

Yuzee uses information to make the Platform more personalised, useful, safe and relevant.

We may use information to help understand your goals, mission, preferences, education history, work history, skills, location, interests, documents, support needs and possible pathway options.

We may also use information, AI, automation, data analysis, research and human review to improve matching, recommendations, Request Multiple Offers support, service quality, platform safety and user experience.

Yuzee is committed to taking reasonable steps to protect personal information and to manage it in a transparent and responsible way.

Yuzee will handle personal information in accordance with this Privacy Policy, applicable Collection Notices, consent notices, our Terms and Conditions and applicable privacy laws.

1.4 Plain-English summary

In simple terms:

aYuzee uses your information to provide and improve personalised guidance;
bYuzee may use AI and automation to help analyse information and support recommendations;
cYuzee may build an internal Yuzee profile to help personalise your experience;
dYuzee may use course, job, skills, labour market, location, public, government, global, partner and third-party data to support matching and guidance;
eYuzee may use your information to support Request Multiple Offers where you choose to use that feature;
fYuzee may share information with institutions, employers, partners, service providers or AI providers where needed to provide the Platform, where you approve it, where our policies allow it, or where the law permits or requires it;
gYuzee does not sell your personal information;
hYuzee uses safeguards to help protect your information;
iyou can contact Yuzee to ask questions, request access or correction, or raise a privacy concern; and
jyou remain responsible for reviewing information and making your own final decisions.

1.5 AI, data and user control

Yuzee may use AI, automation, prompts, data analysis, matching systems, forecasting tools, recommendation systems and human support to help provide personalised guidance.

These tools may help Yuzee:

aunderstand your goals;
bsuggest possible courses, jobs, services or pathways;
cidentify possible skills gaps;
dprepare guidance;
eprepare Request Multiple Offers support;
freview documents;
gidentify possible issues;
himprove data quality;
iimprove recommendations; and
jimprove the Platform over time.

AI, automation and personalised guidance are decision-support tools only.

Yuzee does not make final study, career, employment, migration, financial, legal, health, enrolment, funding or life decisions for you.

You remain in control of your information and final decisions.

You should review Yuzee’s guidance, check important details with official or relevant sources, and decide whether a course, job, offer, service or pathway is right for you.

1.6 Relationship with other Yuzee documents

This Privacy Policy should be read together with:

aYuzee’s Terms and Conditions;
bany Collection Notice shown when Yuzee collects information;
cany AI or data notice;
dany Request Multiple Offers consent notice;
eany document upload notice;
fany payment, subscription or refund terms;
gany cookie or tracking notice;
hany marketing consent notice;
iany organisation agreement; and
jany other product-specific notice or consent shown by Yuzee.

If a specific notice explains how particular information will be collected or used for a specific feature, that notice should be read together with this Privacy Policy.

1.7 Collection Notices and consent notices

Yuzee may provide shorter notices at the point where information is collected or used.

These may include notices for:

aaccount creation;
bprofile creation;
cdocument uploads;
dAI chats and prompts;
esensitive information;
fRequest Multiple Offers;
goffer requests;
hpayments;
imarketing communications;
jcookies and analytics;
kapp permissions;
lorganisation dashboards; and
mother product features.

These notices may explain what information is being collected, why it is needed, how it may be used, who it may be shared with and what choices you may have.

1.8 When this Privacy Policy applies

This Privacy Policy applies when you:

avisit the Yuzee website;
buse the Yuzee app;
ccreate or use a Yuzee account;
dcomplete a profile;
euse AI features;
fuse matching or recommendation tools;
gupload documents;
huse Request Multiple Offers;
irequest or receive offers;
jcommunicate with Yuzee;
kcontact support;
lmake a payment;
msubscribe to a paid service;
ninteract with Yuzee emails, SMS messages, calls or notifications;
ouse an organisation dashboard;
pact on behalf of an institution, employer or partner; or
qotherwise interact with Yuzee.

1.9 Information about other people

You should only provide personal information about another person if you have the right to do so.

For example, you should not upload documents, contact details, identity information, health information, disability information, employment information, education information or other personal information about another person unless you have their permission or another lawful basis.

If you provide information about another person, you must take reasonable steps to make sure they are aware of this Privacy Policy and how Yuzee may use their information.

1.10 Users outside Australia

Yuzee is operated from Australia.

If you access Yuzee from outside Australia, your information may be handled in Australia and may also be processed by service providers in other countries as described in this Privacy Policy.

Depending on where you are located, you may have additional rights under local privacy, data protection or consumer laws.

Yuzee may provide additional notices or processes where required by applicable law.

1.11 No guarantee of absolute security

Yuzee takes reasonable steps to protect personal information.

However, no online platform, app, website, AI tool, cloud service, communication system or internet transmission can be guaranteed to be completely secure.

You should also take reasonable steps to protect your account, password, email, phone, device, documents and communications.

If you believe your account or information may have been compromised, contact Yuzee promptly at:

Security contact: info@yuzee.com
Privacy contact: info@yuzee.com

1.12 Changes to this Privacy Policy

Yuzee may update this Privacy Policy from time to time.

We may update it because of changes to:

athe Platform;
bthe website;
cthe app;
dAI features;
ematching systems;
fRequest Multiple Offers;
gdata sources;
hpayment systems;
ithird-party providers;
jprivacy practices;
ksecurity practices;
llegal requirements; or
mbusiness operations.

The current version of this Privacy Policy will show the effective date or last updated date.

Where required by law or where reasonably appropriate, Yuzee may notify users of material changes by email, in-app notice, website notice, dashboard notice or another reasonable method.

1.13 Contact Yuzee about privacy

If you have questions about this Privacy Policy or how Yuzee handles personal information, contact:

Privacy contact: info@yuzee.com
Support contact: info@yuzee.com
Postal address: ActiveFRESH FUTURES AUSTRALIA PTY LTD, 4006 QLD

Yuzee may ask you to verify your identity before responding to privacy requests, access requests, correction requests or deletion requests.

Yuzee will respond to privacy requests and complaints within a reasonable time, subject to applicable law, verification requirements and the complexity of the request.

Scope of this Privacy Policy

2.1 Who this Privacy Policy applies to

This Privacy Policy applies to personal information Yuzee collects, holds, uses, discloses or otherwise handles about people who interact with Yuzee.

This may include:

awebsite visitors;
bapp users;
cpeople who create a Yuzee account;
dstudents;
eprospective students;
fjob seekers;
gcareer users;
hworkers exploring career change;
ipeople exploring study, training, employment or pathway options;
jpeople using AI guidance or matching tools;
kpeople using Request Multiple Offers;
lpeople requesting or receiving offers;
mfree users;
npaid users;
opeople using an RMO Review Pass or other paid service;
pparents, guardians or authorised representatives;
qchildren and young people, where permitted;
rinstitution staff;
semployer staff;
tpartner staff;
uorganisation administrators;
vorganisation billing contacts;
wsupport contacts;
xpeople who communicate with Yuzee by email, SMS, phone, chat, app notification, web form or other channel;
ypeople who appear in documents or information uploaded to Yuzee; and
zany other person whose personal information is provided to or processed by Yuzee.

2.2 What services this Privacy Policy covers

This Privacy Policy applies to Yuzee’s website, app, platform and related services.

This may include:

aaccount creation;
buser profiles;
cpersonalised guidance;
dAI-supported guidance;
eAI chat;
fprompts and AI outputs;
gcourse matching;
hjob matching;
iskills matching;
jpathway matching;
ksuitability indicators;
lrecommendation tools;
mdocument uploads;
ndocument review;
odocument summaries;
pRequest Multiple Offers;
qoffer request support;
rinstitution matching;
semployer matching;
tpartner matching;
ucounselling-style support;
vhuman review;
wsupport services;
xfree services;
ypaid services;
zsubscriptions;
aacredits;
abtop-ups;
acbilling and payment features;
adorganisation dashboards;
aeCRM tools;
afreporting and analytics;
agcommunications;
ahmarketing where permitted;
aisecurity and fraud-prevention tools; and
ajany other Yuzee service, feature, product or workflow.

2.3 Individual users

If you use Yuzee as an individual, this Privacy Policy explains how Yuzee may handle your personal information when you:

acreate an account;
bcomplete or update your profile;
ctell Yuzee about your goals, mission, preferences, education, work experience, skills or interests;
duse AI guidance;
euse course, job, skills or pathway matching;
fupload documents;
greceive recommendations;
hrequest RMO support;
irequest offers;
jcommunicate with institutions, employers or partners through Yuzee;
kuse free services;
luse paid services;
mcontact support;
nreceive communications from Yuzee; or
ootherwise use or interact with the Platform.

Yuzee uses this information to provide, personalise, operate, protect and improve the Platform.

2.4 Organisation users

If you use Yuzee on behalf of an institution, employer, partner or other organisation, this Privacy Policy explains how Yuzee may handle personal information about you and your organisation’s staff.

This may include information about:

aorganisation owners;
borganisation administrators;
cstaff users;
dbilling contacts;
elegal contacts;
fsupport contacts;
grecruiters;
hadmissions staff;
icourse representatives;
jemployer representatives;
kpartner representatives;
laccount activity;
mdashboard usage;
nCRM activity;
ooffer actions;
pcommunications;
qbilling and payment records; and
rsupport records.

Organisations are responsible for ensuring that staff users are authorised to use Yuzee and that any personal information provided to Yuzee is provided lawfully.

2.5 Institutions, employers and partners

This Privacy Policy applies when institutions, employers, partners or their staff interact with Yuzee.

This may include when they:

acreate or manage an organisation account;
bprovide organisation profile information;
cprovide course information;
dprovide job information;
eprovide offer information;
freceive RMO requests;
grespond to users;
haccess dashboards;
iuse CRM tools;
juse reporting tools;
kmanage staff access;
lmanage subscriptions, credits or billing;
mcontact Yuzee support; or
notherwise use Yuzee.

Institutions, employers and partners may also have their own privacy obligations to users. Yuzee is not responsible for an organisation’s separate handling of personal information except to the extent required by law or expressly agreed in writing.

2.6 Parents, guardians and authorised representatives

This Privacy Policy may apply to parents, guardians or authorised representatives where they interact with Yuzee on behalf of a user.

This may include where a parent, guardian or authorised representative:

aprovides consent;
bsupports account creation;
chelps a young person use Yuzee;
dcommunicates with Yuzee;
eprovides documents;
fassists with RMO;
gassists with offer requests;
hasks privacy questions;
imakes access or correction requests; or
jraises a complaint.

Yuzee may ask for information to verify authority before discussing or changing another person’s information.

2.7 Children and young people

This Privacy Policy applies to personal information about children and young people where Yuzee collects, holds, uses or discloses that information.

Yuzee may apply additional care when handling information about children and young people.

Where required or appropriate, Yuzee may ask for parent, guardian, school, institution or organisation involvement.

More information about children and young people is set out in the section of this Privacy Policy dealing with children and young people.

2.8 Website visitors

This Privacy Policy applies to people who visit Yuzee’s website, even if they do not create an account.

Yuzee may collect information about website visitors, including:

apages viewed;
blinks clicked;
cdevice information;
dbrowser information;
eIP address;
fapproximate location;
gcookie information;
hanalytics events;
ireferral information;
jmarketing attribution information;
ksecurity logs; and
lcontact form information, where submitted.

This information may be used to operate the website, improve the Platform, understand user interest, manage security, analyse performance and support marketing where permitted.

2.9 App users

This Privacy Policy applies to people who download, install, access or use the Yuzee app.

Yuzee may collect information about app users, including:

aaccount information;
bapp activity;
cdevice information;
dapp version;
eoperating system;
fpush notification settings;
gcrash logs;
hperformance data;
iusage events;
jsecurity logs;
klocation-related information where permitted; and
lapp-store purchase or subscription information where applicable.

App stores, operating systems and device providers may also collect or process information under their own privacy policies.

2.10 AI, prompts and automated tools

This Privacy Policy applies when you use Yuzee’s AI features, prompts, chat tools, document review tools, matching tools, recommendation tools, forecasting tools, issue-detection tools or other automated features.

Yuzee may process:

aprompts;
bchat messages;
cdocuments;
duser profile information;
ecourse information;
fjob information;
gskills information;
hpathway information;
iRMO information;
jAI outputs;
kusage records;
lfeedback;
merror logs;
nquality signals; and
orelated metadata.

Yuzee uses AI and automated tools to support personalised guidance, not to replace user judgment or make final high-impact decisions for users unless Yuzee expressly states otherwise.

2.11 Request Multiple Offers and offer workflows

This Privacy Policy applies when you use Request Multiple Offers, offer request features or related support workflows.

Yuzee may collect, use and share information to:

aprepare RMO requests;
bunderstand user goals and preferences;
cidentify relevant institutions, employers or partners;
dprepare or support offer requests;
eshare approved information with relevant organisations;
freceive responses;
gtrack offer activity;
hprovide user support;
imanage paid RMO services;
jimprove RMO workflows; and
kkeep records for support, compliance, billing, audit, fraud prevention and dispute purposes.

Yuzee may provide additional RMO notices or consent screens explaining what information may be shared and with whom.

2.12 Paid services, subscriptions and payments

This Privacy Policy applies when you purchase, subscribe to or use paid services.

Yuzee may handle information related to:

aplans;
bsubscriptions;
cRMO Review Passes;
dcredits;
etop-ups;
finvoices;
greceipts;
hpayment status;
irefunds;
jfailed payments;
kdisputes;
lapp-store purchases;
mpayment-provider references;
nentitlement records; and
obilling support.

Payment providers, app stores, banks and card networks may also handle payment information under their own privacy policies and terms.

2.13 Communications with Yuzee

This Privacy Policy applies when you communicate with Yuzee.

This may include communications by:

aemail;
bSMS;
cphone;
din-app message;
epush notification;
fwebsite form;
gsupport ticket;
hchat;
idashboard message;
jsocial media message;
ksurvey;
lfeedback form; or
many other communication channel.

Yuzee may keep communication records for support, service delivery, quality assurance, dispute resolution, safety, security, legal compliance and platform improvement.

2.14 Information about other people

This Privacy Policy may apply where you provide Yuzee with information about another person.

This may happen if you:

aupload a document containing another person’s information;
bprovide parent or guardian details;
cprovide referee details;
dprovide emergency or support contact details;
eprovide staff user details;
fprovide organisation contact details;
gprovide applicant or candidate information;
hprovide information in a message or support request; or
iotherwise submit another person’s information to Yuzee.

You should only provide another person’s personal information if you have authority or a lawful basis to do so.

2.15 Third-party services and external websites

This Privacy Policy applies to Yuzee’s handling of personal information.

It does not control the separate privacy practices of third parties, including:

ainstitutions;
bemployers;
cpartners;
dapp stores;
epayment providers;
fbanks;
gcard networks;
hAI providers;
icloud providers;
janalytics providers;
kcommunication providers;
lsupport tools;
mexternal websites;
ngovernment websites;
oregulators; or
pother third-party services.

Third parties may have their own privacy policies, collection notices, terms, data practices, security practices and complaint processes.

You should review the relevant third-party privacy policy before using a third-party service or providing information to a third party.

2.16 De-identified and aggregated information

This Privacy Policy mainly applies to personal information.

Yuzee may also use de-identified or aggregated information where individuals are not reasonably identifiable.

Yuzee may use de-identified or aggregated information for purposes such as:

aanalytics;
breporting;
cbenchmarking;
dresearch and development;
eproduct improvement;
fAI evaluation;
gdata quality improvement;
hplatform safety;
imarket insights;
jinstitution or employer insights;
kservice planning; and
lbusiness operations.

Yuzee will take reasonable steps to reduce the risk of re-identification where de-identified or aggregated information is used.

2.17 When this Privacy Policy does not apply

This Privacy Policy does not apply to:

apersonal information handled independently by third parties outside Yuzee’s control;
bexternal websites linked from Yuzee;
capp-store privacy practices;
dpayment-provider privacy practices;
einstitution or employer privacy practices outside Yuzee;
finformation that is not personal information because it does not identify and cannot reasonably identify a person; or
gother situations where Yuzee is not collecting, holding, using or disclosing personal information.

Where a third party separately collects or handles personal information, that third party’s own privacy policy and terms may apply.

2.18 Additional rights for some users

Some users may have additional privacy or data protection rights depending on where they are located, their relationship with Yuzee, the nature of the information, or the law that applies.

Yuzee may provide additional notices, forms, processes or rights where required by applicable law.

Nothing in this Privacy Policy is intended to limit rights that cannot lawfully be excluded, restricted or modified.

Key Definitions

3.1 Why these definitions matter

This section explains key words used in this Privacy Policy.

Some words may also be defined in Yuzee’s Terms and Conditions. If a word is not defined in this Privacy Policy, it may have the meaning given in the Terms and Conditions, unless the context requires otherwise.

These definitions are intended to make this Privacy Policy easier to understand.

3.2 Personal information

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Personal information may include information that directly identifies you, such as your name or email address.

It may also include information that could identify you when combined with other information, such as your location, education history, work history, documents, profile details, device information, account activity or support records.

Examples of personal information Yuzee may handle include:

aname;
bemail address;
cphone number;
daccount details;
elocation;
fage or age range;
geducation history;
hwork history;
iskills;
jgoals;
kpreferences;
luploaded documents;
mAI prompts and chat messages;
nRMO information;
opayment and subscription records;
psupport communications;
qdevice information;
rusage activity; and
sother information that identifies or could reasonably identify a person.

3.3 Sensitive information

Sensitive information is a special category of personal information that may require extra care.

Sensitive information may include information about:

ahealth;
bdisability;
cmedical conditions;
dNDIS-related information;
eracial or ethnic origin;
freligious beliefs;
gpolitical opinions;
hphilosophical beliefs;
isexual orientation;
junion membership;
kcriminal record;
lbiometric information;
mgenetic information;
ngovernment identifiers;
ofinancial hardship;
pvisa or migration circumstances;
qfamily circumstances;
rcounselling-style notes; and
sother information treated as sensitive under applicable law.

Yuzee may collect or use sensitive information only where it is relevant to a service, provided by the user, permitted by law, consented to where required, or otherwise handled in accordance with this Privacy Policy and applicable law.

3.4 User

A user means a person who accesses, uses or interacts with Yuzee.

A user may include:

aa website visitor;
ban app user;
ca person who creates an account;
da student;
ea prospective student;
fa job seeker;
ga career user;
ha worker exploring career change;
ia person exploring study, training, employment or pathway options;
ja person using AI guidance;
ka person using RMO;
la free user;
ma paid user;
na parent, guardian or authorised representative;
oan organisation staff user;
pan institution user;
qan employer user;
ra partner user; or
sany other person who interacts with Yuzee.

3.5 Individual user

An individual user means a person who uses Yuzee for personal, study, training, career, job, pathway, RMO, offer request, support or related purposes.

Individual users may include students, prospective students, job seekers, workers, graduates, career changers, parents, guardians and other people exploring options through Yuzee.

3.6 Organisation user

An organisation user means a person who uses Yuzee on behalf of an institution, employer, partner or other organisation.

Organisation users may include staff, administrators, owners, recruiters, admissions staff, billing contacts, support contacts, legal contacts, course representatives, employer representatives and partner representatives.

3.7 Organisation

Organisation means an institution, employer, partner, company, business, education provider, training provider, school, university, TAFE, RTO, private college, recruitment organisation, placement provider, service provider, community organisation, government-related organisation or other entity that uses or interacts with Yuzee.

3.8 Institution

Institution means an education or training provider, including a school, registered training organisation, TAFE, university, private college, short-course provider, pathway provider or other education-related organisation.

3.9 Employer

Employer means a business, company, organisation, recruiter, hiring organisation, placement host or other entity that may provide job, employment, internship, placement, apprenticeship, traineeship, work experience or career-related opportunities.

3.10 Partner

Partner means an organisation or service provider that works with, connects with, integrates with, refers to, receives referrals from, supports or provides services through or in connection with Yuzee.

A Partner may include education, employment, support, funding, community, technology, analytics, marketing, service, referral or other partner organisations.

3.11 Yuzee profile

A Yuzee profile means an internal profile Yuzee creates or maintains to help personalise the Platform.

A Yuzee profile may include information such as:

auser goals;
buser mission;
ceducation history;
dwork history;
eskills;
finterests;
gpreferences;
hlocation;
idocuments;
jAI interactions;
kcourse interests;
ljob interests;
msupport needs;
nRMO activity;
ooffer request activity;
psuitability indicators;
qpossible service needs;
rissue indicators;
splatform activity; and
tother information relevant to providing Yuzee’s services.

Yuzee profiles are used to provide personalised guidance and decision-support. They do not remove user choice or make final decisions for users.

3.12 AI Features

AI Features means Yuzee features that use artificial intelligence, large language models, machine learning, prompts, automation, matching systems, recommendation systems, forecasting tools, document analysis tools, summarisation tools or related technologies.

AI Features may include:

aAI chat;
bAI-supported guidance;
ccourse recommendations;
djob recommendations;
epathway recommendations;
fsuitability explanations;
gdocument review;
hdocument summaries;
iskills analysis;
jRMO preparation;
koffer request support;
lservice recommendations;
missue detection;
ndata quality checks;
osupport tools;
panalytics; and
qother AI-supported features Yuzee makes available.

3.13 AI provider

AI provider means a third-party provider that supplies AI models, AI APIs, AI infrastructure, machine learning services, automation tools or related technology used by Yuzee.

AI providers may include providers such as Google Gemini, Anthropic Claude, OpenAI/ChatGPT, xAI/Grok or other current or future providers.

AI providers may have their own terms, privacy practices, model behaviour, technical limits, data-handling practices and service availability.

3.14 Prompt

A prompt means a message, question, instruction, document, text, file, context, command or other input submitted to an AI Feature.

Prompts may be submitted by users, generated by Yuzee, created by Yuzee’s systems or used internally by Yuzee to support AI workflows.

Prompts may contain personal information if the user includes personal details, documents, messages, goals, preferences or other identifiable information.

3.15 AI output

AI output means text, summary, recommendation, explanation, classification, score, response, document review, pathway suggestion, match explanation, issue indicator, RMO summary or other output generated or supported by AI.

AI outputs are decision-support only. They may be incomplete, outdated, inaccurate or unsuitable for a user’s circumstances.

3.16 Matching

Matching means the process of comparing, analysing, ranking, suggesting or recommending possible courses, jobs, skills, pathways, institutions, employers, partners, services or opportunities.

Matching may use information from the user, Yuzee’s systems, AI Features, public data, third-party data, organisation data, documents, preferences and Yuzee’s own research and development.

Matching is intended to support better-informed decisions. It does not guarantee suitability, availability, acceptance, enrolment, employment or any other outcome.

3.17 Suitability indicator

A suitability indicator means a score, explanation, ranking, label, match reason, recommendation, warning, issue indicator or other signal generated by Yuzee to help users understand possible relevance or fit.

Suitability indicators are decision-support only. They are not guarantees and should be reviewed together with official information and user judgment.

3.18 Forecasting and prediction

Forecasting and prediction means using information, data analysis, AI, automation, research, models or matching systems to estimate possible pathways, service needs, opportunities, issues, suitability indicators or other future-facing insights.

Forecasts and predictions are estimates only. They are not final decisions, promises, guarantees or professional advice.

3.19 Decision-support

Decision-support means information, guidance, AI outputs, recommendations, matches, suitability indicators, document summaries, forecasts, explanations or support provided to help a user or organisation make a better-informed decision.

Decision-support does not mean Yuzee makes the final decision.

Users remain responsible for reviewing information, verifying important details and making their own final decisions.

3.20 Request Multiple Offers or RMO

Request Multiple Offers, or RMO, means a Yuzee feature or service that helps a user prepare, request, receive, compare or manage possible offers, responses or opportunities from institutions, employers or partners.

RMO may involve collecting, preparing, using or sharing information such as user profile details, preferences, documents, goals, course interests, job interests, location preferences, support needs and offer request information.

Yuzee may provide additional RMO consent notices or workflow notices before information is shared.

3.21 Offer

Offer means a response, invitation, proposed opportunity, admission offer, course offer, job opportunity, placement opportunity, service offer or other opportunity provided or communicated by an institution, employer, partner or other third party.

An Offer may be conditional, non-binding, subject to further checks, subject to availability, subject to eligibility or subject to the third party’s own terms.

Yuzee does not guarantee that a user will receive an Offer.

3.22 User Content

User Content means information, text, documents, messages, files, prompts, chats, feedback, profile information, uploads, preferences, goals, RMO information, offer request information or other content submitted, uploaded, provided or generated by or for a user through Yuzee.

User Content may include personal information and sensitive information.

3.23 Organisation Content

Organisation Content means information, documents, data, messages, profiles, course details, job details, employer details, partner details, offer details, staff details, billing details, dashboard activity or other content submitted, uploaded, provided or generated by or for an Organisation through Yuzee.

Organisation Content may include personal information about organisation staff, users, applicants, contacts or other individuals.

3.24 Third-party service provider

Third-party service provider means a third party that provides services to Yuzee or supports the operation of the Platform.

Third-party service providers may include:

aAI providers;
bcloud hosting providers;
cdata storage providers;
danalytics providers;
epayment providers;
fapp stores;
gemail providers;
hSMS providers;
iphone providers;
jsupport tools;
ksecurity providers;
lmonitoring providers;
mdatabase providers;
ninfrastructure providers;
omarketing tools;
pattribution tools; and
qother technology or service providers.

3.25 Third-party source

Third-party source means an external source of information that is not created solely by Yuzee.

Third-party sources may include:

ainstitutions;
bemployers;
cpartners;
dgovernment sources;
eABS data;
fpublic datasets;
gglobal datasets;
hregulator datasets;
ieducation datasets;
jlabour market datasets;
kpublic websites;
lcommercial datasets;
mlicensed datasets;
napp stores;
opayment providers;
pAI providers; and
qother external sources.

3.26 De-identified information

De-identified information means information that has been processed so that it no longer reasonably identifies an individual.

De-identification may involve removing, masking, aggregating, generalising, transforming or separating identifiers.

Yuzee may use de-identified information for analytics, research and development, product improvement, AI evaluation, reporting, benchmarking, data quality improvement and business operations.

Yuzee will take reasonable steps to reduce the risk that de-identified information is re-identified.

3.27 Aggregated information

Aggregated information means information combined with other information so that it is presented at a group, statistical, summary or trend level rather than as information about a specific identifiable person.

Aggregated information may be used for analytics, reporting, benchmarking, market insights, platform improvement, institution insights, employer insights, partner insights and research.

3.28 Cookies and tracking technologies

Cookies and tracking technologies means cookies, pixels, SDKs, local storage, device identifiers, analytics tags, tracking links and similar technologies used to support website, app, analytics, security, marketing, performance, personalisation or product improvement functions.

3.29 Consent

Consent means permission given by a person for Yuzee to collect, use, disclose or handle information for a particular purpose.

Consent may be express or implied, depending on the circumstances and applicable law.

Yuzee may ask for express consent for certain activities, such as handling sensitive information, sharing information for RMO, sending certain marketing communications, or using certain optional features.

3.30 Collection Notice

A Collection Notice means a short notice given when Yuzee collects information or before Yuzee uses information for a specific feature or purpose.

A Collection Notice may explain what information is collected, why it is collected, how it may be used, who it may be shared with and what choices the user has.

3.31 Privacy request

A privacy request means a request made to Yuzee about personal information.

Privacy requests may include requests to:

aaccess personal information;
bcorrect personal information;
cupdate account details;
ddelete certain information;
ewithdraw consent where available;
fchange communication preferences;
gask about data sharing;
hask about AI or profiling;
iraise a privacy concern; or
jmake a privacy complaint.

3.32 Data breach

A data breach means unauthorised access to, unauthorised disclosure of, or loss of personal information.

Yuzee will assess and respond to suspected data breaches in accordance with this Privacy Policy, applicable law and Yuzee’s internal incident response processes.

3.33 Overseas processing

Overseas processing means personal information being accessed, stored, processed, transmitted or handled outside Australia.

Overseas processing may occur where Yuzee uses third-party providers, AI providers, cloud providers, payment providers, analytics providers, support tools, app stores or other services that operate internationally.

3.34 User control

User control means that users can make choices about their use of Yuzee and their final decisions.

Depending on the feature and applicable law, user control may include the ability to:

aupdate profile information;
bcorrect inaccurate information;
cchoose whether to upload documents;
dchoose whether to use AI features;
echoose whether to use RMO;
freview information before it is shared;
gmanage communication preferences;
hask privacy questions;
irequest access or correction;
jmake complaints; and
kdecide whether to act on Yuzee’s guidance.

3.35 Platform

Platform means Yuzee’s website, app, software, AI tools, matching tools, RMO features, dashboards, support tools, payment features, communications, databases, APIs and related services.

What Information Yuzee Collects

4.1 Overview

Yuzee collects information to provide, personalise, operate, protect and improve the Platform.

The information Yuzee collects may depend on:

ahow you use Yuzee;
bwhether you use the website, app or both;
cwhether you create an account;
dwhether you use AI features;
ewhether you complete a profile;
fwhether you upload documents;
gwhether you use Request Multiple Offers;
hwhether you use free or paid services;
iwhether you act as an individual user;
jwhether you act on behalf of an Organisation;
kwhether you communicate with Yuzee;
lwhether you interact with institutions, employers or partners through Yuzee; and
mthe features, services or workflows you choose to use.

Yuzee may collect information directly from you, automatically through the Platform, from documents you upload, from Organisations, from third-party service providers, from public sources, from research sources and from Yuzee’s own analysis and systems.

Yuzee aims to collect information that is reasonably necessary for its services, platform operation, safety, compliance, support, research and improvement.

4.2 Account information

Yuzee may collect account information when you create, access, manage or use an account.

This may include:

aname;
bemail address;
cphone number;
dpassword or authentication information;
eaccount ID;
fuser type;
gaccount status;
hlogin history;
iverification status;
jaccount preferences;
knotification settings;
llanguage preferences;
msecurity settings;
nconsent records;
ocommunication preferences; and
pother information needed to create, manage or secure your account.

4.3 Contact information

Yuzee may collect contact information so we can communicate with you and provide the Platform.

This may include:

aemail address;
bphone number;
cpostal address, where relevant;
dsuburb;
ecity;
fstate or territory;
gcountry;
hpreferred contact method;
iemergency or support contact details, where provided;
jparent, guardian or authorised representative details, where relevant; and
korganisation contact details, where relevant.

4.4 Profile information

Yuzee may collect profile information to personalise guidance, matching, recommendations, support and user experience.

This may include:

agoals;
bmission;
cinterests;
dpreferences;
econstraints;
favailability;
geducation history;
hwork history;
iskills;
jstrengths;
kexperience;
lcareer interests;
mstudy interests;
njob interests;
opreferred industries;
ppreferred occupations;
qpreferred course types;
rpreferred job types;
spreferred locations;
trelocation preferences;
ubudget indicators;
vsupport needs;
wpathway preferences;
xcommunication preferences;
yservice preferences; and
zother information you provide or that Yuzee generates to personalise the Platform.

4.5 Education and training information

Yuzee may collect information about your education, training and learning background.

This may include:

aschools attended;
binstitutions attended;
cqualifications;
dcertificates;
ediplomas;
fdegrees;
gshort courses;
hunits or subjects studied;
itranscripts;
jgrades or results, where provided;
kcompleted training;
lcurrent study;
mintended study;
nprior learning;
orecognition of prior learning information;
pcredit transfer information;
qcourse interests;
rpreferred study level;
spreferred delivery mode;
tpreferred campus or location;
ufunding or subsidy interests;
vstudy barriers; and
wother education-related information relevant to Yuzee’s services.

4.6 Work, career and employment information

Yuzee may collect information about your work history, career goals and employment preferences.

This may include:

aresume information;
bemployment history;
cjob titles;
dindustries;
eemployers, where provided;
fwork experience;
gvolunteering experience;
hplacements or internships;
iapprenticeships or traineeships;
jskills;
klicences;
lregistrations;
mcertifications;
ncareer goals;
opreferred roles;
ppreferred industries;
qpreferred work locations;
rpreferred working arrangements;
savailability;
tsalary or wage expectations, where provided;
uwork rights indicators, where relevant;
vcareer transition information; and
wother employment or career-related information relevant to Yuzee’s services.

4.7 Skills, interests and pathway information

Yuzee may collect information about your skills, interests and possible pathway options.

This may include:

atechnical skills;
bsoft skills;
clanguage skills;
ddigital skills;
eindustry skills;
ftransferable skills;
gskills gaps;
hstrengths;
ilearning interests;
jcareer interests;
kstudy interests;
lpersonal interests;
mpathway preferences;
npathway goals;
orecommended pathways;
ppossible course-to-job pathways;
qpossible job-to-course pathways;
rpathway readiness indicators; and
sother information relevant to matching and guidance.

4.8 Location and relocation information

Yuzee may collect location-related information to support matching, guidance, cost-of-living estimates, course options, job options and relocation support.

This may include:

acountry;
bstate or territory;
ccity;
dsuburb;
epostcode;
fregion;
gpreferred study location;
hpreferred work location;
iwillingness to relocate;
jrelocation preferences;
ktransport preferences;
ldistance preferences;
mcampus preferences;
nremote or online study preferences;
oremote or hybrid work preferences;
pcost-of-living preferences;
qhousing or rent indicators, where provided; and
rother location-related information relevant to Yuzee’s services.

Yuzee may collect approximate location information from your device, IP address or account settings where permitted.

Yuzee will not intentionally collect precise GPS location unless the relevant feature requires it and Yuzee provides appropriate notice or consent controls.

4.9 Documents and uploaded files

Yuzee may collect documents and files you upload or provide.

This may include:

aresumes;
bcover letters;
ctranscripts;
dcertificates;
equalifications;
fportfolios;
gidentity-related documents;
hwork experience documents;
ireference letters;
jcourse application documents;
kjob application documents;
loffer documents;
minstitution documents;
nemployer documents;
opartner documents;
psupport documents;
qRMO documents;
rscreenshots;
simages; and
tother files you upload or provide.

Documents may contain personal information and sensitive information.

You should only upload documents that are relevant to the service you are using.

4.10 Information extracted from documents

Yuzee may use AI, automation, data extraction, human review or other tools to read, extract, summarise, classify or analyse information from uploaded documents.

This may include:

anames;
bcontact details;
ceducation history;
dqualifications;
eskills;
fwork history;
gdates;
hinstitutions;
iemployers;
jcourse names;
kjob titles;
lresults;
mdocument type;
ndocument status;
opossible missing information;
ppossible inconsistencies;
qpossible eligibility indicators;
rpossible RMO readiness indicators; and
sother information relevant to providing Yuzee’s services.

Yuzee may not always extract document information perfectly. Users should review important extracted information and tell Yuzee if something appears incorrect.

4.11 AI prompts, chats and outputs

Yuzee may collect information when you use AI features.

This may include:

aprompts;
bquestions;
cmessages;
dinstructions;
euploaded files used in AI features;
fprofile context used to support AI responses;
gAI chat history;
hAI outputs;
irecommendations;
jsummaries;
kexplanations;
lsuitability indicators;
mmatch reasons;
ndocument summaries;
oRMO summaries;
pfeedback on AI outputs;
qAI usage records;
rerror logs;
squality signals;
tmoderation signals; and
urelated metadata.

Yuzee may use this information to provide AI features, improve quality, detect issues, support users, manage safety, debug errors and improve the Platform.

4.12 Matching and recommendation information

Yuzee may collect and generate information to support course matching, job matching, skills matching, pathway matching and service recommendations.

This may include:

auser profile information;
bcourse preferences;
cjob preferences;
dlocation preferences;
epathway preferences;
fskills information;
geducation information;
hwork history;
idocuments;
jcourse data;
kjob data;
linstitution data;
memployer data;
npartner data;
opublic data;
pthird-party data;
qYuzee research and development;
rmatching scores;
ssuitability indicators;
tranking information;
umatch reasons;
vrecommendation history;
wuser feedback; and
xother information used to improve matching and recommendations.

4.13 RMO and offer request information

Yuzee may collect information when you use Request Multiple Offers, offer requests or related workflows.

This may include:

auser profile details;
bgoals;
cpreferences;
deducation history;
ework history;
fskills;
gdocuments;
hcourse interests;
ijob interests;
jpreferred institutions;
kpreferred employers;
lpreferred partners;
mlocation preferences;
nsupport needs;
ooffer request details;
pRMO readiness information;
qshared information records;
rconsent records;
sinstitutions, employers or partners contacted;
tresponses received;
uoffers received;
voffer conditions;
wsupport notes;
xcommunication records;
yRMO status; and
zrelated billing, payment or entitlement records where applicable.

Yuzee may provide additional RMO notices or consent screens before sharing information with institutions, employers or partners.

4.14 Payment, billing and subscription information

Yuzee may collect payment, billing and subscription information where you use paid services.

This may include:

aplan type;
bsubscription status;
cbilling contact details;
dinvoice details;
ereceipt details;
ftransaction IDs;
gpurchase history;
hpayment status;
ifailed payment records;
jrefund status;
kchargeback or dispute records;
lapp-store purchase records;
mpayment provider references;
ncredit balances;
otop-up records;
poverage records;
qentitlement records;
rtax information, where relevant; and
ssupport records related to payments.

Yuzee does not need to store full card numbers where payments are processed by a third-party payment provider.

Payment providers, app stores, banks and card networks may collect and process payment information under their own privacy policies and terms.

4.15 Support and complaint information

Yuzee may collect information when you contact support, ask questions, raise complaints or request help.

This may include:

aname;
baccount email;
cphone number;
dorganisation name, where relevant;
esupport request details;
fcomplaint details;
gscreenshots;
hdocuments;
imessages;
jcall notes;
ksupport history;
ltechnical information;
missue type;
nissue status;
oresolution notes;
pfeedback;
qstaff notes;
rprivacy request information;
sbilling issue information; and
tother information needed to respond to your request.

Yuzee may keep support and complaint records for service delivery, quality assurance, legal compliance, privacy compliance, security, dispute resolution and platform improvement.

4.16 Communication information

Yuzee may collect information about communications with you.

This may include:

aemails sent and received;
bSMS messages;
cphone call records;
dcall notes;
ein-app messages;
fpush notification records;
gdashboard messages;
hsupport messages;
imarketing communications;
junsubscribe records;
kcommunication preferences;
ldelivery status;
mopen or click activity, where permitted;
nconsent records; and
oother communication-related information.

Yuzee may use this information to provide services, send important notices, support RMO, manage support requests, improve communications, comply with law and send marketing where permitted.

4.17 Organisation account information

If you use Yuzee on behalf of an Organisation, Yuzee may collect organisation account information.

This may include:

aorganisation name;
btrading name;
cABN, ACN or business identifier;
dorganisation type;
einstitution type;
femployer type;
gpartner type;
hbusiness address;
iwebsite;
jcontact details;
kadministrator details;
lstaff user details;
mbilling contact details;
nlegal contact details;
osupport contact details;
paccount settings;
qplan information;
rsubscription information;
scredit usage;
tdashboard activity;
uCRM activity;
vreporting data;
wintegrations; and
xother information needed to manage the Organisation Account.

4.18 Institution, employer and partner information

Yuzee may collect information from or about institutions, employers and partners.

This may include:

ainstitution profiles;
bemployer profiles;
cpartner profiles;
dcourse information;
ejob information;
fpathway information;
gservice information;
hadmission information;
ieligibility information;
joffer information;
kcontact information;
lstaff information;
mlogo and branding information;
ndocuments;
ocommunications;
pdashboard activity;
qCRM activity;
roffer actions;
sreporting information;
tsubscription and billing information; and
uother information relevant to organisation services.

Organisations are responsible for ensuring that information they provide to Yuzee is accurate, current, lawful and authorised.

4.19 Technical, device and usage information

Yuzee may automatically collect technical, device and usage information when you use the website, app or Platform.

This may include:

aIP address;
bdevice type;
cdevice identifiers;
dbrowser type;
ebrowser version;
foperating system;
gapp version;
hlanguage settings;
itime zone;
japproximate location;
kpages viewed;
lscreens viewed;
mbuttons clicked;
nfeatures used;
osearch activity;
psession activity;
qreferral information;
rcrash logs;
serror logs;
tperformance information;
usecurity logs;
vauthentication logs;
wcookie information;
xanalytics events; and
yother technical information needed to operate, secure and improve the Platform.

4.20 Cookies, analytics and tracking information

Yuzee may collect information through cookies, pixels, SDKs, local storage, analytics tools, tracking links and similar technologies.

This may include information about:

awebsite visits;
bapp activity;
cpages viewed;
dlinks clicked;
efeature usage;
fsession duration;
greferral source;
hadvertising attribution;
icampaign performance;
jdevice information;
kbrowser information;
lapproximate location;
mcrash events;
nconversion events;
ologin status;
ppreferences;
qsecurity events; and
rother analytics or tracking information.

More information about cookies and tracking is set out in the cookies and analytics section of this Privacy Policy or any separate cookie notice.

4.21 Marketing information

Yuzee may collect marketing and communication preference information.

This may include:

amarketing consent;
bsubscription to newsletters;
cevent registration;
dcampaign interactions;
ereferral source;
fadvertising attribution;
gcommunication preferences;
hunsubscribe status;
isurvey responses;
jfeedback;
kpromotion participation;
llead source;
mproduct interest; and
nmarketing communication history.

Yuzee will use marketing information in accordance with this Privacy Policy, applicable marketing laws and user communication preferences.

4.22 Sensitive information

Yuzee may collect sensitive information where it is relevant to a service, provided by the user, consented to where required, required or authorised by law, or otherwise permitted by applicable law.

Sensitive information may include:

ahealth information;
bdisability information;
cNDIS-related information;
dmedical information;
emental health or wellbeing information;
ffinancial hardship information;
gvisa or migration-related information;
hwork rights information;
igovernment identifiers;
jidentity documents;
kbiometric information, if ever used by a specific feature;
lracial or ethnic origin;
mreligious or cultural considerations;
nfamily circumstances;
osupport needs;
pcounselling-style notes;
qinformation about children or young people; and
rother information treated as sensitive under applicable law.

Yuzee will take additional care when handling sensitive information.

You should not provide sensitive information unless it is relevant to the service you are using or Yuzee specifically asks for it.

4.23 Information about children and young people

Yuzee may collect information about children and young people where permitted by law, where appropriate for the service, or where parent, guardian, school, institution or organisation involvement is required or appropriate.

This may include:

aname;
bage or age range;
ccontact details;
dparent or guardian details;
eschool or institution details;
feducation information;
gstudy interests;
hpathway interests;
isupport needs;
jconsent records;
kcommunication records;
lprofile information;
mdocuments; and
nother information relevant to providing Yuzee’s services.

Yuzee may apply additional care and controls when handling information about children and young people.

4.24 Information from third-party sources

Yuzee may collect information from third-party sources where permitted and relevant to Yuzee’s services.

This may include information from:

ainstitutions;
bemployers;
cpartners;
dapp stores;
epayment providers;
fAI providers;
ganalytics providers;
hcloud providers;
isupport tools;
jmarketing tools;
kcommunication providers;
lpublic websites;
mgovernment sources;
nABS data;
oregulator sources;
peducation datasets;
qlabour market datasets;
rskills datasets;
sglobal datasets;
tcommercial datasets;
ulicensed datasets;
vpublic records; and
wother external sources.

Third-party information may be used to support matching, recommendations, data quality, research, analytics, RMO, platform operation, security, compliance and product improvement.

4.25 Public, government and research data

Yuzee may collect, use or analyse public, government, research and statistical data to support the Platform.

This may include:

aABS data;
bAustralian Government data;
cstate and territory government data;
dlocal government data;
eeducation and training data;
flabour market data;
gskills and occupation data;
hdemographic data;
ipopulation data;
jsuburb, postcode and regional data;
kcost-of-living data;
lhousing and rent data;
mtransport and relocation data;
nglobal education data;
oglobal labour market data;
presearch publications;
qmarket research;
rpublic websites; and
sother data Yuzee considers relevant to its services.

Yuzee may combine, compare, transform, classify, summarise or derive insights from these sources.

4.26 Inferred, generated and derived information

Yuzee may generate or infer information from the information it collects.

This may include:

asuitability indicators;
bmatch scores;
ccourse recommendations;
djob recommendations;
epathway suggestions;
fskills gap indicators;
gservice recommendations;
hRMO readiness indicators;
idocument issue indicators;
jprofile completion indicators;
kpossible support needs;
lpossible user interests;
mpossible user preferences;
nissue indicators;
ofraud or misuse indicators;
pdata quality indicators;
qanalytics segments;
raggregated insights;
sde-identified insights; and
tother derived information used to provide, protect and improve Yuzee.

Inferred, generated and derived information is used for decision-support, personalisation, platform operation, safety, analytics, research and improvement.

4.27 De-identified and aggregated information

Yuzee may collect, create and use de-identified or aggregated information.

This may include:

ausage trends;
bcourse interest trends;
cjob interest trends;
dskills trends;
epathway trends;
flocation trends;
gRMO trends;
hoffer trends;
iplatform performance data;
jproduct analytics;
kbenchmark data;
lservice insights;
mmarket insights;
ndata quality insights;
oAI evaluation insights; and
pother information that does not reasonably identify an individual.

Yuzee may use de-identified or aggregated information for analytics, reporting, research and development, product improvement, AI evaluation, benchmarking, business planning and platform safety.

4.28 Information about other people

Yuzee may collect information about other people if you provide it to us.

This may happen when you:

aupload documents containing another person’s information;
bprovide parent, guardian or representative details;
cprovide referee details;
dprovide emergency contact details;
eprovide staff user details;
fprovide organisation contact details;
gprovide applicant or candidate information;
hinclude another person’s information in a message, document, prompt or support request; or
iotherwise provide information about another person.

You should only provide information about another person if you have authority or a lawful basis to do so.

4.29 Optional information

Some information is optional.

If you choose not to provide optional information, Yuzee may still be able to provide some services, but certain features may be less personalised, less accurate or unavailable.

For example, if you do not provide education history, work history, location preferences or documents, Yuzee may have less information to support matching, guidance, RMO or recommendations.

Yuzee may explain when information is required or optional through the Platform, Collection Notices or product notices.

4.30 Required information

Some information may be required to use certain features.

For example, Yuzee may require certain information to:

acreate an account;
bverify access;
cprovide support;
dprocess payments;
emanage subscriptions;
fprovide AI features;
gprovide matching;
hprepare RMO requests;
ishare information with approved recipients;
jmanage Organisation Accounts;
kcomply with law;
lprotect security; or
mprevent fraud or misuse.

If required information is not provided, Yuzee may not be able to provide the relevant feature or service.

4.31 Information Yuzee asks users not to provide unnecessarily

Users should not provide information that is not relevant to the service they are using.

Unless Yuzee specifically asks for it or it is necessary for the service, users should avoid providing:

aunnecessary health information;
bunnecessary disability information;
cunnecessary financial hardship information;
dunnecessary identity documents;
eunnecessary government identifiers;
funnecessary visa or migration information;
gunnecessary family information;
hunnecessary information about other people;
ipasswords for other services;
jbank account details unless required for a payment or refund process;
khighly confidential business information; or
lany information the user is not authorised to provide.

If Yuzee receives unnecessary information, Yuzee may delete, de-identify, restrict, ignore or securely handle it in accordance with this Privacy Policy and applicable law.

4.32 Accuracy of information collected

Yuzee relies on users, Organisations, third-party sources, public sources, service providers and automated systems to provide or support information.

Information may be incomplete, outdated, inaccurate or change over time.

Users and Organisations should keep their information accurate and current.

If you believe information held by Yuzee is incorrect, outdated, incomplete or misleading, you may contact Yuzee or update your information through available account tools.

4.33 Collection may change over time

Yuzee may change the information it collects as the Platform, AI features, matching systems, RMO workflows, paid services, organisation tools, data sources, laws, security needs and business operations change.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices or consent notices to explain material changes to information collection.

How Yuzee Collects Information

5.1 Overview

Yuzee collects information in different ways depending on how you use the Platform.

Yuzee may collect information:

adirectly from you;
bautomatically when you use the website, app or Platform;
cfrom information you upload;
dfrom AI prompts, chats and interactions;
efrom Request Multiple Offers workflows;
ffrom institutions, employers and partners;
gfrom organisation administrators and staff users;
hfrom payment providers and app stores;
ifrom third-party service providers;
jfrom public, government, research and data sources;
kfrom Yuzee’s own analysis, matching systems and research and development; and
lfrom other sources where permitted by law.

Yuzee aims to collect information in a lawful, fair and transparent way.

5.2 Information you provide directly

Yuzee may collect information directly from you when you choose to provide it.

This may happen when you:

acreate an account;
bcomplete your profile;
cupdate your profile;
danswer questions;
eenter your goals or mission;
fselect preferences;
gprovide education information;
hprovide work or career information;
iprovide location preferences;
juse matching tools;
kuse AI features;
lupload documents;
muse Request Multiple Offers;
nrequest offers;
omake a payment;
psubscribe to a paid service;
qcontact support;
rmake a privacy request;
smake a complaint;
tprovide feedback;
urespond to surveys;
vsign up for communications; or
wotherwise interact with Yuzee.

5.3 Information collected during account creation

When you create an account, Yuzee may collect information needed to create, secure and manage your account.

This may include your name, email address, phone number, login credentials, account type, consent records, communication preferences, age or age range where relevant, and other information needed to provide access to the Platform.

Yuzee may also collect information to confirm whether you are using Yuzee as an individual user, organisation user, student, job seeker, career user, parent, guardian, institution staff member, employer staff member, partner staff member or another type of user.

5.4 Information collected through profile setup

Yuzee may collect information when you set up or update your profile.

This may include your goals, mission, education history, work history, skills, interests, preferences, location, documents, support needs, pathway interests and other information relevant to personalised guidance.

Yuzee may ask profile questions to help understand your situation and provide more relevant matching, recommendations, AI guidance, RMO support and service suggestions.

Some profile information may be optional. If you do not provide optional information, some features may be less personalised or may not work as intended.

5.5 Information collected through AI features

Yuzee may collect information when you use AI features.

This may include prompts, questions, messages, instructions, uploaded files, AI chat history, AI outputs, recommendations, summaries, explanations, feedback, usage records, error logs and related metadata.

Yuzee may also use your profile information, documents, preferences, RMO information or other relevant context to help generate more useful AI-supported guidance.

Yuzee uses AI features to support decision-making, not to make final decisions for you.

You should avoid including unnecessary sensitive information in AI prompts or chats unless it is relevant to the service you are using.

5.6 Information collected from document uploads

Yuzee may collect information from documents or files you upload.

This may include resumes, transcripts, certificates, qualifications, identity-related documents, portfolios, application documents, offer documents, support documents, screenshots or other files.

Yuzee may use AI, automation, data extraction, human review or other tools to read, extract, summarise, classify or analyse uploaded documents.

This may help Yuzee support profile building, matching, guidance, RMO, offer requests, support, data quality checks and platform improvement.

You should only upload documents that are relevant to the service you are using and that you are authorised to provide.

5.7 Information collected through Request Multiple Offers

Yuzee may collect information when you use Request Multiple Offers or related offer request workflows.

This may include your profile information, goals, preferences, education history, work history, skills, documents, preferred courses, preferred jobs, location preferences, support needs, offer request details, consent records, RMO status, organisations contacted, responses received, offer information and support records.

Yuzee may provide additional RMO notices or consent screens explaining what information may be collected, used or shared for that workflow.

Yuzee may collect RMO information directly from you, from your account, from documents, from AI-supported preparation, from Yuzee support staff, and from institutions, employers or partners responding to the request.

5.8 Information collected through payments and subscriptions

Yuzee may collect information when you purchase, subscribe to or use paid services.

This may include plan details, purchase history, subscription status, invoice details, receipt details, payment status, credit usage, top-up records, refund requests, chargeback records, app-store purchase details, payment provider references and entitlement records.

Yuzee may receive payment-related information from payment providers, app stores, banks or card networks.

Yuzee does not need to collect or store full payment card numbers where payments are processed by third-party payment providers.

5.9 Information collected automatically

Yuzee may automatically collect technical, device, usage and interaction information when you use the website, app or Platform.

This may include:

aIP address;
bdevice type;
cdevice identifiers;
dbrowser type;
eoperating system;
fapp version;
glanguage settings;
htime zone;
iapproximate location;
jpages viewed;
kscreens viewed;
lfeatures used;
mbuttons clicked;
nsearch activity;
osession activity;
preferral source;
qcrash logs;
rerror logs;
sperformance data;
tsecurity logs;
uauthentication logs;
vcookie information;
wanalytics events; and
xother technical or usage information.

Yuzee uses this information to operate, secure, analyse, personalise and improve the Platform.

5.10 Information collected through cookies and similar technologies

Yuzee may collect information through cookies, pixels, SDKs, local storage, tracking links, analytics tags and similar technologies.

These technologies may help Yuzee:

akeep users logged in;
bremember preferences;
cimprove website and app performance;
dunderstand feature usage;
emeasure marketing effectiveness;
fanalyse product performance;
gdetect errors;
hprevent fraud or misuse;
iimprove security;
jsupport personalisation; and
kimprove the Platform.

More information may be provided in the cookies and analytics section of this Privacy Policy or in a separate cookie notice.

5.11 Information collected from organisations

Yuzee may collect information from institutions, employers, partners and other organisations.

This may include organisation profile information, course information, job information, offer information, staff user information, administrator information, billing contact information, CRM activity, dashboard activity, reporting information, communications and support records.

Yuzee may also collect information from organisations about users where the user has interacted with the organisation through Yuzee, used RMO, requested an offer, communicated through the Platform or where the collection is otherwise permitted by law.

Organisations are responsible for ensuring they have authority to provide information to Yuzee.

5.12 Information collected from organisation staff

If you use Yuzee on behalf of an organisation, Yuzee may collect information about you from your organisation, an administrator, another staff user or your own use of the Platform.

This may include your name, work email, phone number, role, permissions, dashboard activity, communications, support requests, billing activity, offer actions and other organisation account activity.

Yuzee may use this information to manage organisation access, staff permissions, billing, security, support, reporting and compliance.

5.13 Information collected from third-party service providers

Yuzee may collect information from third-party service providers that help operate, support, secure or improve the Platform.

These providers may include:

apayment providers;
bapp stores;
cAI providers;
dcloud hosting providers;
eanalytics providers;
fcrash reporting providers;
gcommunication providers;
hSMS providers;
iemail providers;
jsupport tools;
ksecurity tools;
lmonitoring tools;
mmarketing tools;
nattribution tools;
odatabase providers; and
pother technology or service providers.

The information received may include payment status, subscription status, technical logs, AI processing records, support records, communication status, analytics events, security alerts, error reports and related metadata.

5.14 Information collected from AI providers

Yuzee may use third-party AI providers to support AI features.

Yuzee may send prompts, context, documents, profile information or other relevant information to AI providers where reasonably necessary to provide AI features, subject to this Privacy Policy, applicable notices and applicable law.

Yuzee may receive AI outputs, processing metadata, error information, safety signals, usage records or other technical information from AI providers.

AI providers may include providers such as Google Gemini, Anthropic Claude, OpenAI/ChatGPT, xAI/Grok or other current or future providers.

5.15 Information collected from public, government and research sources

Yuzee may collect or use information from public, government, research and data sources.

These sources may include:

aABS data;
bAustralian Government datasets;
cstate and territory government datasets;
dlocal government datasets;
eregulator datasets;
feducation and training datasets;
glabour market datasets;
hskills and occupation datasets;
idemographic datasets;
jpopulation datasets;
ksuburb, postcode and regional datasets;
lcost-of-living datasets;
mtransport and relocation datasets;
nglobal datasets;
oresearch publications;
pmarket research;
qpublic websites;
rcommercial datasets;
slicensed datasets; and
tother data sources relevant to Yuzee’s services.

Yuzee may use this information to improve matching, recommendations, guidance, data quality, research and development, analytics and platform performance.

5.16 Information generated by Yuzee’s systems

Yuzee may generate information through its own systems, AI tools, matching tools, data analysis, automation, research and development, and platform activity.

This may include:

auser profile indicators;
bsuitability indicators;
cmatching scores;
drecommendations;
epathway suggestions;
fskills gap indicators;
gRMO readiness indicators;
hservice recommendations;
iissue indicators;
jdocument quality indicators;
kfraud or misuse indicators;
lsecurity indicators;
manalytics segments;
nde-identified insights;
oaggregated insights;
pdata quality signals; and
qother generated or derived information.

Generated information is used to provide, personalise, protect and improve Yuzee.

5.17 Information collected through communications

Yuzee may collect information when you communicate with us or when we communicate with you.

This may include emails, SMS messages, phone records, call notes, support tickets, chat messages, in-app messages, push notification records, dashboard messages, survey responses, feedback, complaint records and communication preferences.

Yuzee may use communication records for support, service delivery, quality assurance, dispute resolution, privacy compliance, legal compliance, safety, security and platform improvement.

5.18 Information collected from referrals and introductions

Yuzee may collect information when a user, organisation, partner, institution, employer or other person refers or introduces someone to Yuzee.

This may include name, contact details, organisation details, role, reason for referral, service interest, course interest, job interest or other relevant information.

A person should only provide another person’s information to Yuzee if they have authority or a lawful basis to do so.

5.19 Information collected from parents, guardians or authorised representatives

Yuzee may collect information from parents, guardians or authorised representatives where they support a user’s use of Yuzee or communicate with Yuzee on behalf of a user.

This may include contact details, relationship to the user, consent records, support information, documents, communications and information needed to verify authority.

Yuzee may ask for proof of authority before discussing or changing another person’s information.

5.20 Information collected from app stores and device platforms

If you download or use the Yuzee app, Yuzee may receive information from app stores, device platforms or operating systems.

This may include app installation status, subscription status, purchase records, refund status, app version, device type, crash data, push notification status, device permissions and technical information.

App stores and device platforms may separately collect and process information under their own privacy policies and terms.

5.21 Information collected from social media or public interactions

Yuzee may collect information if you interact with Yuzee through social media, public pages, online communities, advertisements, comments, reviews or public posts.

This may include your username, profile information made available by the platform, public comments, messages, reactions, campaign activity and related metadata.

Social media platforms and public platforms may have their own privacy practices.

5.22 Information collected when required or authorised by law

Yuzee may collect information where required or authorised by law.

This may include information needed for:

aidentity verification;
bfraud prevention;
ctax and accounting;
dconsumer law compliance;
eprivacy compliance;
fpayment disputes;
gcourt orders;
hregulator requests;
ilaw enforcement requests;
jsafety concerns;
kdata breach response;
lemployment, education or business obligations; and
mother legal or regulatory requirements.

5.23 Sensitive information collection

Yuzee may collect sensitive information where:

ayou provide it;
bit is relevant to a feature or service you use;
cit is needed to provide support;
dit is needed for RMO or offer request preparation;
eit is included in documents you upload;
fit is included in prompts, chats or messages you submit;
gyou consent where consent is required;
hcollection is required or authorised by law; or
icollection is otherwise permitted under applicable law.

Yuzee will take additional care when handling sensitive information.

You should avoid providing unnecessary sensitive information unless it is relevant to the service you are using.

5.24 Collection from third parties where direct collection is not practical

Where practical and appropriate, Yuzee aims to collect personal information directly from the individual.

However, Yuzee may collect information from third parties where direct collection is not practical, where the user would reasonably expect it, where the user has consented, where it is needed to provide the Platform, where it is needed for RMO or organisation workflows, where it is needed for security or fraud prevention, or where permitted by law.

Third-party sources may include organisations, app stores, payment providers, AI providers, service providers, public sources, government sources, research sources or other people authorised to provide information.

5.25 Unsolicited information

Yuzee may sometimes receive information that it did not request.

This may happen if a user uploads unnecessary documents, includes extra personal information in a message, sends information about another person, submits sensitive information that was not needed, or an organisation provides information that Yuzee did not ask for.

Where Yuzee receives unsolicited information, Yuzee may review it and decide whether it could have lawfully collected the information.

Where appropriate, Yuzee may delete, de-identify, restrict, retain or securely handle unsolicited information in accordance with applicable law and Yuzee’s internal processes.

5.26 Collection Notices

Yuzee may provide Collection Notices or feature-specific notices when collecting information.

A Collection Notice may explain:

awhat information is being collected;
bwhy it is being collected;
cwhether collection is required or optional;
dwhat may happen if the information is not provided;
ehow the information may be used;
fwho the information may be shared with;
gwhether information may be processed overseas;
hwhether AI or automation may be used;
ihow to contact Yuzee; and
jwhere to find this Privacy Policy.

Collection Notices may appear in the website, app, forms, dashboards, document upload screens, AI prompts, RMO workflows, payment flows, consent screens or other parts of the Platform.

5.27 User choices during collection

Where available and appropriate, Yuzee may give users choices about information collection.

This may include the ability to:

achoose whether to create an account;
bchoose whether to complete optional profile fields;
cchoose whether to upload documents;
dchoose whether to use AI features;
echoose whether to use RMO;
fchoose whether to share information with institutions, employers or partners;
gchoose communication preferences;
hmanage marketing consent;
imanage app permissions;
jupdate profile details; and
krequest access or correction.

Some information may be required for certain features to work properly.

5.28 If information is not provided

If you do not provide certain information, Yuzee may not be able to provide some features or services.

For example, Yuzee may not be able to:

acreate or secure your account;
bpersonalise guidance;
cprovide accurate matching;
dreview documents;
eprovide AI-supported responses;
fprepare RMO requests;
gshare approved information with institutions, employers or partners;
hprocess payments;
imanage subscriptions;
jprovide support;
kinvestigate complaints;
lcomply with legal obligations; or
mprotect the Platform from misuse.

Where possible, Yuzee may explain when information is required and when it is optional.

5.29 Changes to collection methods

Yuzee may change how it collects information as the Platform develops.

This may happen because of changes to:

aAI features;
bmatching systems;
cRMO workflows;
ddocument review tools;
eorganisation dashboards;
fpayment systems;
gapp features;
hdata sources;
isecurity needs;
jlegal requirements;
kthird-party providers;
luser needs; or
mbusiness operations.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices or consent notices to explain material changes.

Why Yuzee Uses Information

6.1 Overview

Yuzee uses information to provide, personalise, operate, protect and improve the Platform.

The purposes for which Yuzee uses information may depend on:

athe information provided;
bthe features used;
cthe user’s account type;
dthe user’s preferences;
ewhether the user uses free or paid services;
fwhether the user uses AI features;
gwhether the user uses Request Multiple Offers;
hwhether the user uploads documents;
iwhether the user acts as an individual user;
jwhether the user acts on behalf of an Organisation;
kwhether the information is needed for support, safety, billing, security, legal or operational reasons; and
lapplicable law.

Yuzee may use information for the purposes described in this Privacy Policy, any applicable Collection Notice, consent notice, product notice, Terms and Conditions or agreement with Yuzee.

6.2 To provide the Platform

Yuzee uses information to provide the website, app, account features, AI features, matching tools, dashboards, RMO features, support tools, payment features, communications and related services.

This may include using information to:

acreate accounts;
bauthenticate users;
cmanage login;
dmanage account settings;
eprovide website and app functionality;
fprovide user profiles;
gprovide AI-supported guidance;
hprovide matching and recommendations;
iprovide document upload and review features;
jprovide Request Multiple Offers features;
kprovide organisation dashboards;
lprovide CRM features;
mprovide reporting features;
nprovide paid services;
oprovide support;
pmanage notifications;
qmanage communications;
rprocess payments and subscriptions;
smanage credits, top-ups and entitlements; and
toperate other Yuzee features.

6.3 To personalise user experience

Yuzee uses information to personalise the Platform for users.

This may include using information to:

aunderstand user goals;
bunderstand user mission;
cunderstand user preferences;
dunderstand education history;
eunderstand work history;
funderstand skills;
gunderstand interests;
hunderstand location preferences;
iunderstand support needs;
jcreate and update a Yuzee profile;
kshow more relevant content;
lsuggest more relevant courses;
msuggest more relevant jobs;
nsuggest more relevant services;
osuggest more relevant pathways;
pimprove AI guidance;
qimprove RMO preparation;
rprioritise relevant support; and
simprove the user experience.

Yuzee uses personalisation to make the Platform more useful. Personalisation does not remove user choice or make final decisions for users.

6.4 To build and maintain Yuzee profiles

Yuzee uses information to build and maintain internal Yuzee profiles.

A Yuzee profile may help Yuzee understand a user’s goals, mission, interests, education, work history, skills, preferences, documents, location, support needs, RMO activity, matching activity and service needs.

Yuzee may use Yuzee profiles to:

apersonalise guidance;
bprovide AI-supported responses;
cimprove matching;
dimprove recommendations;
eprepare RMO support;
fidentify possible pathway options;
gidentify possible service needs;
hidentify possible missing information;
iimprove support;
jimprove platform safety;
kimprove product quality; and
limprove Yuzee over time.

Yuzee profiles are used for decision-support. They are not used by Yuzee to make final study, career, employment, migration, financial, legal, health, enrolment, funding or life decisions for users.

6.5 To provide AI features

Yuzee uses information to provide AI features.

This may include using prompts, messages, documents, profile information, preferences, course data, job data, skills data, RMO information and other relevant context to generate AI-supported guidance.

AI features may support:

aAI chat;
bpersonalised guidance;
ccourse suggestions;
djob suggestions;
eskills analysis;
fpathway suggestions;
gdocument summaries;
hdocument review;
isuitability explanations;
jRMO preparation;
koffer request preparation;
lsupport responses;
mdata quality checks;
nissue detection;
oplatform safety; and
pproduct improvement.

AI features are decision-support tools only. Users should review important information and make their own final decisions.

6.6 To provide matching and recommendations

Yuzee uses information to provide matching, recommendations and suitability indicators.

This may include using information to:

acompare user goals with course options;
bcompare user goals with job options;
ccompare skills with course or job pathways;
dsuggest possible study options;
esuggest possible training options;
fsuggest possible job options;
gsuggest possible career pathways;
hsuggest possible services;
isuggest possible institutions;
jsuggest possible employers;
ksuggest possible partners;
lgenerate suitability indicators;
mgenerate match reasons;
nrank or organise results;
oidentify possible skills gaps;
pidentify possible pathway gaps;
qidentify possible RMO readiness; and
rimprove matching quality.

Matching and recommendations are based on available information and may not include every possible course, job, provider, employer, pathway, service or scenario.

6.7 To support Request Multiple Offers

Yuzee uses information to support Request Multiple Offers and related offer request workflows.

This may include using information to:

aunderstand the user’s goals and preferences;
bprepare an RMO request;
cidentify relevant institutions, employers or partners;
dprepare documents or summaries;
esupport user review;
fshare approved information with relevant organisations;
gtrack responses;
hreceive offer information;
isupport comparison of responses;
jprovide RMO support;
kmanage paid RMO services;
lmanage support windows;
mrecord consent;
nmaintain RMO records;
oprevent misuse; and
pimprove RMO workflows.

Yuzee may provide additional RMO notices or consent screens before information is shared with institutions, employers or partners.

6.8 To review and process documents

Yuzee uses information in uploaded documents to provide document-related services.

This may include using information to:

aidentify document type;
bextract relevant details;
csummarise documents;
dreview education information;
ereview work information;
fidentify skills;
gidentify missing information;
hidentify inconsistencies;
isupport course matching;
jsupport job matching;
ksupport RMO preparation;
lsupport offer request preparation;
msupport user profile updates;
nsupport AI guidance;
osupport human review;
pimprove document processing; and
qimprove data quality.

Document review may use AI, automation, human review or a combination of these methods.

Yuzee may not extract or interpret document information perfectly. Users should review important document summaries and extracted information.

6.9 To support users and respond to requests

Yuzee uses information to provide support and respond to user requests.

This may include using information to:

arespond to support requests;
banswer questions;
cresolve account issues;
dinvestigate technical issues;
erespond to complaints;
frespond to privacy requests;
grespond to billing questions;
hprovide RMO support;
iprovide paid service support;
jtroubleshoot app or website issues;
kverify user identity where needed;
lcommunicate updates;
mkeep support records; and
nimprove support quality.

6.10 To provide paid services and manage billing

Yuzee uses information to provide paid services and manage billing.

This may include using information to:

aprocess purchases;
bmanage subscriptions;
cmanage RMO Review Passes;
dmanage paid plans;
emanage credits;
fmanage top-ups;
gmanage overages;
hmanage invoices;
iissue receipts;
jprocess refunds where applicable;
kmanage failed payments;
lmanage chargebacks or disputes;
msync payment status;
nmanage entitlements;
oprevent payment misuse; and
pprovide billing support.

Yuzee may use third-party payment providers and app stores to support payment processing.

6.11 To support Organisations

Yuzee uses information to support institutions, employers, partners and other Organisations.

This may include using information to:

acreate Organisation Accounts;
bmanage staff access;
cmanage administrators;
dmanage billing contacts;
emanage organisation profiles;
fdisplay organisation information;
gdisplay course information;
hdisplay job information;
isupport RMO responses;
jsupport offer actions;
kprovide dashboards;
lprovide CRM tools;
mprovide reporting;
nmanage subscriptions;
omanage credits;
pmanage top-ups;
qmanage support;
rimprove organisation services; and
senforce organisation obligations.

Organisations must only use personal information they receive through Yuzee for permitted purposes and in accordance with applicable law.

6.12 To communicate with users and Organisations

Yuzee uses information to communicate with users and Organisations.

This may include communications about:

aaccount activity;
blogin and security;
cprofile updates;
dAI features;
ematching results;
fRMO activity;
goffers and responses;
hdocuments;
isupport requests;
jprivacy requests;
kcomplaints;
lpayments;
msubscriptions;
ncredits;
oinvoices;
pservice changes;
qpolicy changes;
rmarketing where permitted;
ssurveys and feedback; and
tlegal notices.

Yuzee may communicate by email, SMS, phone, push notification, in-app message, dashboard notice, support ticket, web form or other reasonable method.

6.13 To improve data quality

Yuzee uses information to improve data quality and platform reliability.

This may include using information to:

adetect missing data;
bdetect outdated data;
cdetect duplicate records;
ddetect inconsistent information;
edetect low-confidence matches;
fcorrect information;
gupdate course data;
hupdate job data;
iupdate institution data;
jupdate employer data;
kupdate partner data;
limprove document extraction;
mimprove matching logic;
nimprove AI outputs;
oimprove recommendations;
pimprove source mapping;
qimprove data pipelines; and
rrespond to user and organisation feedback.

Because Yuzee uses large volumes of data from many sources, Yuzee cannot guarantee that every data issue will be detected or corrected immediately.

6.14 To improve the Platform

Yuzee uses information to improve the Platform, products, services, AI features and user experience.

This may include using information for:

aanalytics;
bresearch and development;
cproduct testing;
dfeature development;
ebug fixing;
fperformance monitoring;
guser experience improvement;
hAI evaluation;
iprompt improvement;
jmatching improvement;
krecommendation improvement;
ldocument processing improvement;
mRMO workflow improvement;
nsupport improvement;
odashboard improvement;
preporting improvement;
qbusiness planning; and
rplatform quality assurance.

Where appropriate, Yuzee may use aggregated or de-identified information for improvement, analytics and research.

6.15 To protect users, Organisations and the Platform

Yuzee uses information to protect users, Organisations and the Platform.

This may include using information to:

asecure accounts;
bverify access;
cdetect unauthorised access;
ddetect suspicious activity;
eprevent fraud;
fprevent payment misuse;
gprevent credit misuse;
hprevent spam;
iprevent scraping;
jprevent fake accounts;
kprevent fake documents;
lprevent fake offers;
mdetect harmful communications;
ndetect misuse of AI features;
odetect misuse of RMO;
pdetect privacy risks;
qdetect security risks;
rinvestigate suspected breaches;
senforce Yuzee’s Terms and Conditions; and
tprotect Yuzee’s legal rights.

6.16 To manage consent, preferences and user control

Yuzee uses information to manage user choices, consents and preferences.

This may include using information to:

arecord consent;
brecord withdrawal of consent where available;
cmanage communication preferences;
dmanage marketing preferences;
emanage app permissions;
fmanage RMO sharing approvals;
gmanage document sharing approvals;
hmanage account settings;
imanage privacy requests;
jmanage access requests;
kmanage correction requests;
lmanage deletion requests where available; and
mprovide user control tools.

6.17 To provide marketing where permitted

Yuzee may use information to send marketing communications where permitted by law.

This may include communications about:

aYuzee features;
bproduct updates;
cstudy opportunities;
dcareer opportunities;
einstitution opportunities;
femployer opportunities;
gpartner services;
hevents;
ipromotions;
jnewsletters;
ksurveys;
loffers; and
mother information that may be relevant.

Users may unsubscribe from marketing communications where required or available.

Yuzee may still send service, security, billing, legal, RMO or account-related communications even if a user unsubscribes from marketing.

6.18 To conduct research and development

Yuzee uses information for research and development.

This may include:

aidentifying useful data sources;
bimproving course and job taxonomies;
cimproving skills mapping;
dimproving pathway models;
eimproving suitability indicators;
fimproving AI prompts;
gimproving AI workflows;
himproving matching systems;
iimproving forecasting tools;
jimproving document analysis;
kimproving RMO workflows;
limproving data quality systems;
mevaluating new features;
ntesting product changes;
oanalysing platform performance;
panalysing user needs; and
qbuilding better services.

Where appropriate, Yuzee may use de-identified or aggregated information for research and development.

6.19 To use public, government, global and research data

Yuzee may use public, government, global, commercial, licensed, partner and research data to support the Platform.

This may include using information from ABS data, Australian Government datasets, state and territory datasets, local government datasets, regulator datasets, education datasets, labour market datasets, skills datasets, global datasets, public websites, commercial datasets and Yuzee’s own research and development.

Yuzee may use this information to:

aimprove matching;
bimprove recommendations;
cimprove pathway guidance;
dimprove cost-of-living guidance;
eimprove location guidance;
fimprove labour market insights;
gimprove course and job information;
himprove institution and employer information;
iimprove data quality;
jimprove analytics; and
kimprove Yuzee services.

External data may be incomplete, delayed, revised, unavailable or unsuitable for a specific purpose.

6.20 To meet legal, regulatory and compliance obligations

Yuzee uses information to meet legal, regulatory, tax, accounting, privacy, consumer, security, payment, audit and compliance obligations.

This may include using information to:

acomply with laws;
brespond to regulator requests;
crespond to court orders;
dmaintain records;
emanage tax and accounting obligations;
fmanage payment disputes;
gmanage privacy requests;
hmanage data breach assessments;
imanage complaints;
jprotect legal rights;
kenforce contracts;
lprevent unlawful activity;
msupport audits;
ncomply with app store requirements;
ocomply with payment provider requirements; and
pcomply with other legal or regulatory obligations.

6.21 To handle disputes, complaints and investigations

Yuzee uses information to handle disputes, complaints, investigations and enforcement matters.

This may include using information to:

ainvestigate complaints;
binvestigate support issues;
cinvestigate billing disputes;
dinvestigate privacy concerns;
einvestigate security incidents;
finvestigate suspected misuse;
greview RMO issues;
hreview offer issues;
icontact relevant parties;
jpreserve records;
krespond to legal claims;
lenforce Yuzee’s Terms and Conditions;
mdefend Yuzee’s rights; and
ncomply with legal processes.

6.22 To de-identify or aggregate information

Yuzee may use information to create de-identified or aggregated information.

Yuzee may use de-identified or aggregated information for:

aanalytics;
breporting;
cbenchmarking;
dmarket insights;
eproduct improvement;
fAI evaluation;
gmatching improvement;
hdata quality improvement;
iresearch and development;
jplatform safety;
kbusiness planning;
lorganisation reporting; and
mother lawful business purposes.

Yuzee will take reasonable steps to reduce the risk that de-identified or aggregated information identifies an individual.

6.23 To support business operations

Yuzee may use information for ordinary business operations.

This may include:

ainternal administration;
bstaff training;
cquality assurance;
dvendor management;
eservice provider management;
ffinancial management;
gbusiness planning;
hinvestment or funding discussions;
idue diligence;
jmergers, acquisitions or restructuring;
kinsurance;
llegal advice;
mprofessional advice;
nrisk management;
ogovernance; and
pcorporate record keeping.

Where personal information is used for business operations, Yuzee will take reasonable steps to protect it and limit use to what is reasonably necessary.

6.24 Where a purpose changes

Yuzee may update how it uses information as the Platform develops.

This may happen because of changes to AI features, matching systems, RMO workflows, data sources, organisation services, paid services, technology providers, legal requirements, security needs or business operations.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices or product notices to explain material changes.

Yuzee may seek consent where required by law.

6.25 User control and verification

Yuzee uses information to help users make better-informed decisions, but users remain in control of their own final decisions.

Users should review Yuzee guidance, AI outputs, recommendations, matches, suitability indicators, RMO summaries and other important outputs before relying on them.

Users should verify important details with the relevant institution, employer, partner, regulator, government body, professional adviser or official source before making final decisions.

Users may contact Yuzee if they believe information is inaccurate, outdated, incomplete, misleading or unsafe.

AI, Profiling, Prediction and Decision-Support

7.1 Overview

Yuzee may use artificial intelligence, automation, prompts, data analysis, matching systems, recommendation systems, forecasting tools, issue-detection tools, human review and other technologies to provide and improve the Platform.

Yuzee uses these tools to make the Platform more personalised, useful, safe and relevant.

These tools may help Yuzee:

aunderstand user goals;
bunderstand user mission;
cpersonalise guidance;
dbuild and update Yuzee profiles;
esuggest possible study, training, career or job pathways;
fsuggest possible courses, jobs, institutions, employers, partners or services;
gidentify possible skills gaps;
hidentify possible support needs;
ireview documents;
jprepare Request Multiple Offers support;
kprepare offer request information;
limprove matching and recommendations;
mimprove data quality;
nidentify possible issues;
oprotect users and the Platform;
pimprove support; and
qimprove Yuzee over time.

AI, profiling, prediction, automation and personalised guidance are used for decision-support. They do not replace user judgment.

7.2 How Yuzee uses AI

Yuzee may use AI to support features such as:

aAI chat;
bpersonalised guidance;
ccourse suggestions;
djob suggestions;
epathway suggestions;
fskills analysis;
gdocument review;
hdocument summaries;
isuitability explanations;
jmatch explanations;
kRMO preparation;
loffer request support;
msupport responses;
nquality checks;
oissue detection;
pdata classification;
qdata matching;
rdata summarisation;
scontent moderation;
tfraud and misuse detection; and
uproduct improvement.

AI may process information you provide, information in your Yuzee profile, documents you upload, prompts you submit, data from institutions, employers or partners, public data, third-party data and Yuzee’s own research and development.

7.3 Yuzee profiles

Yuzee may create and maintain an internal Yuzee profile to personalise the Platform.

A Yuzee profile may include information such as:

ayour goals;
byour mission;
cyour education history;
dyour work history;
eyour skills;
fyour interests;
gyour preferences;
hyour location;
iyour preferred locations;
jyour study interests;
kyour job interests;
lyour pathway interests;
myour uploaded documents;
nyour AI interactions;
oyour RMO activity;
pyour offer request activity;
qyour platform activity;
ryour support needs;
ssuitability indicators;
tpossible service needs;
upossible issue indicators; and
vother information relevant to providing Yuzee’s services.

Yuzee profiles help personalise guidance and improve matching. They do not remove your choice or make final decisions for you.

7.4 Personalised guidance

Yuzee may use your information to provide personalised guidance.

This may include guidance about:

apossible courses;
bpossible jobs;
cpossible skills gaps;
dpossible pathways;
epossible institutions;
fpossible employers;
gpossible services;
hpossible RMO readiness;
ipossible application preparation;
jpossible document improvements;
kpossible support options;
lpossible location or relocation considerations;
mpossible cost-of-living considerations; and
nother information that may help you explore your options.

Personalised guidance is based on available information. It may not account for every personal circumstance, course detail, job detail, provider rule, employer rule, eligibility rule, future event or third-party decision.

7.5 Forecasting and prediction

Yuzee may use information, AI, automation, matching systems, public data, third-party data, research data and Yuzee’s own analysis to estimate possible pathways, service needs, opportunities or issues.

This may include estimating or suggesting:

apossible course suitability;
bpossible job suitability;
cpossible skills gaps;
dpossible pathway options;
epossible service needs;
fpossible support needs;
gpossible RMO readiness;
hpossible application issues;
ipossible document issues;
jpossible location or relocation considerations;
kpossible cost-of-living considerations;
lpossible course-to-job pathways;
mpossible industry trends;
npossible employment pathways;
opossible offer readiness; and
pother information relevant to Yuzee’s services.

Forecasts and predictions are estimates only. They are not guarantees, promises, final decisions or professional advice.

7.6 Issue detection and platform safety

Yuzee may use AI, automation, data analysis and human review to identify possible issues that could affect users, Organisations or the Platform.

This may include identifying:

aincomplete profile information;
binconsistent information;
coutdated information;
dmissing documents;
epossible course mismatch;
fpossible job mismatch;
gpossible pathway mismatch;
hpossible eligibility concerns;
ipossible application issues;
jpossible RMO readiness issues;
kpossible offer issues;
lpossible privacy concerns;
mpossible security concerns;
npossible account misuse;
opossible payment misuse;
ppossible fake documents;
qpossible fake offers;
rpossible harmful communications;
spossible unfair or discriminatory conduct;
tpossible data quality issues; and
uother issues relevant to the Platform.

These tools are used to improve quality, safety and usefulness. They do not guarantee that every issue will be detected, prevented or corrected.

7.7 Decision-support only

AI, profiling, predictions, recommendations, matches, suitability indicators, summaries and issue indicators are decision-support tools only.

They are designed to help users and Organisations make better-informed decisions.

They are not:

aguarantees;
bfinal decisions;
cprofessional advice;
dlegal advice;
efinancial advice;
fmigration advice;
gmedical advice;
hpsychological advice;
igovernment advice;
jofficial institution advice;
kofficial employer advice;
lofficial regulator advice; or
ma promise of any particular outcome.

Users should review important information and confirm key details with the relevant institution, employer, partner, regulator, government body or qualified adviser before making final decisions.

7.8 Users remain in control

Users remain in control of their own final decisions.

Yuzee provides information, guidance, recommendations, matches, AI outputs, suitability indicators, counselling-style support, RMO support and decision-support tools.

Users are responsible for deciding whether to:

afollow a recommendation;
bapply for a course;
caccept or reject an offer;
dcontact an Institution;
econtact an Employer;
fcontact a Partner;
gupload documents;
hshare information;
iuse Request Multiple Offers;
juse a paid service;
krely on a pathway suggestion;
lrelocate;
mchange career;
nenrol;
oapply for a job;
pseek funding;
qseek professional advice; or
rtake any other action.

Yuzee does not make final study, career, employment, migration, financial, legal, health, enrolment, funding or life decisions for users.

7.9 No final automated high-impact decisions by Yuzee

Unless Yuzee expressly states otherwise in a specific notice, Yuzee’s AI, automation, personalised profiles, matching tools, guidance tools and issue-detection tools are used for decision-support.

Yuzee does not automatically make final binding decisions about:

aenrolment;
badmission;
cemployment;
dhiring;
evisa eligibility;
ffunding eligibility;
gscholarship eligibility;
hlicensing;
iregistration;
jlegal rights;
kmedical treatment;
lfinancial products;
mgovernment benefits;
nfinal course acceptance;
ofinal job acceptance; or
pother high-impact third-party decisions.

Final decisions may be made by the user, an Institution, an Employer, a Partner, a regulator, a government body, a professional adviser or another relevant third party.

7.10 Human review

Some Yuzee services may include human review, staff review, counsellor review, support review or quality review.

Human review may help improve the usefulness of a service, but it does not mean that Yuzee has independently verified every fact, document, course, job, provider, employer, offer, data source, AI output, recommendation or pathway.

Unless Yuzee expressly states otherwise in writing, human review does not guarantee:

aaccuracy;
bcompleteness;
ccurrentness;
deligibility;
ecourse availability;
fjob availability;
ginstitution response;
hemployer response;
ioffer success;
jenrolment;
kemployment;
lfunding;
mvisa outcomes;
nlicence or registration outcomes;
ocareer outcomes; or
pany other specific result.

7.11 Third-party AI providers

Yuzee may use third-party AI providers, AI APIs, AI infrastructure or AI-related tools to provide or support AI features.

These providers may include providers such as Google Gemini, Anthropic Claude, OpenAI/ChatGPT, xAI/Grok or other current or future providers.

Yuzee may send prompts, context, documents, profile information or other relevant information to AI providers where reasonably necessary to provide AI features, support users, improve quality, manage safety, detect issues or operate the Platform.

Third-party AI providers may process information according to their own systems, provider terms, technical controls, security measures, model behaviour and data-processing practices.

Yuzee will take reasonable steps to manage privacy and security risks when using third-party AI providers.

Where reasonably available and appropriate, Yuzee aims to configure third-party AI services so that personal information is not used to train public or general AI models. If Yuzee materially changes this approach, Yuzee will update its notices or seek consent where required by law.

7.12 AI prompts, inputs and outputs

Yuzee may collect and process prompts, messages, questions, documents, files, instructions, profile context, AI outputs, AI chat history, feedback, error logs, usage records and related metadata.

Yuzee may use this information to:

aprovide AI features;
bpersonalise guidance;
cimprove matching;
dimprove recommendations;
eprepare RMO support;
freview documents;
grespond to support requests;
hdetect misuse;
iimprove safety;
jdebug errors;
ktest quality;
lmonitor performance;
mimprove prompts and workflows;
nimprove the Platform; and
ocomply with legal obligations.

Users should avoid including unnecessary sensitive information in AI prompts or chats.

7.13 Sensitive information and AI

Sensitive information may be included in AI prompts, chats, documents or profile information if a user provides it or if it is relevant to a service.

Sensitive information may include health information, disability information, NDIS-related information, financial hardship information, visa or migration-related information, identity information, family circumstances, counselling-style notes or other sensitive information.

Yuzee may use sensitive information to provide relevant support, guidance, RMO preparation, document review, accessibility support, user safety, legal compliance or other services described in this Privacy Policy.

Yuzee will take additional care when handling sensitive information.

Users should not submit sensitive information unless it is relevant to the service they are using or Yuzee specifically asks for it.

7.14 External data and AI

Yuzee’s AI, matching and recommendation systems may use public, government, global, commercial, licensed, partner, institution, employer, user-provided and research data.

This may include ABS data, Australian Government datasets, state and territory datasets, local government datasets, regulator datasets, education datasets, labour market datasets, skills datasets, global datasets, public websites, commercial datasets, licensed datasets and Yuzee’s own research and development.

External data may be incomplete, delayed, revised, unavailable, aggregated, sampled, inconsistent or unsuitable for a specific purpose.

AI and automation may interpret, summarise, classify, compare, transform or infer insights from these sources.

Yuzee does not guarantee that AI outputs, matches or recommendations based on external data will always be complete, current, accurate or suitable.

7.15 Accuracy and limitations

Yuzee works to make AI features, data, matching and recommendations useful and reliable.

However, AI outputs, predictions, profiles, suitability indicators, matches, recommendations, summaries and issue indicators may be affected by:

aincomplete information;
binaccurate information;
coutdated information;
dlimited user input;
echanging user goals;
fchanging course information;
gchanging job information;
hchanging labour market conditions;
ichanging personal circumstances;
jthird-party data limitations;
kpublic data limitations;
lAI limitations;
mmodelling limitations;
nassumptions;
ostatistical limitations;
psystem errors;
qunknown factors; and
rfuture events.

Yuzee does not guarantee that personalised guidance will fully understand a user, fully predict a user’s needs, identify every issue, identify every opportunity or recommend the best possible option in every case.

7.16 User review and verification

Users should carefully review important AI outputs, recommendations, matches, suitability indicators, RMO summaries, document summaries, forecasts and guidance before relying on them.

Important information may include:

acourse availability;
bcourse fees;
centry requirements;
dfunding eligibility;
eaccreditation;
fcourse content;
gjob availability;
hemployment conditions;
iwages or salary;
jwork rights;
kvisa implications;
llicensing or registration requirements;
moffer conditions;
napplication deadlines;
ocost-of-living information;
prelocation information;
qinstitution requirements;
remployer requirements; and
sother information that may materially affect a decision.

Users should confirm important information with the relevant institution, employer, partner, regulator, government body or qualified adviser before making final decisions.

7.17 User controls and correction

Yuzee may provide tools that allow users to review, update or correct certain profile information, preferences, documents, communication settings or account information.

Users may contact Yuzee if they believe a profile, recommendation, forecast, course match, job match, pathway suggestion, AI output, document summary or data point is inaccurate, outdated, incomplete, misleading or unsafe.

Yuzee may review the report and take action where Yuzee reasonably considers it appropriate.

Possible actions may include:

acorrecting information;
bupdating a profile;
cupdating a recommendation;
dupdating a match;
ere-running an assessment;
fremoving or hiding information;
gasking for more information;
hcontacting a third party;
iimproving a model;
jimproving a prompt;
kimproving a data source;
limproving an automation tool;
mescalating to staff review; or
ntaking no action where Yuzee reasonably considers no change is required.

7.18 AI and paid or free services

Yuzee may offer different AI features, usage limits, support levels or processing priorities for free users and paid users.

Yuzee may use information to manage:

afree AI usage limits;
bpaid AI usage limits;
cfair use;
drate limits;
efeature access;
fdocument limits;
gRMO limits;
hsupport levels;
ientitlement records;
jsubscription status;
kcredit usage;
labuse controls; and
mplatform performance.

Paid access may provide additional features, higher limits or additional support, but it does not guarantee outcomes, offers, enrolment, employment, funding, visa outcomes, career outcomes or perfect AI outputs.

7.19 AI improvement and research

Yuzee may use information to evaluate, test, improve and develop AI features, matching systems, prompts, workflows, data quality tools, safety tools and recommendation systems.

This may include using:

auser feedback;
bAI usage records;
cAI outputs;
derror logs;
esupport records;
fquality signals;
gde-identified information;
haggregated information;
istaff review;
jcounsellor review;
kdata validation;
lautomation tools;
mexperiments;
naudits; and
oresearch and development.

Where appropriate, Yuzee may use de-identified or aggregated information to improve AI features and platform quality.

7.20 Transparency and updates

Yuzee aims to be transparent about how AI, profiling, prediction and decision-support are used.

Yuzee may provide additional notices, Collection Notices, consent notices or product explanations for specific AI features or data uses.

Yuzee may update this Privacy Policy as AI features, matching systems, data sources, laws, third-party providers or privacy practices change.

Where required by law, Yuzee may provide additional information about automated decision-support, AI systems, profiling, computer programs, personal information use or decisions that could reasonably be expected to significantly affect an individual’s rights or interests.

7.21 Questions or concerns about AI and profiling

Users may contact Yuzee if they have questions or concerns about AI, profiling, personalised guidance, recommendations, matching, predictions, issue indicators or decision-support.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask users to verify their identity before responding to certain privacy requests or making changes to personal information.

Sensitive Information

8.1 Overview

Sensitive information is a special category of personal information that may require additional care.

Yuzee may collect or handle sensitive information where it is relevant to the service being used, provided by the user, consented to where required, required or authorised by law, or otherwise permitted under applicable law.

Yuzee does not want users to provide unnecessary sensitive information.

Users should only provide sensitive information where it is relevant to the service, support request, document upload, AI interaction, Request Multiple Offers workflow, accessibility need or other feature they are using.

8.2 Types of sensitive information Yuzee may handle

Sensitive information Yuzee may handle could include information about:

ahealth;
bdisability;
cmedical conditions;
dmental health or wellbeing;
eNDIS-related circumstances;
faccessibility needs;
gsupport needs;
hfinancial hardship;
ivisa or migration circumstances;
jwork rights;
kidentity documents;
lgovernment identifiers;
mracial or ethnic origin;
nreligious or cultural considerations;
ofamily circumstances;
pcriminal record information, where relevant and provided;
qbiometric information, if a future feature uses it and appropriate notice is provided;
rinformation about children or young people;
scounselling-style notes;
tsensitive information included in uploaded documents;
usensitive information included in AI prompts or chats;
vsensitive information included in RMO or offer request workflows; and
wother information treated as sensitive under applicable law.

8.3 When Yuzee may collect sensitive information

Yuzee may collect sensitive information when:

ayou provide it directly;
byou include it in your profile;
cyou include it in an uploaded document;
dyou include it in an AI prompt or chat;
eyou provide it in a support request;
fyou provide it in a complaint;
gyou provide it for counselling-style guidance;
hyou provide it for accessibility or support needs;
iyou provide it for Request Multiple Offers;
jyou provide it for an offer request;
kyou provide it for document review;
lit is included in information provided by a parent, guardian or authorised representative;
mit is included in information provided by an institution, employer, partner or organisation, where permitted;
nit is needed to protect safety, security or platform integrity;
oit is needed to respond to a privacy, legal, support or data breach issue;
pit is required or authorised by law; or
qYuzee otherwise has a lawful basis to handle it.

8.4 Consent for sensitive information

Where consent is required by law, Yuzee will seek consent before collecting, using or disclosing sensitive information.

Consent may be requested through:

aaccount flows;
bprofile questions;
cdocument upload notices;
dAI feature notices;
eRequest Multiple Offers consent screens;
foffer request workflows;
gsupport processes;
haccessibility or support forms;
iparent or guardian processes;
jorganisation workflows; or
kother notices or consent mechanisms.

If you provide sensitive information voluntarily in a profile, document, AI prompt, message, RMO request or support request, Yuzee may treat that information as provided for the relevant purpose, subject to applicable law.

8.5 How Yuzee may use sensitive information

Yuzee may use sensitive information to provide, personalise, protect and improve the Platform.

This may include using sensitive information to:

aprovide relevant guidance;
bunderstand support needs;
csupport accessibility;
dpersonalise pathway suggestions;
esupport course matching;
fsupport job matching;
gsupport skills matching;
hsupport Request Multiple Offers;
iprepare offer request information;
jreview documents;
kprovide counselling-style support;
lidentify possible issues;
mavoid unsuitable recommendations where possible;
nimprove support quality;
orespond to user requests;
prespond to complaints;
qmanage safety risks;
rmanage privacy or security risks;
scomply with legal obligations;
tmanage disputes; and
uimprove the Platform.

Sensitive information is used for decision-support and service delivery. Yuzee does not use sensitive information to make final study, career, employment, migration, financial, legal, health, enrolment or life decisions for users.

8.6 Sensitive information in profiles

A user may include sensitive information in their Yuzee profile, either directly or indirectly.

For example, a user may provide information about disability support needs, health-related study constraints, visa or work-rights considerations, financial hardship, accessibility needs, caring responsibilities or other personal circumstances.

Yuzee may use this information to personalise guidance and support where relevant.

Users can update their profile where available and should keep information accurate and current.

8.7 Sensitive information in documents

Uploaded documents may contain sensitive information.

This may include information in resumes, transcripts, certificates, identity documents, support letters, visa documents, medical documents, disability support documents, financial hardship documents, legal documents, family-related documents or other files.

Yuzee may use AI, automation, data extraction, human review or other tools to process uploaded documents.

Users should only upload documents that are relevant to the service they are using.

Users should remove or redact unnecessary sensitive information before uploading documents where practical.

8.8 Sensitive information in AI prompts and chats

AI prompts, AI chats and messages may contain sensitive information if users include it.

Users should avoid entering unnecessary sensitive information into AI prompts, AI chats or free-text fields.

Where sensitive information is provided in an AI interaction, Yuzee may use it to provide the relevant AI feature, personalise guidance, provide support, detect issues, improve safety, improve quality and operate the Platform in accordance with this Privacy Policy.

Yuzee may use third-party AI providers to support AI features, as described in this Privacy Policy.

Yuzee will take reasonable steps to manage privacy and security risks when sensitive information may be processed by AI features or AI providers.

8.9 Sensitive information in Request Multiple Offers

Request Multiple Offers may involve information that is sensitive or personal.

This may include information about a user’s support needs, accessibility needs, visa or work-rights circumstances, financial hardship, education history, documents, identity-related information or other personal circumstances.

Yuzee will not intentionally share sensitive information with institutions, employers or partners through RMO unless:

athe user approves or requests the sharing;
bthe information is reasonably necessary for the relevant RMO workflow;
cthe sharing is described in the applicable notice or consent process;
dthe sharing is required or authorised by law; or
eanother lawful basis applies.

Yuzee may provide additional RMO consent screens or notices before sensitive information is shared.

8.10 Sensitive information and institutions, employers or partners

Institutions, employers and partners may receive sensitive information where it is shared through Yuzee with appropriate authority, consent, notice or legal basis.

Organisations that receive sensitive information through Yuzee must handle it lawfully, securely and only for permitted purposes.

Organisations must not use sensitive information for unlawful discrimination, unfair treatment, unrelated marketing, unauthorised profiling, unauthorised sharing or any purpose not permitted by Yuzee, the user or applicable law.

8.11 Sensitive information and children or young people

Yuzee may apply additional care when handling sensitive information about children and young people.

Sensitive information about children or young people may include support needs, health information, disability information, education support information, family circumstances, school information, counselling-style notes, documents or parent/guardian information.

Where required or appropriate, Yuzee may involve a parent, guardian, school, institution or authorised organisation.

Yuzee may provide additional notices or consent processes for children and young people.

8.12 Sensitive information and marketing

Yuzee does not intend to use sensitive information for unrelated marketing.

Yuzee should not intentionally use sensitive information such as health, disability, financial hardship, visa circumstances, identity documents, counselling-style notes or information about children to target unrelated marketing.

Yuzee may use general preferences, interests, account settings or service activity to provide relevant communications where permitted by law and user preferences.

8.13 Sensitive information and analytics

Yuzee may use analytics to improve the Platform, understand service use, improve support, detect issues and improve safety.

Where reasonably appropriate, Yuzee may use de-identified, aggregated, high-level or minimised information for analytics involving sensitive categories.

Yuzee should not intentionally send raw sensitive information to external analytics, attribution, advertising or paywall tools unless there is a lawful basis, appropriate safeguards and consent where required.

8.14 Sensitive information and AI improvement

Yuzee may use AI usage records, feedback, quality signals, support records, de-identified information, aggregated information and other information to improve AI features and platform quality.

Where reasonably appropriate, Yuzee may minimise, de-identify, aggregate, redact or restrict sensitive information before using it for AI improvement, analytics, research or testing.

Yuzee aims to configure third-party AI services so that personal information is not used to train public or general AI models where reasonably available and appropriate.

If Yuzee materially changes this approach, Yuzee will update its notices or seek consent where required by law.

8.15 Sensitive information and safety

Yuzee may use sensitive information where reasonably necessary to protect users, Organisations, Yuzee or the Platform.

This may include use for:

aaccount security;
buser safety;
cchild safety;
dharmful communication detection;
efraud prevention;
ffake document detection;
gfake offer detection;
hprivacy risk management;
isecurity incident response;
jdata breach assessment;
kcomplaint handling;
ldispute resolution;
mlegal compliance; and
nurgent safety or platform integrity reasons.

8.16 Sensitive information and legal compliance

Yuzee may use or disclose sensitive information where required or authorised by law.

This may include situations involving:

acourt orders;
bregulator requests;
claw enforcement requests;
dlegal claims;
eprivacy requests;
fdata breach response;
gtax, audit or accounting obligations;
hconsumer law obligations;
isafety obligations;
jchild safety obligations;
kpayment disputes;
lfraud prevention; or
mother legal or regulatory requirements.

8.17 Limiting sensitive information

Yuzee may choose to limit, reject, redact, delete, de-identify, restrict or not process sensitive information where Yuzee reasonably considers that the information is unnecessary, excessive, unsafe, irrelevant, unlawful, high-risk or not appropriate for the Platform.

This may include information submitted in:

aprofile fields;
buploaded documents;
cAI prompts;
dAI chats;
esupport requests;
fRMO requests;
goffer request workflows;
horganisation dashboards;
imessages; or
jfeedback.

8.18 User responsibility when providing sensitive information

Users are responsible for considering whether sensitive information is necessary before providing it to Yuzee.

Users should:

aprovide only information relevant to the service being used;
bavoid unnecessary sensitive information;
cavoid uploading unnecessary identity documents;
dremove or redact unnecessary details where practical;
eavoid providing sensitive information about another person without authority;
fkeep profile information accurate and current;
gcheck document uploads before submitting them;
hreview RMO sharing screens carefully; and
icontact Yuzee if they believe sensitive information has been provided by mistake.

8.19 Sensitive information about other people

Users and Organisations should not provide sensitive information about another person unless they have authority or a lawful basis to do so.

This may include sensitive information about parents, guardians, referees, emergency contacts, staff, students, applicants, candidates, children, family members or other people.

If you provide sensitive information about another person, you must take reasonable steps to make sure they are aware of this Privacy Policy and how Yuzee may use the information, unless an exception applies.

8.20 Access, correction and deletion requests

Users may contact Yuzee to request access to or correction of sensitive information Yuzee holds about them, subject to applicable law, verification requirements, account status, technical availability and retention obligations.

Users may also request deletion of certain information, subject to applicable law and Yuzee’s retention requirements.

Some sensitive information may need to be retained for legal, tax, accounting, audit, payment, fraud prevention, security, dispute, RMO, offer, support, compliance, safety or backup purposes.

8.21 Security of sensitive information

Yuzee will take reasonable steps to protect sensitive information.

These steps may include:

aaccess controls;
brole-based permissions;
cauthentication controls;
dencryption where appropriate;
emonitoring;
flogging;
gbackup controls;
hstaff access limits;
iprovider controls;
jsecurity review;
kprivacy review;
ldata minimisation where appropriate;
minternal policies;
nincident response processes; and
oother safeguards Yuzee considers appropriate.

No online platform can guarantee absolute security.

8.22 Contact about sensitive information

If you have questions or concerns about sensitive information, contact Yuzee.

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Security contact: [insert security email]

Yuzee may ask you to verify your identity before responding to a request about sensitive information.

International and Overseas Processing

10.1 Overview

Yuzee is operated from Australia.

Yuzee may collect, store, access, process, disclose or make personal information available in Australia and in other countries where Yuzee, its service providers, AI providers, technology providers, payment providers, app stores, support providers, analytics providers, institutions, employers, partners or other relevant recipients operate.

Overseas processing may occur when Yuzee uses global technology services or when users, Organisations, institutions, employers or partners interact with Yuzee from outside Australia.

10.2 Why overseas processing may occur

Yuzee may use overseas processing to provide, operate, protect, support and improve the Platform.

Overseas processing may occur for purposes such as:

acloud hosting;
bdata storage;
cdatabase services;
dAI processing;
eAI chat;
fdocument review;
gdocument summaries;
hmatching and recommendations;
ianalytics;
japp performance monitoring;
kcrash reporting;
lpayment processing;
mapp-store purchases;
nemail delivery;
oSMS delivery;
pphone communications;
qsupport tools;
rsecurity monitoring;
sfraud prevention;
tmarketing attribution;
uproduct improvement;
vresearch and development;
worganisation dashboards;
xRMO support; and
ylegal, compliance or business operations.

10.3 Overseas recipients

Yuzee may disclose or make personal information available to overseas recipients where reasonably necessary for the Platform.

Overseas recipients may include:

aAI providers;
bcloud hosting providers;
cdata storage providers;
danalytics providers;
ecrash reporting providers;
fpayment providers;
gapp stores;
hemail providers;
iSMS providers;
jphone providers;
kcustomer support tools;
lsecurity providers;
mmonitoring providers;
ndatabase providers;
omarketing and attribution providers;
pprofessional advisers;
qinstitutions located outside Australia;
remployers located outside Australia;
spartners located outside Australia;
trelated bodies or contractors located outside Australia; and
uother service providers that support Yuzee’s services.

10.4 Countries where processing may occur

Yuzee may use service providers that operate in Australia and overseas.

Depending on Yuzee’s providers, infrastructure, user location and service configuration, personal information may be processed in countries such as:

aAustralia;
bUnited States;
cCanada;
dUnited Kingdom;
ecountries in the European Union or European Economic Area;
fSingapore;
gNew Zealand;
hIndia;
iJapan;
jMalaysia;
kPhilippines;
lother countries where Yuzee’s providers, users, institutions, employers, partners or support services operate; and
mother countries notified by Yuzee from time to time.

The countries involved may change as Yuzee’s providers, infrastructure, services and business operations change.

10.5 Third-party AI providers and overseas processing

Yuzee may use third-party AI providers to support AI features.

AI providers may operate infrastructure, personnel, support functions, model systems or processing environments in different countries.

Yuzee may send prompts, messages, documents, profile context, AI inputs, AI outputs, usage records, error logs, quality signals or related information to AI providers where reasonably necessary to provide, support, secure, monitor or improve AI features.

Yuzee may use AI providers such as Google Gemini, Anthropic Claude, OpenAI/ChatGPT, xAI/Grok or other current or future AI providers.

Where reasonably available and appropriate, Yuzee aims to configure third-party AI services so that personal information is not used to train public or general AI models.

If Yuzee materially changes this approach, Yuzee will update its notices or seek consent where required by law.

10.6 Cloud, hosting and infrastructure providers

Yuzee may use cloud, hosting, database, backup, monitoring and infrastructure providers that operate in Australia or overseas.

These providers may store or process information needed for:

aaccount management;
buser profiles;
cAI features;
ddocument storage;
edocument processing;
fRMO workflows;
gorganisation dashboards;
hpayment records;
isupport records;
jtechnical logs;
kanalytics;
lsecurity monitoring;
mbackups;
ndisaster recovery; and
oplatform operation.

Yuzee will take reasonable steps to select and manage providers appropriate for the relevant service and risk level.

10.7 Payment providers and app stores

Yuzee may use payment providers, app stores, banks, card networks or billing platforms that operate internationally.

These providers may process information relating to:

asubscriptions;
bpurchases;
ccredits;
dtop-ups;
eRMO Review Passes;
finvoices;
greceipts;
hpayment status;
ifailed payments;
jrefunds;
kchargebacks;
lapp-store transactions;
mentitlement records; and
nbilling support.

Payment providers and app stores may have their own privacy policies, data practices, processing locations and legal obligations.

10.8 Analytics, monitoring and support tools

Yuzee may use analytics, monitoring, crash reporting, customer support, communication, attribution, paywall, experimentation or product improvement tools that operate in Australia or overseas.

These tools may process information such as:

adevice information;
bapp version;
cbrowser information;
dusage events;
ecrash logs;
ferror logs;
gsupport messages;
hemail delivery records;
iSMS delivery records;
jsubscription events;
kpayment status events;
lsecurity alerts;
mtechnical logs;
nproduct analytics;
omarketing attribution; and
prelated metadata.

Where reasonably appropriate, Yuzee may use de-identified, aggregated, minimised or limited information with these tools.

Yuzee should not intentionally send raw sensitive information, raw uploaded documents, raw AI chats, raw counselling-style notes, identity documents, detailed health information, disability information or similar high-risk information to external analytics, attribution or advertising tools unless there is a lawful basis, appropriate safeguards and consent where required.

10.9 Institutions, employers and partners outside Australia

Yuzee may share information with institutions, employers or partners outside Australia where relevant to a user’s use of the Platform.

This may occur if:

athe user requests or approves the sharing;
bthe user is exploring overseas study;
cthe user is exploring overseas work;
dthe user is exploring global pathway options;
ethe user uses RMO involving an overseas recipient;
fthe user requests contact with an overseas institution, employer or partner;
gthe relevant Organisation operates internationally;
hthe sharing is required or authorised by law; or
ianother lawful basis applies.

Yuzee may provide additional notices or consent screens where appropriate before sharing information with overseas institutions, employers or partners.

10.10 International users

If you access Yuzee from outside Australia, your information may be processed in Australia and other countries.

By using Yuzee from outside Australia, you understand that your information may be handled in countries that may have privacy and data protection laws different from those in your country.

Depending on your location, you may have additional privacy or data protection rights under local law.

Yuzee may provide additional notices, processes or rights where required by applicable law.

10.11 Reasonable steps and safeguards

Yuzee will take reasonable steps to manage privacy and security risks when personal information is disclosed or made available overseas.

Depending on the circumstances, these steps may include:

aprovider due diligence;
bcontractual controls;
cprivacy and security terms;
dconfidentiality obligations;
eaccess controls;
frole-based permissions;
gauthentication controls;
hencryption where appropriate;
idata minimisation;
jde-identification or aggregation where appropriate;
klimits on provider use;
llimits on provider disclosure;
mincident response requirements;
ndata breach notification requirements;
odeletion or return requirements;
pmonitoring or review processes;
qvendor risk assessment;
rprivacy impact assessment where appropriate; and
sother safeguards Yuzee considers appropriate for the relevant risk.

10.12 Overseas processing and sensitive information

Yuzee will take additional care where sensitive information may be processed overseas.

Sensitive information may include health information, disability information, NDIS-related information, visa or migration-related information, financial hardship information, identity documents, information about children or young people, counselling-style notes or other information treated as sensitive under applicable law.

Where reasonably appropriate, Yuzee may minimise, redact, restrict, de-identify, aggregate or avoid overseas processing of sensitive information.

Some overseas processing of sensitive information may still occur where reasonably necessary to provide the relevant service, support the user, process documents, provide AI features, manage RMO, protect safety, respond to support requests, comply with law or operate the Platform.

10.13 Overseas processing and RMO

Request Multiple Offers may involve sharing information with institutions, employers or partners.

If an RMO recipient is located outside Australia or uses overseas systems, personal information may be processed overseas.

Yuzee may provide RMO notices or consent screens explaining relevant sharing.

Users should review RMO sharing information carefully before approving or submitting an RMO request.

10.14 Overseas processing and AI prompts

AI prompts, chats, documents, profile context and AI outputs may be processed by AI providers that operate internationally.

Users should avoid including unnecessary sensitive information in AI prompts, chats or uploaded documents.

Yuzee will take reasonable steps to manage privacy and security risks when using AI providers, but Yuzee cannot guarantee that overseas AI processing will be risk-free.

10.15 Overseas processing and legal access

Information processed overseas may be subject to laws of the country where the information is processed, stored or accessed.

This may include laws that allow overseas courts, regulators, government agencies or law enforcement bodies to request access to information.

Yuzee will take reasonable steps to respond to legal requests appropriately and in accordance with applicable law.

10.16 User choices

Where available and appropriate, users may have choices that affect overseas processing.

This may include choices about:

awhether to use certain AI features;
bwhether to upload documents;
cwhether to use RMO;
dwhether to share information with overseas institutions, employers or partners;
ewhether to use paid services through app stores or payment providers;
fwhether to provide optional profile information;
gwhether to provide sensitive information; and
hwhether to use external third-party services.

Some overseas processing may be necessary to provide certain features. If a user chooses not to provide or share required information, Yuzee may not be able to provide the relevant feature.

10.17 Changes to overseas processing

Yuzee’s overseas processing arrangements may change over time.

This may happen because of changes to:

aAI providers;
bcloud providers;
cpayment providers;
dapp stores;
eanalytics tools;
fsupport tools;
gcommunication providers;
hsecurity providers;
iinstitutions;
jemployers;
kpartners;
linfrastructure;
muser locations;
nbusiness operations;
olegal requirements; or
pplatform features.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices or product notices to explain material changes.

10.18 Questions about overseas processing

If you have questions about overseas processing, contact Yuzee.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask you to verify your identity before responding to certain privacy requests.

Data Security

11.1 Overview

Yuzee takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, unauthorised modification and unauthorised disclosure.

Yuzee uses a combination of technical, organisational, administrative and operational safeguards to help protect information.

The safeguards Yuzee uses may depend on:

athe type of information;
bthe sensitivity of the information;
cthe amount of information;
dthe feature or service being used;
ethe risks involved;
fthe technology available;
gthe service providers involved;
hlegal requirements;
ioperational requirements; and
jwhat is reasonable in the circumstances.

11.2 Reasonable security steps

Yuzee may use reasonable security steps such as:

aaccess controls;
brole-based permissions;
cauthentication controls;
dpassword protections;
eaccount security processes;
fencryption where appropriate;
gsecure cloud services;
hsecure data storage practices;
ilogging and monitoring;
jbackup controls;
ksecurity reviews;
lstaff access controls;
mcontractor access controls;
nprovider due diligence;
oprovider security obligations;
pprivacy and security policies;
qstaff training;
rincident response processes;
sdata breach assessment processes;
tdata minimisation where appropriate;
ude-identification or aggregation where appropriate;
vdeletion or retention controls;
wvulnerability management;
xfraud and misuse detection;
yphysical security measures where relevant; and
zother safeguards Yuzee considers appropriate.

11.3 Technical safeguards

Yuzee may use technical safeguards to help protect information.

These may include:

asecure hosting environments;
baccess restrictions;
cauthentication controls;
dmulti-factor authentication where available or appropriate;
epassword protections;
fencryption in transit where appropriate;
gencryption at rest where appropriate;
hsecure API controls;
ifirewalls or network controls;
jmonitoring tools;
klogging tools;
lmalware protection where relevant;
mvulnerability management;
nbackup systems;
odisaster recovery processes;
psystem updates;
qconfiguration controls;
rrate limits;
sabuse detection;
taudit trails; and
uother technical controls Yuzee considers appropriate.

11.4 Organisational safeguards

Yuzee may use organisational safeguards to help protect information.

These may include:

aprivacy policies;
bsecurity policies;
cinternal procedures;
dstaff training;
econtractor controls;
fconfidentiality obligations;
grole-based access rules;
hinternal approval processes;
ivendor review processes;
jincident response plans;
kdata breach response processes;
lrisk assessments;
mprivacy impact assessments where appropriate;
naudit and review processes;
odata retention rules;
pdeletion and de-identification procedures;
qaccess review processes;
rcomplaint handling processes;
ssupport procedures; and
tother organisational controls Yuzee considers appropriate.

11.5 Access controls

Yuzee may limit access to personal information based on role, purpose and need.

Access controls may apply to:

aYuzee staff;
bcontractors;
csupport personnel;
dproduct teams;
eengineering teams;
fdata teams;
gAI teams;
hprivacy and security personnel;
ibilling personnel;
jorganisation administrators;
korganisation staff users;
linstitutions;
memployers;
npartners;
oservice providers; and
pother authorised users.

Yuzee may use permissions, account roles, authentication, audit logs or other controls to help manage access.

11.6 Staff and contractor access

Yuzee may allow staff and contractors to access personal information where reasonably necessary for their role.

This may include access for:

asupport;
baccount management;
cRMO support;
doffer request support;
edocument review;
ftechnical troubleshooting;
gbilling support;
hprivacy requests;
icomplaint handling;
jsecurity monitoring;
kfraud prevention;
lproduct improvement;
mAI quality improvement;
ndata quality improvement;
olegal compliance; and
pbusiness operations.

Staff and contractors should only access information for authorised purposes.

11.7 Organisation access controls

If an Organisation uses Yuzee, the Organisation may have administrators or staff users who can access information through dashboards, CRM tools, RMO workflows, offer request workflows or reporting tools.

Organisations are responsible for:

aensuring staff users are authorised;
bmanaging staff access;
cremoving access when staff leave or change roles;
dprotecting login details;
eusing information only for permitted purposes;
fhandling information lawfully;
gkeeping information secure;
hpreventing unauthorised access;
ipreventing unauthorised sharing; and
jcomplying with applicable law and Yuzee agreements.

Yuzee may suspend or limit organisation access if Yuzee reasonably believes there is a privacy, security, misuse, fraud, legal or platform risk.

11.8 Account security

Users are responsible for helping protect their own accounts.

Users should:

ause a strong password;
bkeep passwords confidential;
cavoid reusing passwords across services;
dprotect access to their email account;
eprotect access to their phone;
fprotect access to their device;
glog out from shared devices;
havoid sharing login details;
ikeep account details up to date;
jbe careful with suspicious links;
kreport suspicious activity; and
lcontact Yuzee if they believe their account has been compromised.

Yuzee is not responsible for unauthorised access caused by a user’s failure to protect their login details, email, phone, device or account, except to the extent required by law.

11.9 Passwords and authentication

Yuzee may use passwords, login links, verification codes, single sign-on, multi-factor authentication or other authentication methods.

Yuzee may change authentication methods as the Platform develops.

Yuzee may require additional verification where Yuzee considers it appropriate, including for:

aprivacy requests;
baccess requests;
ccorrection requests;
ddeletion requests;
eaccount recovery;
fsuspicious login activity;
gpayment issues;
hRMO sharing;
isensitive information;
jorganisation administrator access; or
ksecurity concerns.

11.10 Encryption

Yuzee may use encryption where appropriate to help protect personal information.

This may include encryption:

aduring transmission;
bat rest;
cin databases;
din file storage;
ein backups;
fin communication channels;
gin API connections; or
hin other systems where appropriate.

The type and level of encryption may depend on the information, system, provider, feature, risk and technical feasibility.

11.11 Uploaded documents and file security

Yuzee may store, process and review uploaded documents.

Uploaded documents may include personal information or sensitive information.

Yuzee may use safeguards such as access controls, secure storage, role-based permissions, logging, provider controls, retention controls, deletion processes and review limits to help protect uploaded documents.

Users should only upload documents that are relevant to the service being used.

Users should remove or redact unnecessary sensitive information where practical.

11.12 AI feature security

Yuzee may use AI providers and AI infrastructure to provide AI features.

Yuzee may take reasonable steps to manage AI-related security and privacy risks, including:

alimiting information shared with AI providers where practical;
busing provider controls where available;
creviewing AI provider privacy and security practices where appropriate;
dconfiguring AI services appropriately where available;
elimiting use of sensitive information where practical;
fwarning users not to provide unnecessary sensitive information;
gmonitoring AI feature misuse;
hrestricting harmful prompts or outputs where appropriate;
ikeeping AI usage records where needed;
jreviewing AI issues where appropriate; and
kupdating AI controls as Yuzee’s systems develop.

Where reasonably available and appropriate, Yuzee aims to configure third-party AI services so that personal information is not used to train public or general AI models.

11.13 Payment security

Yuzee may use third-party payment providers, app stores, banks or card networks to process payments.

Yuzee does not need to store full payment card details where payments are handled by third-party payment providers.

Payment providers and app stores may apply their own security controls, privacy policies, fraud checks, payment rules and dispute processes.

Yuzee may store payment-related records such as purchase history, subscription status, invoice details, receipt details, payment status, refund status, transaction IDs, entitlement records and payment provider references.

11.14 Provider and vendor security

Yuzee may use third-party service providers to support the Platform.

These may include AI providers, cloud providers, payment providers, app stores, analytics tools, communication tools, support tools, security tools, monitoring tools, database providers, marketing tools and professional advisers.

Yuzee may take reasonable steps to manage provider risk, including:

aprovider due diligence;
bcontractual controls;
cconfidentiality obligations;
dprivacy and security terms;
eaccess limits;
fdata minimisation;
gsecurity review;
hincident notification requirements;
ideletion or return requirements;
jprovider monitoring where appropriate; and
kreplacing or changing providers where appropriate.

Yuzee is not responsible for a third-party provider’s independent acts or omissions except to the extent required by law or expressly agreed in writing.

11.15 Monitoring and logs

Yuzee may use monitoring and logs to protect users, Organisations and the Platform.

This may include:

alogin logs;
baccess logs;
csecurity logs;
dsystem logs;
eerror logs;
fAPI logs;
gaudit trails;
hpayment logs;
iRMO activity logs;
jdocument activity logs;
kAI usage logs;
lsupport logs;
morganisation dashboard logs;
nfraud signals;
omisuse signals; and
pother records needed for security and operations.

Yuzee may use logs to investigate security incidents, privacy issues, misuse, fraud, technical errors, complaints, disputes, support requests and legal matters.

11.16 Security and fraud detection

Yuzee may use information to detect, prevent and respond to security risks, fraud, misuse and platform abuse.

This may include detecting:

aunauthorised access;
bsuspicious login activity;
caccount takeover attempts;
dfake accounts;
efake documents;
ffake offers;
gpayment misuse;
hcredit misuse;
ispam;
jscraping;
kharmful messages;
lprompt injection;
mAI misuse;
nRMO misuse;
oorganisation misuse;
pprivacy risks;
qsecurity vulnerabilities;
rmalicious activity; and
sother misuse of the Platform.

Yuzee may suspend, limit or investigate accounts, features, Organisations or activities where Yuzee reasonably considers there is a security, fraud, misuse, legal, privacy or safety risk.

11.17 Security testing and vulnerability management

Yuzee may conduct security reviews, vulnerability checks, code reviews, provider reviews, configuration reviews, penetration testing, security monitoring or other testing where appropriate.

Yuzee may also receive vulnerability reports from users, researchers, providers or third parties.

Yuzee may prioritise and remediate vulnerabilities based on severity, risk, exploitability, impact, resources and operational requirements.

Users, researchers and third parties must not test, scan, attack, access, scrape, disrupt or interfere with Yuzee systems without written permission.

11.18 Security incidents

A security incident may include an actual or suspected event involving:

aunauthorised access;
bunauthorised disclosure;
cunauthorised modification;
dmisuse;
einterference;
floss;
gmalware;
hphishing;
icredential compromise;
jaccount takeover;
ksystem vulnerability;
lservice provider incident;
mpayment incident;
nAI provider incident;
odocument exposure;
pRMO exposure;
qorganisation dashboard exposure;
rdata breach; or
sother event affecting confidentiality, integrity or availability.

Yuzee may assess, contain, investigate, remediate, monitor and record security incidents in accordance with Yuzee’s internal processes and applicable law.

11.19 Data breaches

A data breach may occur where personal information is accessed or disclosed without authorisation, or is lost.

Yuzee will assess suspected data breaches and take steps that Yuzee reasonably considers appropriate in the circumstances.

This may include:

acontaining the issue;
binvestigating what happened;
cidentifying affected information;
didentifying affected users or Organisations;
eassessing likely harm;
fnotifying affected people where required;
gnotifying regulators where required;
hnotifying service providers where relevant;
inotifying Organisations where relevant;
jtaking remedial action;
kimproving controls;
lkeeping incident records; and
mtaking legal or operational action where appropriate.

11.20 No guarantee of absolute security

Yuzee takes reasonable steps to protect personal information.

However, no website, app, AI tool, cloud service, communication system, payment system, database, internet transmission or electronic storage method can be guaranteed to be completely secure.

Yuzee cannot guarantee that unauthorised access, cyber incidents, provider failures, system errors, user error, malicious activity, device compromise, email compromise, phishing or other risks will never occur.

Nothing in this Privacy Policy excludes rights or obligations that cannot lawfully be excluded.

11.21 User responsibility for external sharing

If a user copies, downloads, exports, sends, screenshots, posts, emails or otherwise shares information outside Yuzee, Yuzee may not be able to control that information.

This may include where a user shares:

aprofile information;
bAI outputs;
crecommendations;
ddocuments;
eRMO summaries;
foffer information;
gaccount information;
hscreenshots;
isupport messages; or
jother Platform information.

Users should consider privacy and security before sharing information outside Yuzee.

11.22 Physical security

Where Yuzee handles physical records, devices or premises, Yuzee may use physical security measures appropriate to the circumstances.

These may include:

arestricted access;
bsecure storage;
cstaff access controls;
dvisitor controls;
edevice protections;
fsecure disposal;
gshredding where appropriate;
hlocked storage where appropriate; and
iother physical safeguards.

Yuzee aims to minimise the use of physical records where practical.

11.23 Retention, deletion and de-identification as security measures

Yuzee may use retention controls, deletion, de-identification, aggregation or putting information beyond use as part of its security approach.

Yuzee may retain information where needed for the purposes described in this Privacy Policy, including account management, service delivery, RMO, billing, tax, accounting, support, security, fraud prevention, compliance, disputes, legal obligations, backups, analytics, research and improvement.

More information is set out in the Data Retention and Deletion section of this Privacy Policy.

11.24 Security of de-identified and aggregated information

Yuzee may use de-identified or aggregated information for analytics, reporting, research, platform improvement, AI evaluation, benchmarking, business planning and data quality improvement.

Yuzee will take reasonable steps to reduce the risk that de-identified or aggregated information identifies an individual.

Yuzee may also use safeguards such as access controls, aggregation thresholds, minimisation, masking, separation of identifiers and review processes where appropriate.

11.25 Security contact

If you believe there has been unauthorised access to your account, suspicious activity, a security issue, a privacy issue or a possible data breach, contact Yuzee promptly.

Security contact: [insert security email]
Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask you to verify your identity before discussing account, privacy or security matters.

11.26 Changes to security practices

Yuzee may update its security practices over time as the Platform, AI features, data sources, providers, risks, technology, laws and business operations change.

Yuzee may update this Privacy Policy, security notices or product notices where required by law or where reasonably appropriate.

Data Breaches

12.1 Overview

Yuzee takes data breaches seriously.

Yuzee has processes to assess, contain, investigate, respond to and remediate suspected or confirmed data breaches.

A data breach may involve personal information being:

aaccessed without authorisation;
bdisclosed without authorisation;
clost in circumstances where unauthorised access or disclosure is likely;
dmodified without authorisation;
eexposed because of a system issue;
fexposed because of human error;
gexposed because of a service provider issue;
hexposed because of unauthorised account access;
iexposed because of malicious activity; or
jotherwise compromised.

Not every security incident is a notifiable data breach.

Yuzee will assess suspected data breaches in accordance with applicable law and Yuzee’s internal response processes.

12.2 Examples of possible data breaches

A possible data breach may include:

aunauthorised access to a Yuzee account;
bunauthorised access to an Organisation dashboard;
cunauthorised access to uploaded documents;
dunauthorised disclosure of profile information;
eunauthorised disclosure of RMO information;
faccidental sending of information to the wrong recipient;
gaccidental sharing of documents with the wrong institution, employer or partner;
hunauthorised access to AI prompts, AI chats or AI outputs;
iunauthorised access to support records;
junauthorised access to billing records;
kloss of a device containing personal information;
lcompromise of login credentials;
mphishing or social engineering;
ncyberattack;
omalware;
pservice provider security incident;
qcloud provider security incident;
rAI provider security incident;
spayment provider security incident;
tapp-store or integration incident;
udatabase misconfiguration;
vincorrect access permissions;
wstaff or contractor misuse;
xorganisation staff misuse; or
yanother event that may compromise personal information.

12.3 Internal response process

Where Yuzee becomes aware of a suspected data breach, Yuzee may take steps to:

aidentify the issue;
bcontain the issue;
cpreserve relevant records;
drestrict unauthorised access;
esuspend or reset affected accounts;
fdisable affected integrations;
ginvestigate what happened;
hidentify the type of information involved;
iidentify affected users or Organisations;
jidentify affected systems or providers;
kassess the risk of harm;
lassess whether notification is required;
mnotify affected individuals where required;
nnotify regulators where required;
onotify relevant Organisations where appropriate;
pnotify service providers where appropriate;
qremediate the issue;
rimprove security controls where appropriate;
smonitor for further risk; and
tkeep appropriate records.

The steps taken may depend on the nature, seriousness, scope and cause of the incident.

12.4 Containment

Yuzee may take immediate containment steps where appropriate.

This may include:

arestricting account access;
bresetting passwords;
crevoking sessions;
ddisabling compromised accounts;
esuspending suspicious activity;
flimiting Organisation dashboard access;
gremoving or restricting document access;
hdisabling affected features;
ipausing RMO sharing;
jpausing integrations;
kblocking IP addresses;
lisolating affected systems;
mcontacting service providers;
ncontacting affected Organisations;
opreserving evidence;
pincreasing monitoring; and
qtaking other steps Yuzee considers appropriate.

Yuzee may take containment steps before a full investigation is complete.

12.5 Assessment

Yuzee may assess a suspected data breach to determine:

awhat happened;
bwhen it happened;
chow it happened;
dwhether personal information was involved;
ewhat type of personal information was involved;
fwhether sensitive information was involved;
gwhether children or young people were affected;
hwhether uploaded documents were involved;
iwhether AI prompts, AI chats or AI outputs were involved;
jwhether RMO information was involved;
kwhether payment or billing information was involved;
lwhether Organisation information was involved;
mwho may have accessed or received the information;
nwhether the information was protected;
owhether the information was misused;
pwhether serious harm is likely;
qwhether remedial action can reduce the risk of harm;
rwhether notification is required by law; and
swhat steps should be taken next.

12.6 Serious harm assessment

Yuzee may consider whether a suspected data breach is likely to result in serious harm.

Factors Yuzee may consider include:

athe kind of information involved;
bwhether sensitive information was involved;
cwhether identity documents were involved;
dwhether financial information was involved;
ewhether children or young people were affected;
fwhether health, disability or support information was involved;
gwhether visa, migration or work-rights information was involved;
hwhether counselling-style information was involved;
iwhether RMO or offer information was involved;
jwhether the information was encrypted or otherwise protected;
kwho accessed or received the information;
lwhether the recipient is likely to misuse the information;
mwhether the information could cause identity theft;
nwhether the information could cause financial harm;
owhether the information could cause reputational harm;
pwhether the information could cause emotional harm;
qwhether the information could cause discrimination or unfair treatment;
rwhether remedial action has reduced the risk; and
sany other factor Yuzee considers relevant.

12.7 Notifiable data breaches

Where Yuzee determines that a data breach is notifiable under applicable law, Yuzee will take steps required by that law.

This may include notifying:

aaffected individuals;
bthe Office of the Australian Information Commissioner;
cother regulators;
drelevant Organisations;
eservice providers;
finsurers;
gprofessional advisers;
hlaw enforcement; or
iother parties where required or appropriate.

The content, timing and method of notification may depend on the law, the incident, the information involved, the affected people and the risk of harm.

12.8 Notification to affected individuals

Where Yuzee notifies affected individuals about a data breach, Yuzee may include information such as:

awhat happened;
bwhen it happened, if known;
cwhat information was involved;
dwhat Yuzee has done;
ewhat Yuzee is doing;
fwhat steps the individual should consider taking;
ghow to contact Yuzee;
hhow to make a privacy complaint;
ihow to contact relevant regulators, where applicable; and
jother information Yuzee considers appropriate or legally required.

Yuzee may notify affected individuals by email, in-app notice, account notice, SMS, phone, website notice, dashboard notice, postal notice or another reasonable method.

12.9 Notification to Organisations

If a data breach involves an Organisation, Yuzee may notify the relevant Organisation where appropriate or required.

This may include where:

aan Organisation Account is affected;
ban Organisation dashboard is affected;
cOrganisation staff access is affected;
dInstitution information is affected;
eEmployer information is affected;
fPartner information is affected;
guser information shared with an Organisation is affected;
hRMO information is affected;
ioffer request information is affected;
jbilling information is affected; or
kthe Organisation may need to take action.

Organisations may also have their own data breach, privacy, security, employment, education, consumer or legal obligations.

12.10 Service provider incidents

Yuzee may rely on third-party service providers to operate, support, protect or improve the Platform.

A service provider incident may affect Yuzee if the provider processes personal information for Yuzee or supports a Yuzee service.

Service providers may include:

aAI providers;
bcloud providers;
cpayment providers;
dapp stores;
eanalytics providers;
fcommunication providers;
gemail providers;
hSMS providers;
isupport tools;
jsecurity providers;
kmonitoring tools;
ldatabase providers;
minfrastructure providers;
nmarketing tools; and
oother providers.

If Yuzee becomes aware of a service provider incident that may affect personal information handled by Yuzee, Yuzee may assess the incident and take steps that Yuzee reasonably considers appropriate.

12.11 AI provider incidents

Yuzee may use third-party AI providers to support AI features.

If an AI provider incident may affect Yuzee information, Yuzee may assess:

athe provider involved;
bthe AI feature involved;
cthe prompts or inputs involved;
dthe AI outputs involved;
ewhether documents were involved;
fwhether profile information was involved;
gwhether sensitive information was involved;
hwhether RMO information was involved;
iwhether information was accessed or disclosed without authorisation;
jwhether serious harm is likely;
kwhat remedial action is available; and
lwhether notification is required.

Yuzee may work with the relevant AI provider, service providers, professional advisers or regulators where appropriate.

12.12 RMO-related data breaches

A data breach involving Request Multiple Offers may be higher risk because RMO may involve profile information, documents, education information, work information, support needs, sensitive information, institutions, employers or partners.

If a suspected breach involves RMO, Yuzee may assess:

awhat RMO information was involved;
bwhether documents were involved;
cwhether sensitive information was involved;
dwhether information was shared with the wrong recipient;
ewhether an institution, employer or partner was affected;
fwhether an Organisation dashboard was affected;
gwhether offer request information was affected;
hwhether the user approved the sharing;
iwhether further sharing should be paused;
jwhether affected users should be notified;
kwhether affected Organisations should be notified; and
lwhether regulator notification is required.

12.13 Document-related data breaches

Uploaded documents may contain personal information or sensitive information.

If a suspected breach involves uploaded documents, Yuzee may assess:

athe document type;
bthe information contained in the document;
cwhether identity documents were involved;
dwhether education records were involved;
ewhether work records were involved;
fwhether health or disability information was involved;
gwhether visa or migration information was involved;
hwhether financial hardship information was involved;
iwhether information about children or young people was involved;
jwhether documents were accessed by an unauthorised person;
kwhether documents were sent to the wrong recipient;
lwhether document access should be restricted; and
mwhether notification is required.

12.14 Account compromise

If Yuzee suspects that a user account has been compromised, Yuzee may take steps such as:

anotifying the user;
brequiring a password reset;
crevoking active sessions;
ddisabling login temporarily;
erequiring additional verification;
freviewing account activity;
gpausing RMO activity;
hpausing document sharing;
irestricting Organisation access;
jreviewing payment activity;
kinvestigating suspicious activity;
lremoving unauthorised access; and
mtaking other steps Yuzee considers appropriate.

Users should contact Yuzee promptly if they believe their account, email, phone, device or login details have been compromised.

12.15 User responsibilities during security incidents

Users can help reduce privacy and security risks.

Users should:

akeep passwords confidential;
buse strong passwords;
cprotect their email account;
dprotect their phone and device;
eavoid sharing login details;
flog out of shared devices;
gbe careful with suspicious links;
hreview account activity;
itell Yuzee about suspicious activity;
jtell Yuzee if information appears incorrect or exposed;
kfollow reasonable security instructions from Yuzee; and
ltake recommended steps after a security or data breach notice.

Yuzee is not responsible for harm caused by a user’s failure to protect their own login details, email, phone, device or external accounts, except to the extent required by law.

12.16 Organisation responsibilities during security incidents

Organisations that use Yuzee must take reasonable steps to protect access to Organisation Accounts and user information.

Organisations should:

amanage staff access;
bremove access for staff who leave or change roles;
cprotect administrator accounts;
duse secure passwords;
eavoid shared accounts;
fmonitor dashboard access;
guse information only for permitted purposes;
hreport suspicious activity to Yuzee promptly;
icooperate with Yuzee during investigations;
jcomply with their own privacy and data breach obligations;
knotify affected people or regulators where required by law; and
lfollow applicable Yuzee security requirements.

Yuzee may suspend or limit Organisation access where Yuzee reasonably considers there is a privacy, security, misuse, fraud, legal or platform risk.

12.17 Records of data breach assessments

Yuzee may keep records of suspected or confirmed data breaches.

These records may include:

aincident details;
bdates and times;
caffected systems;
daffected information;
eaffected users;
faffected Organisations;
gservice providers involved;
hinvestigation steps;
icontainment steps;
jrisk assessments;
kserious harm assessments;
llegal advice;
mnotifications;
nremediation steps;
oregulator communications;
puser communications;
qinternal decisions;
rlessons learned; and
ssecurity improvements.

Yuzee may retain these records for legal, compliance, audit, insurance, security, dispute resolution, governance and operational purposes.

12.18 Remediation

Where appropriate, Yuzee may take remedial action after a suspected or confirmed data breach.

This may include:

acorrecting a configuration issue;
bfixing a technical vulnerability;
cchanging access permissions;
dchanging staff access;
echanging Organisation access;
fchanging provider settings;
gchanging AI provider settings;
himproving monitoring;
iimproving logging;
jimproving authentication;
kimproving document controls;
limproving RMO controls;
mimproving consent screens;
nimproving staff training;
oupdating policies;
pupdating notices;
qupdating processes;
rnotifying affected people;
snotifying regulators; and
ttaking other steps Yuzee considers appropriate.

12.19 Delayed or limited notification

In some cases, Yuzee may delay, limit or adapt notification where permitted by law.

This may occur where:

aYuzee is still assessing the incident;
bnotification could increase security risk;
cnotification could interfere with containment;
dnotification could prejudice an investigation;
elaw enforcement requests delay;
finformation is not yet confirmed;
gaffected individuals cannot reasonably be identified;
hpublic notice is more appropriate;
ilegal advice supports a particular approach; or
japplicable law allows or requires another approach.

Yuzee will aim to act reasonably and in accordance with applicable law.

12.20 False alarms and non-reportable incidents

Some suspected incidents may turn out not to be data breaches.

Some data breaches may not be notifiable under applicable law.

Yuzee may decide that notification is not required where, after assessment, Yuzee reasonably considers that:

apersonal information was not involved;
bunauthorised access or disclosure did not occur;
cinformation was not lost in a risky way;
dserious harm is not likely;
eremedial action has prevented likely serious harm;
fthe incident is already contained;
gthe information was sufficiently protected;
hthe incident does not meet the legal threshold for notification; or
inotification is not required under applicable law.

Yuzee may still take internal remediation steps even where notification is not required.

12.21 Communications about data breaches

Yuzee may communicate about suspected or confirmed data breaches through:

aemail;
bin-app notice;
caccount notice;
ddashboard notice;
eSMS;
fphone;
gwebsite notice;
hpostal notice;
isupport ticket;
jpublic statement;
kregulator notification; or
lanother reasonable method.

Yuzee may choose the communication method based on the incident, urgency, affected people, contact details available, legal requirements and risk of harm.

12.22 No guarantee against data breaches

Yuzee takes reasonable steps to protect personal information and respond to suspected data breaches.

However, no website, app, AI tool, cloud service, payment system, communication system, database, provider, internet transmission or electronic storage method can be guaranteed to be completely secure.

Yuzee cannot guarantee that data breaches, cyber incidents, unauthorised access, provider incidents, human error, phishing, malware, account compromise, device compromise, email compromise or other risks will never occur.

Nothing in this Privacy Policy excludes, restricts or modifies rights, remedies or obligations that cannot lawfully be excluded, restricted or modified.

12.23 How to report a suspected breach

If you believe there has been unauthorised access to your account, suspicious activity, a privacy issue, a security issue or a possible data breach, contact Yuzee promptly.

Security contact: [insert security email]
Privacy contact: [insert privacy email]
Support contact: [insert support email]

Please include, where possible:

ayour name;
byour account email;
cwhat happened;
dwhen it happened;
escreenshots or examples;
fthe affected information;
gthe affected account, document, RMO request or Organisation;
hany suspicious messages or links;
iany steps you have already taken; and
jyour preferred contact method.

Yuzee may ask you to verify your identity before discussing account, privacy or security matters.

12.24 Changes to data breach processes

Yuzee may update its data breach processes over time as the Platform, AI features, providers, technology, laws, risks and business operations change.

Yuzee may update this Privacy Policy, security notices, internal policies or product notices where required by law or where reasonably appropriate.

Data Retention and Deletion

13.1 Overview

Yuzee keeps personal information for as long as reasonably needed for the purposes described in this Privacy Policy, any applicable Collection Notice, consent notice, product notice, Terms and Conditions, agreement with Yuzee or applicable law.

How long Yuzee keeps information may depend on:

athe type of information;
bthe sensitivity of the information;
cthe purpose for which the information was collected;
dthe services used;
ewhether the user has an active account;
fwhether the user has used Request Multiple Offers;
gwhether the user has used paid services;
hwhether the information relates to payments, invoices, refunds or disputes;
iwhether the information relates to support, complaints or privacy requests;
jwhether the information relates to security, fraud prevention or misuse;
kwhether the information relates to legal, tax, accounting, audit or compliance obligations;
lwhether the information is needed for records, evidence or dispute resolution;
mwhether the information is stored in backups;
nwhether the information can be deleted, de-identified or put beyond use; and
oapplicable law.

Yuzee may retain, delete, de-identify, aggregate, archive, restrict or put information beyond use in accordance with this Privacy Policy and applicable law.

13.2 Retention principles

Yuzee’s retention approach is based on the following principles:

aYuzee should only keep personal information for as long as reasonably needed;
bYuzee should not keep unnecessary personal information indefinitely;
csensitive information should receive additional care;
dinformation should be deleted, de-identified, aggregated, archived, restricted or put beyond use where appropriate;
eretention should support user control, privacy, security and legal compliance;
fretention should support Yuzee’s ability to provide services, maintain records and resolve disputes;
gretention should support platform safety, security and fraud prevention;
hretention should support reasonable business, legal, tax, accounting and compliance needs; and
iretention practices may change as Yuzee’s services, systems, laws and business operations change.

13.3 Account information

Yuzee may keep account information while the user’s account is active.

This may include:

aname;
bemail address;
cphone number;
daccount ID;
elogin records;
faccount settings;
gcommunication preferences;
hconsent records;
isecurity settings;
jaccount status;
ksubscription status; and
lother information needed to operate, secure or manage the account.

After an account is closed, Yuzee may retain certain account information where reasonably needed for legal, tax, accounting, audit, payment, security, fraud prevention, complaint, dispute, RMO, support, compliance, backup or legitimate business purposes.

13.4 Profile information

Yuzee may keep profile information while the user’s account is active or while the information is reasonably needed to provide personalised guidance, matching, AI features, RMO, support or related services.

Profile information may include:

agoals;
bmission;
ceducation history;
dwork history;
eskills;
finterests;
gpreferences;
hlocation;
ipathway interests;
jsupport needs;
ksuitability indicators;
lservice recommendations;
mmatching history;
nRMO activity; and
oother information used to personalise the Platform.

Users may be able to update, correct or remove certain profile information through account tools or by contacting Yuzee.

Yuzee may retain some profile-related records after deletion or account closure where reasonably needed for legal, security, fraud prevention, dispute, audit, compliance, backup, analytics, de-identification or platform integrity purposes.

13.5 AI prompts, chats and outputs

Yuzee may keep AI prompts, AI chat history, AI outputs, AI usage records, feedback, error logs, safety signals and related metadata for purposes such as:

aproviding AI features;
bmaintaining chat history;
cimproving guidance;
dsupporting users;
edebugging errors;
fmonitoring quality;
gdetecting misuse;
himproving safety;
iimproving prompts and workflows;
jimproving matching and recommendations;
khandling complaints;
lhandling disputes;
mlegal compliance;
nsecurity monitoring; and
oplatform improvement.

Yuzee may delete, de-identify, aggregate, restrict or put AI-related information beyond use where appropriate.

Users should not include unnecessary sensitive information in AI prompts or chats.

13.6 Uploaded documents

Yuzee may keep uploaded documents while they are reasonably needed for the service being used.

Uploaded documents may include resumes, transcripts, certificates, identity-related documents, application documents, offer documents, support documents, RMO documents, screenshots, images and other files.

Yuzee may keep uploaded documents for purposes such as:

aprofile support;
bdocument review;
cAI-supported analysis;
dcourse matching;
ejob matching;
fskills matching;
gRMO preparation;
hoffer request support;
iuser support;
jcomplaint handling;
kdispute resolution;
lfraud prevention;
mfake document detection;
nsecurity;
olegal compliance; and
paudit or record keeping.

Users should only upload documents that are relevant to the service being used.

Yuzee may delete, restrict, archive, de-identify or put documents beyond use where they are no longer reasonably needed, subject to applicable law and Yuzee’s retention requirements.

13.7 Sensitive information

Yuzee may retain sensitive information only where reasonably needed for the purposes described in this Privacy Policy, where consented to where required, where required or authorised by law, or where otherwise permitted by applicable law.

Yuzee may apply additional care to sensitive information and may delete, de-identify, restrict, redact, minimise, archive or put sensitive information beyond use where appropriate.

Users should contact Yuzee if they believe unnecessary sensitive information has been provided.

13.8 Request Multiple Offers records

Yuzee may retain Request Multiple Offers records where reasonably needed to provide, manage, support, evidence, improve or review RMO services.

RMO records may include:

aRMO request details;
buser profile details;
cpreferences;
ddocuments;
econsent records;
finstitutions, employers or partners contacted;
ginformation shared;
hdate and time of sharing;
iresponses received;
joffer information;
ksupport notes;
lcommunication records;
mpayment or entitlement records;
ncomplaint records;
odispute records;
paudit records; and
qrelated workflow records.

Yuzee may retain RMO records after an RMO workflow ends where reasonably needed for support, compliance, evidence, dispute resolution, billing, refunds, fraud prevention, safety, legal obligations, audit, quality improvement or platform improvement.

13.9 Offer request and third-party response records

Yuzee may retain records relating to offer requests, responses, communications, conditions, user decisions, institution responses, employer responses, partner responses and related support.

These records may be needed to:

aprovide user support;
btrack RMO progress;
chelp users compare responses;
dmanage disputes;
einvestigate complaints;
fmanage billing or refunds;
gconfirm what information was shared;
hverify consent records;
isupport audit and compliance;
jimprove RMO workflows; and
kprotect Yuzee’s legal rights.

13.10 Payment, billing and subscription records

Yuzee may retain payment, billing and subscription records for as long as reasonably needed for legal, tax, accounting, audit, payment, refund, chargeback, fraud prevention, support, compliance and business purposes.

These records may include:

apurchase history;
bsubscription status;
cplan details;
dcredit usage;
etop-up records;
fRMO Review Pass records;
ginvoices;
hreceipts;
irefund records;
jfailed payment records;
kpayment dispute records;
lchargeback records;
mpayment provider references;
napp-store purchase records;
oentitlement records; and
pbilling support records.

Yuzee does not need to store full payment card details where payments are processed by third-party payment providers.

13.11 Support, complaint and privacy request records

Yuzee may retain support, complaint and privacy request records where reasonably needed to respond to users, manage requests, investigate issues, improve support, comply with law, manage disputes and protect legal rights.

These records may include:

asupport tickets;
bemails;
cSMS messages;
dphone notes;
echat messages;
fscreenshots;
gdocuments;
hcomplaint details;
iprivacy request details;
jaccess request details;
kcorrection request details;
ldeletion request details;
minvestigation notes;
nresolution notes;
ostaff notes;
pregulator communications;
qlegal advice records; and
rrelated evidence.

Yuzee may retain these records even after an account is closed where reasonably needed.

13.12 Organisation account records

Yuzee may retain Organisation Account records while the Organisation Account is active and after it ends where reasonably needed.

Organisation Account records may include:

aorganisation profile information;
badministrator details;
cstaff user details;
dbilling contacts;
elegal contacts;
fsupport contacts;
gdashboard activity;
hCRM records;
iRMO response records;
joffer action records;
ksubscription records;
lcredit usage;
minvoices;
nsupport records;
ocomplaint records;
paudit logs;
qaccess logs; and
rcompliance records.

Yuzee may retain Organisation Account records for legal, tax, accounting, audit, payment, security, fraud prevention, dispute, compliance, support, business and platform integrity purposes.

13.13 Technical logs and security records

Yuzee may retain technical logs and security records where reasonably needed to operate, secure, monitor, debug and improve the Platform.

These records may include:

alogin logs;
baccess logs;
cauthentication logs;
dsession logs;
eAPI logs;
ferror logs;
gcrash logs;
hsecurity logs;
iaudit trails;
jdevice information;
kIP addresses;
lsuspicious activity records;
mfraud signals;
nmisuse signals;
oAI usage logs;
pRMO activity logs;
qdocument activity logs;
rorganisation dashboard logs; and
ssystem performance records.

Yuzee may retain these records for security, fraud prevention, misuse detection, debugging, support, compliance, legal, audit and platform improvement purposes.

13.14 Marketing and communication records

Yuzee may retain marketing and communication records where reasonably needed to manage communications and comply with applicable law.

These records may include:

amarketing consent;
bcommunication preferences;
cunsubscribe records;
demail delivery records;
eSMS delivery records;
fcampaign activity;
greferral source;
hadvertising attribution;
isurvey responses;
jfeedback;
kmessage history; and
lcommunication logs.

Yuzee may retain unsubscribe records to help make sure users who opt out of marketing are not sent marketing messages where the law requires or where Yuzee’s systems support that preference.

13.15 Records required by law

Yuzee may retain information where required or authorised by law.

This may include retention for:

atax obligations;
baccounting obligations;
caudit obligations;
dpayment obligations;
econsumer law obligations;
fprivacy obligations;
gemployment or contractor obligations;
heducation-related obligations;
icorporate obligations;
jcourt orders;
kregulator requests;
llaw enforcement requests;
mlegal claims;
ninsurance matters;
odisputes;
pinvestigations; and
qother legal or regulatory requirements.

Where Yuzee is legally required to retain information, Yuzee may not be able to delete it immediately even if a user requests deletion.

13.16 Retention after account closure

If a user closes their account, Yuzee may delete, de-identify, restrict, archive or retain information depending on the type of information and the reason it is held.

Yuzee may retain some information after account closure where reasonably needed for:

alegal compliance;
btax and accounting;
caudit;
dpayment records;
erefunds;
fchargebacks;
gsubscriptions;
hRMO records;
ioffer request records;
jsupport records;
kcomplaint records;
lprivacy request records;
msecurity records;
nfraud prevention;
omisuse prevention;
pdispute resolution;
qlegal claims;
rbackups;
sde-identification;
tanalytics;
uplatform improvement; and
vbusiness operations.

Closing an account may not automatically delete all information immediately.

13.17 Deletion requests

Users may contact Yuzee to request deletion of certain personal information.

Yuzee may ask the user to verify their identity before actioning a deletion request.

Yuzee may accept, partially accept, refuse, delay, limit or ask for more information about a deletion request where permitted by law.

Yuzee may not be able to delete information immediately or completely where retention is reasonably needed for:

alegal obligations;
btax or accounting obligations;
cpayment records;
drefunds;
echargebacks;
fsupport records;
gcomplaint records;
hprivacy request records;
iRMO records;
joffer request records;
kfraud prevention;
lsecurity;
maudit;
ndispute resolution;
olegal claims;
pregulatory requirements;
qbackups;
rde-identification;
splatform integrity; or
tanother lawful purpose.

13.18 Correction instead of deletion

In some cases, correcting information may be more appropriate than deleting it.

For example, Yuzee may correct information where:

aa profile field is inaccurate;
ban education record is outdated;
ca document summary is incorrect;
dan AI-generated profile indicator is wrong;
ea matching input is incomplete;
fcontact details have changed;
gOrganisation information is outdated;
han RMO record contains an error; or
ianother record is inaccurate, incomplete, outdated or misleading.

Users may request correction of personal information in accordance with the Access, Correction, Portability and User Control section of this Privacy Policy.

13.19 De-identification and aggregation

Yuzee may de-identify or aggregate information instead of deleting it where appropriate.

Yuzee may use de-identified or aggregated information for:

aanalytics;
breporting;
cbenchmarking;
dresearch and development;
eproduct improvement;
fAI evaluation;
gmatching improvement;
hdata quality improvement;
isafety improvement;
jplatform performance;
kmarket insights;
linstitution insights;
memployer insights;
npartner insights;
obusiness planning; and
pother lawful business purposes.

Yuzee will take reasonable steps to reduce the risk that de-identified or aggregated information identifies an individual.

13.20 Backups and archived systems

Yuzee may store information in backups, logs, archives or disaster recovery systems.

If information is deleted from active systems, copies may remain in backups or archived systems for a limited period or until those backups or archives are overwritten, deleted, restored, expired or otherwise managed.

Yuzee may not be able to immediately delete specific records from all backups without affecting security, integrity, continuity or recovery processes.

Where information remains in backups or archives, Yuzee may restrict access and avoid using it except where needed for security, restoration, legal, compliance, audit, investigation, dispute or business continuity purposes.

13.21 Putting information beyond use

Where Yuzee cannot immediately or practically delete information from all systems, Yuzee may put information beyond use where appropriate.

This may mean Yuzee takes reasonable steps so that the information is no longer actively used or disclosed, except where needed for legal, security, audit, backup, investigation, dispute, compliance or system integrity purposes.

Putting information beyond use may be appropriate for certain backup, archive, technical, legacy or provider systems.

13.22 Third-party retention

Third-party providers, institutions, employers, partners, payment providers, app stores, AI providers, analytics tools, communication providers, support tools and other third parties may retain information according to their own privacy policies, terms, systems and legal obligations.

Yuzee may request deletion, return, restriction or de-identification from third-party providers where appropriate and within Yuzee’s control.

Yuzee may not be able to control information that a user has shared directly with a third party, or information that a third party independently holds.

13.23 RMO recipient retention

If information has been shared with an institution, employer or partner through Request Multiple Offers or another user-approved workflow, that recipient may retain the information according to its own privacy policy, records, legal obligations and systems.

Yuzee may not be able to delete information from an institution, employer or partner’s systems unless Yuzee has a legal right, contractual right or practical ability to do so.

Users may need to contact the relevant institution, employer or partner directly for deletion, correction or privacy requests involving that recipient’s own records.

13.24 App store and payment provider retention

If a user purchases a service through an app store, payment provider, bank or card network, those providers may retain payment and transaction information according to their own privacy policies, legal obligations and payment rules.

Yuzee may retain payment-related records needed for receipts, entitlements, subscriptions, refunds, disputes, tax, accounting, audit, fraud prevention and compliance.

Yuzee does not control the independent retention practices of app stores, payment providers, banks or card networks.

13.25 AI provider retention

Yuzee may use third-party AI providers to support AI features.

AI providers may retain prompts, outputs, technical logs, usage records or other information according to their own provider terms, privacy practices, security settings and legal obligations.

Where reasonably available and appropriate, Yuzee aims to configure third-party AI services so that personal information is not used to train public or general AI models.

Yuzee may request deletion, restriction or other controls from AI providers where appropriate and within Yuzee’s control.

13.26 User downloads, exports and external copies

If a user downloads, exports, screenshots, copies, emails, prints, posts or otherwise shares information outside Yuzee, Yuzee may not be able to delete or control those external copies.

This may include:

aAI outputs;
brecommendations;
cprofile summaries;
ddocuments;
eRMO summaries;
foffer responses;
gemails;
hscreenshots;
ireports;
jdashboard exports; and
kother information shared outside the Platform.

Users should consider privacy and security before sharing information outside Yuzee.

13.27 Deletion of Organisation Account information

If an Organisation Account is closed, Yuzee may retain certain Organisation Account information where reasonably needed.

This may include retention for:

alegal compliance;
btax and accounting;
cbilling;
dsubscriptions;
ecredit usage;
fRMO records;
goffer request records;
huser support;
istaff access records;
jdashboard activity;
kaudit logs;
lsecurity logs;
mdisputes;
ncomplaints;
ofraud prevention;
plegal claims;
qbusiness records;
rbackups; and
scompliance.

Organisation staff users may contact their Organisation administrator or Yuzee about relevant account information.

13.28 Data retention schedule

Yuzee may maintain an internal data retention schedule.

The data retention schedule may identify how long Yuzee generally keeps different categories of information, such as:

aaccount records;
bprofile records;
cAI chat records;
dprompts and outputs;
euploaded documents;
fRMO records;
goffer request records;
hpayment records;
isubscription records;
jsupport records;
kcomplaint records;
lprivacy request records;
mmarketing records;
nanalytics records;
otechnical logs;
psecurity logs;
qOrganisation Account records;
rdata breach records; and
sde-identified or aggregated records.

Retention periods may vary depending on the information, purpose, legal obligations, service requirements, risk and operational needs.

13.29 How users can ask about retention or deletion

Users can contact Yuzee to ask about retention, deletion, de-identification, account closure or information held by Yuzee.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask users to verify their identity before responding to retention or deletion requests.

Yuzee may also ask for information to help identify the relevant account, document, AI chat, RMO request, offer request, support ticket, payment record or other record.

13.30 Changes to retention practices

Yuzee may update its retention practices as the Platform, AI features, RMO workflows, providers, laws, security needs and business operations change.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices, product notices or internal retention schedule to reflect material changes.

Nothing in this Privacy Policy limits rights, remedies or obligations that cannot lawfully be excluded, restricted or modified.

Access, Correction, Portability and User Control

14.1 Overview

Yuzee wants users to have reasonable control over their personal information.

Depending on the feature, account status, applicable law and technical availability, users may be able to:

aaccess certain personal information;
bupdate account information;
ccorrect inaccurate information;
dupdate profile information;
eupdate preferences;
fupdate communication settings;
gupload or remove documents;
hreview certain AI chats or outputs;
ireview certain matching or recommendation information;
jreview certain RMO records;
krequest deletion of certain information;
lrequest export of certain information where available;
mwithdraw consent where available;
nmanage marketing preferences;
oclose an account; and
pcontact Yuzee about privacy concerns.

Some rights and controls may be subject to identity verification, legal limits, technical limits, retention requirements, security needs, dispute records, RMO records, payment records, backup systems and other lawful reasons.

14.2 Access to personal information

Users may request access to personal information Yuzee holds about them.

Access requests may relate to information such as:

aaccount information;
bcontact information;
cprofile information;
deducation information;
ework or career information;
fskills information;
gpreferences;
huploaded documents;
iAI chats or prompts;
jAI outputs;
kmatching information;
lrecommendation history;
mRMO records;
noffer request records;
opayment or subscription records;
psupport records;
qprivacy request records;
rcommunication records; and
sother personal information Yuzee holds.

Yuzee may provide access in a way that is reasonable and practical in the circumstances.

14.3 How to request access

To request access to personal information, users can contact Yuzee.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

A request should include, where possible:

athe user’s name;
baccount email;
cphone number, if relevant;
dthe type of information requested;
ethe relevant date range;
fthe relevant feature, document, AI chat, RMO request, payment, support ticket or Organisation, if known;
gthe preferred access format;
hwhether the request is urgent; and
iany other details that may help Yuzee identify the information.

Yuzee may ask for more information if the request is unclear, broad, complex or difficult to locate.

14.4 Identity verification

Yuzee may verify a user’s identity before responding to an access, correction, deletion, portability, account closure or privacy request.

Identity verification may be needed to protect privacy and prevent unauthorised access.

Yuzee may ask for information such as:

aaccount email;
bphone number;
caccount details;
drecent account activity;
esupport ticket details;
fpayment reference;
gRMO reference;
hOrganisation Account details;
iidentity verification information where necessary; or
jother information reasonably needed to verify identity or authority.

Yuzee may refuse, delay or limit a request if Yuzee cannot reasonably verify the identity or authority of the person making the request.

14.5 Requests by parents, guardians or authorised representatives

A parent, guardian, legal representative, authorised agent or support person may request access to or correction of another person’s information where authorised or permitted by law.

Yuzee may ask for proof of authority before discussing, sharing, changing or deleting another person’s information.

Proof of authority may include:

awritten authority;
bparent or guardian evidence;
cpower of attorney;
dlegal representative authority;
eOrganisation administrator authority;
fschool or institution authority where relevant;
gsupport worker authority; or
hother evidence Yuzee reasonably considers appropriate.

Yuzee may refuse or limit a representative request where Yuzee is not satisfied that the person has authority, or where responding may create a privacy, safety, legal or security risk.

14.6 Timeframes for responding

Yuzee will aim to respond to access, correction and privacy requests within a reasonable time.

The response time may depend on:

athe type of request;
bthe complexity of the request;
cthe amount of information involved;
dwhether identity verification is required;
ewhether third parties are involved;
fwhether sensitive information is involved;
gwhether children or young people are involved;
hwhether legal advice is needed;
iwhether information is archived or in backups;
jwhether the request relates to RMO or Organisation records;
kwhether the request is broad or unclear; and
lapplicable law.

Where a request is complex or requires more time, Yuzee may contact the requester to explain the delay where appropriate.

14.7 Access format

Where reasonable and practical, Yuzee may provide access in the format requested by the user.

This may include:

aviewing information in the account;
breceiving a copy by email;
creceiving a downloadable file;
dreceiving a summary;
ereceiving screenshots;
freceiving a report;
greceiving information through support; or
hanother reasonable method.

If Yuzee cannot provide access in the requested format, Yuzee may provide access in another reasonable format.

14.8 Access charges

Yuzee will not charge users simply for making an access request.

Yuzee may charge a reasonable fee for giving access where permitted by law and where the request requires significant work, retrieval, review, redaction, copying, reproduction, postage, technical processing or use of an intermediary.

Yuzee will tell the user about any proposed charge before providing access where required or appropriate.

Yuzee will not use charges to discourage reasonable access requests.

14.9 When Yuzee may refuse or limit access

Yuzee may refuse, delay or limit access where permitted by law.

This may include where:

aYuzee cannot verify the requester’s identity or authority;
bgiving access would have an unreasonable impact on another person’s privacy;
cgiving access may endanger the life, health or safety of any person;
dgiving access may endanger public health or safety;
ethe request is frivolous or vexatious;
fthe request is excessively broad or unreasonable;
gthe information relates to existing or anticipated legal proceedings;
hthe information is subject to legal professional privilege;
igiving access would reveal commercially sensitive information;
jgiving access would reveal confidential Yuzee information, prompts, system instructions, security controls, scoring logic, fraud controls, abuse controls or trade secrets;
kgiving access would prejudice security, fraud prevention, misuse detection or investigation activities;
lgiving access would be unlawful;
mgiving access would breach confidentiality obligations;
ngiving access would reveal information Yuzee is required or authorised to withhold;
oinformation cannot reasonably be located;
pinformation is held only in backup or archived systems and cannot reasonably be retrieved; or
qanother lawful reason applies.

If Yuzee refuses access, Yuzee will explain the reason where required by law and provide information about complaint options where appropriate.

14.10 Correction of personal information

Users may request correction of personal information Yuzee holds about them if they believe it is:

ainaccurate;
bout of date;
cincomplete;
dirrelevant; or
emisleading.

Correction requests may relate to:

aaccount information;
bcontact information;
cprofile information;
deducation information;
ework information;
fskills information;
gpreferences;
hdocuments;
iAI-generated profile indicators;
jmatching inputs;
ksuitability indicators;
lRMO records;
moffer request records;
nOrganisation Account information;
osupport records; or
pother personal information.

14.11 How to request correction

Users can request correction by using available account tools or by contacting Yuzee.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

A correction request should include, where possible:

athe information the user believes is wrong;
bwhy the information is wrong;
cthe correct information;
dsupporting documents, where relevant;
ethe relevant account, document, AI output, recommendation, RMO request, offer request or Organisation record; and
fany urgency or impact.

Yuzee may ask for more information before correcting information.

14.12 How Yuzee may respond to correction requests

Yuzee may respond to a correction request by:

aupdating information;
bcorrecting information;
cdeleting information where appropriate;
dadding information;
eadding a note or statement;
freprocessing a profile;
gre-running a match;
hre-running an AI-supported assessment;
iupdating a recommendation;
jupdating an RMO record;
kasking for more evidence;
lcontacting a third party where appropriate;
mrefusing the correction where permitted by law; or
ntaking another reasonable step.

Yuzee may not be able to change information that must be kept as a historical record, audit record, legal record, payment record, support record, security record, RMO record or dispute record.

Where appropriate, Yuzee may add a note that the user disagrees with the information.

14.13 Correction of AI-generated information

Yuzee may generate information through AI, automation, matching systems, profiles, recommendations, suitability indicators or other tools.

A user may request review or correction of AI-generated or system-generated information if they believe it is inaccurate, outdated, incomplete, misleading or unsafe.

This may include:

aprofile indicators;
bsuitability indicators;
cmatch reasons;
dcourse recommendations;
ejob recommendations;
fpathway suggestions;
gskills gap indicators;
hdocument summaries;
iRMO summaries;
jissue indicators;
kservice recommendations; or
lother generated information.

Yuzee may review the request and take action where Yuzee reasonably considers it appropriate.

AI-generated information may be corrected, updated, removed, reprocessed, annotated or left unchanged depending on the circumstances.

14.14 Correction of external source information

Some information shown or used by Yuzee may come from external sources, such as institutions, employers, partners, public data, government data, ABS data, commercial data, licensed data or third-party datasets.

If a user believes external source information is incorrect, Yuzee may review the report and take action where appropriate.

Possible actions may include:

acorrecting Yuzee’s copy of the information;
bupdating a data source;
creprocessing a match;
dadding a warning or low-confidence indicator;
econtacting the relevant source;
fdirecting the user to the source;
gremoving or hiding information;
hupdating a recommendation;
ileaving the information unchanged if Yuzee cannot verify the issue; or
jtaking another reasonable step.

Yuzee may not control whether the original third-party source corrects its own records.

14.15 Updating profile information

Users should keep their Yuzee profile accurate and current.

Users may be able to update profile information such as:

agoals;
bmission;
ceducation history;
dwork history;
eskills;
finterests;
gpreferences;
hlocation;
irelocation preferences;
jcourse interests;
kjob interests;
lsupport needs;
mcommunication preferences;
nuploaded documents;
oRMO preferences; and
pother account or profile details.

Keeping profile information accurate helps Yuzee provide more useful guidance, matching and recommendations.

14.16 Updating documents

Users may be able to upload, replace, remove or update certain documents.

Document controls may depend on the feature, account status, RMO status, Organisation workflow, legal requirements, retention requirements and technical availability.

If a document has already been shared with an institution, employer, partner or other third party, Yuzee may not be able to delete or update the copy held by that third party.

Users may need to contact the relevant third party directly.

14.17 Updating RMO information

Users should review RMO information carefully before submitting or approving an RMO request.

Users may be able to update certain RMO information before it is shared.

Once RMO information has been shared with an institution, employer, partner or other recipient, Yuzee may not be able to recall, delete or correct the copy held by that recipient.

Yuzee may help users correct or update information where practical, but third-party recipients may have their own privacy policies, systems, obligations and response processes.

14.18 Withdrawing consent

Where Yuzee relies on consent for a particular use or disclosure of information, users may be able to withdraw consent.

Withdrawal of consent may affect Yuzee’s ability to provide certain services.

For example, withdrawing consent may affect:

aAI features;
bdocument processing;
cRMO sharing;
doffer requests;
esensitive information handling;
fmarketing communications;
gapp permissions;
hpersonalised guidance;
imatching;
jsupport; or
kother features.

Withdrawal of consent may not affect information already used or disclosed before the withdrawal, where the use or disclosure was lawful at the time.

Yuzee may retain certain records of consent and withdrawal for legal, compliance, audit, dispute, safety or operational purposes.

14.19 Marketing preferences

Users may opt out of marketing communications where required or available.

Users may be able to opt out by:

ausing an unsubscribe link;
bupdating account settings;
creplying STOP to certain SMS messages where available;
dcontacting support; or
eusing another method provided by Yuzee.

Yuzee may still send non-marketing communications, such as account, security, payment, subscription, RMO, support, privacy, legal or service-related notices.

Yuzee may retain unsubscribe records to help manage marketing preferences.

14.20 App permissions

Users may be able to control app permissions through their device settings.

This may include permissions such as:

anotifications;
bcamera;
cphotos or files;
dmicrophone;
elocation;
fcontacts, if ever used;
gstorage; or
hother device permissions.

Turning off a permission may affect certain app features.

Yuzee may provide additional notices where a feature requires a specific permission.

14.21 Account closure

Users may request account closure where available.

Account closure may affect access to:

aprofile information;
bAI chat history;
cdocuments;
dmatching history;
erecommendations;
fRMO records;
goffer request records;
hpaid services;
icredits;
jsubscriptions;
kOrganisation dashboards;
lsupport records; and
mother Platform features.

Closing an account does not always mean that all information is immediately deleted.

Yuzee may retain information where reasonably needed for legal, tax, accounting, audit, payment, support, security, fraud prevention, misuse prevention, RMO, dispute, complaint, compliance, backup, analytics, de-identification or other lawful purposes.

14.22 Deletion requests

Users may request deletion of certain personal information.

Deletion may not always be possible or immediate.

Yuzee may refuse, delay, limit or partially complete a deletion request where retention is reasonably needed for:

alegal obligations;
btax or accounting obligations;
cpayment records;
drefunds;
echargebacks;
fsubscription records;
gsupport records;
hcomplaint records;
iprivacy request records;
jRMO records;
koffer request records;
lfraud prevention;
msecurity;
naudit;
odisputes;
plegal claims;
qregulatory requirements;
rbackups;
splatform integrity;
tde-identification; or
uanother lawful purpose.

More information is set out in the Data Retention and Deletion section of this Privacy Policy.

14.23 Data export and portability

Yuzee may provide tools that allow users to download or export certain information.

Where available, export may include:

aaccount information;
bprofile information;
cpreferences;
duploaded documents;
eAI chat history;
frecommendations;
gRMO summaries;
hoffer request records;
icommunication records; or
jother available information.

Data export or portability may be subject to technical availability, identity verification, legal limits, third-party rights, privacy of others, security, commercial sensitivity and retention requirements.

Yuzee may not be able to export every type of information, including internal analytics, internal scoring logic, fraud signals, system prompts, confidential business information, security logs or information that affects another person’s privacy.

14.24 Information about other people

Users generally cannot access, correct, delete or export another person’s personal information unless they have authority or a lawful basis.

Yuzee may refuse or limit requests that would affect another person’s privacy, safety, security or legal rights.

If information about another person is included in a document, message, AI chat, RMO record or support record, Yuzee may redact, withhold or limit that information before responding to a request.

14.25 Organisation user rights and controls

Organisation users may be able to access or update certain information through Organisation Account settings, dashboards or administrator tools.

Organisation users may need to contact their Organisation administrator for certain updates, access changes, role changes or account removal.

Yuzee may also respond to privacy requests from Organisation users where required or appropriate.

Organisations are responsible for managing staff access and ensuring staff information is accurate, current and authorised.

14.26 Limits involving Organisation records

Some personal information may be part of Organisation records, such as dashboard activity, CRM records, RMO responses, offer actions, billing records, support records, staff access logs or audit logs.

Yuzee may retain or restrict access to these records where reasonably needed for legal, tax, accounting, audit, payment, security, dispute, RMO, Organisation Account, support, compliance or business purposes.

Yuzee may also need to consider the rights and obligations of the relevant Organisation before responding to a request.

14.27 Limits involving AI, prompts and system security

Yuzee may refuse or limit access to certain AI-related or system-related information where disclosure could create security, misuse, intellectual property, confidentiality, safety, legal or commercial risks.

This may include:

asystem prompts;
bhidden prompts;
cinternal prompt libraries;
dmodel configuration;
eAI safety controls;
fabuse detection logic;
gfraud signals;
hrisk scores;
iranking logic;
jsecurity logs;
kmoderation rules;
linternal testing records;
mproprietary matching logic;
nconfidential product information;
otrade secrets; and
pinformation that could allow misuse of the Platform.

Where possible, Yuzee may provide a summary or explanation instead of disclosing restricted internal information.

14.28 Complaints about access or correction

If a user is unhappy with how Yuzee responds to an access, correction, deletion, portability or user control request, the user may contact Yuzee to make a complaint.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask for details such as:

athe original request;
bYuzee’s response;
cwhy the user disagrees;
dwhat outcome the user wants;
esupporting documents; and
fcontact details.

Yuzee will handle complaints in accordance with the Privacy Complaints section of this Privacy Policy.

14.29 Record keeping for privacy requests

Yuzee may keep records of privacy requests and responses.

These records may include:

arequest details;
bidentity verification steps;
ccorrespondence;
dinformation provided;
einformation corrected;
finformation deleted;
grequests refused;
hreasons for decisions;
icomplaint information;
jstaff notes;
klegal advice;
lregulator communications; and
mrelated audit records.

Yuzee may retain these records for legal, compliance, audit, dispute, security, fraud prevention, complaint handling and operational purposes.

14.30 Contact for access, correction and control requests

Users can contact Yuzee about access, correction, deletion, portability, consent, account closure, communication preferences or other privacy controls.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask for identity verification before actioning a request.

Yuzee may also ask for more information to help locate the relevant account, document, AI chat, RMO request, offer request, payment record, support ticket, Organisation Account or other record.

14.31 Changes to access, correction and user control processes

Yuzee may update its access, correction, portability and user control processes as the Platform, AI features, RMO workflows, Organisation tools, providers, laws, security needs and business operations change.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices, product notices or account tools.

Nothing in this Privacy Policy limits rights, remedies or obligations that cannot lawfully be excluded, restricted or modified.

Cookies, Tracking and Analytics

15.1 Overview

Yuzee may use cookies, pixels, SDKs, local storage, tracking links, device identifiers, analytics tags and similar technologies to provide, protect, personalise, analyse and improve the Platform.

These technologies may be used on Yuzee’s website, app, emails, messages, advertisements, dashboards, payment flows, AI features, document workflows, Request Multiple Offers workflows and other services.

This section explains how Yuzee may use these technologies and what choices users may have.

15.2 What cookies and similar technologies are

Cookies are small files or pieces of information stored on a user’s browser or device.

Similar technologies may include:

apixels;
btracking tags;
cSDKs;
dlocal storage;
esession storage;
fdevice identifiers;
gmobile advertising identifiers;
hanalytics identifiers;
itracking links;
jconversion tags;
klog files;
lAPI logs;
mapp event tracking;
ncrash reporting tools;
ofingerprinting-style signals where permitted and appropriate; and
pother technologies used to recognise, analyse, protect or improve digital services.

These technologies may collect or store information such as device information, browser information, IP address, approximate location, usage activity, preferences, session activity, referral source and technical data.

15.3 Why Yuzee uses cookies and similar technologies

Yuzee may use cookies and similar technologies to:

aoperate the website;
boperate the app;
ckeep users logged in;
dmanage sessions;
eremember preferences;
fprovide account functionality;
gprovide Organisation dashboard functionality;
hsupport AI features;
isupport document workflows;
jsupport Request Multiple Offers workflows;
ksupport payment and subscription workflows;
limprove security;
mdetect fraud;
ndetect misuse;
oprevent spam;
pprevent scraping;
qmonitor performance;
rdetect crashes;
sfix technical issues;
tunderstand feature usage;
uimprove user experience;
vimprove matching and recommendations;
wimprove AI features;
xmeasure marketing performance;
ymanage communication preferences; and
zimprove the Platform.

15.4 Essential cookies and technologies

Yuzee may use essential cookies and technologies that are necessary for the Platform to work properly.

These may be used for:

alogin;
bauthentication;
csession management;
daccount security;
efraud prevention;
fpayment security;
gapp functionality;
hwebsite functionality;
iOrganisation dashboard functionality;
jRMO workflow functionality;
kdocument upload functionality;
luser preferences;
mload balancing;
nerror prevention;
olegal compliance;
pconsent management; and
qsecurity monitoring.

If essential cookies or technologies are disabled, some parts of Yuzee may not work properly or may be unavailable.

15.5 Preference cookies and technologies

Yuzee may use preference cookies or similar technologies to remember user choices.

These may include:

alanguage preferences;
bregion preferences;
clogin preferences;
ddisplay preferences;
enotification preferences;
fcookie preferences;
gaccessibility preferences;
hdashboard preferences;
isaved filters;
jsaved search settings;
kcourse or job preference settings;
lapp settings; and
mother user experience settings.

15.6 Analytics cookies and technologies

Yuzee may use analytics tools to understand how users interact with the Platform.

Analytics information may include:

apages viewed;
bscreens viewed;
cfeatures used;
dbuttons clicked;
esearches performed;
fsession duration;
greferral source;
hbrowser information;
idevice information;
japp version;
koperating system;
lapproximate location;
muser journey events;
nonboarding activity;
oprofile completion activity;
pAI feature usage;
qdocument workflow usage;
rRMO workflow usage;
spayment workflow activity;
tsubscription activity;
uerror events;
vcrash events; and
wother usage events.

Yuzee may use analytics to improve user experience, product design, platform performance, support, matching, recommendations, AI features and business operations.

15.7 Product improvement and experimentation

Yuzee may use analytics and product tools to test, measure and improve the Platform.

This may include:

afeature testing;
bA/B testing;
cinterface testing;
donboarding testing;
epaywall testing;
fsubscription testing;
gAI feature testing;
hmatching system testing;
iRMO workflow testing;
jdocument workflow testing;
ksupport workflow testing;
ldashboard testing;
mperformance testing;
nquality monitoring; and
oproduct research.

Yuzee may use this information to understand what works, what does not work, and how to improve the Platform.

15.8 App SDKs and mobile analytics

If users use the Yuzee app, Yuzee may use SDKs or mobile analytics tools.

These tools may collect information such as:

aapp installation status;
bapp version;
cdevice type;
doperating system;
edevice identifiers;
fcrash logs;
gerror logs;
hfeature usage;
ipush notification status;
japp session activity;
ksubscription events;
lpurchase events;
mpaywall events;
nperformance data;
oapproximate location;
psecurity signals; and
qother app-related technical data.

Yuzee may use this information to operate, secure, debug and improve the app.

15.9 Crash reporting and performance monitoring

Yuzee may use crash reporting, performance monitoring and diagnostic tools.

These tools may help Yuzee:

adetect app crashes;
bdetect website errors;
cdetect API failures;
ddetect slow performance;
eidentify affected devices;
fidentify affected app versions;
gidentify affected browsers;
hdiagnose bugs;
ifix technical issues;
jimprove stability;
kimprove loading speed;
limprove payment flows;
mimprove AI feature reliability;
nimprove document upload reliability;
oimprove RMO reliability; and
pimprove platform availability.

Crash and performance tools may collect technical information and limited account or usage information where needed to diagnose issues.

15.10 Security, fraud and misuse detection

Yuzee may use cookies, logs, device signals, tracking technologies and analytics to protect users, Organisations and the Platform.

This may include detecting or preventing:

aunauthorised access;
bsuspicious login activity;
caccount takeover;
dfake accounts;
efake documents;
ffake offers;
gpayment fraud;
hcredit misuse;
isubscription misuse;
jRMO misuse;
kAI misuse;
lprompt injection;
mspam;
nscraping;
obot activity;
pabuse of free limits;
qunauthorised dashboard access;
rsecurity vulnerabilities;
sphishing attempts; and
tother misuse or security risks.

Yuzee may use this information to investigate, suspend, restrict, block or remediate activity where Yuzee reasonably considers it necessary.

15.11 Marketing, advertising and attribution technologies

Yuzee may use marketing, advertising and attribution technologies where permitted by law.

These technologies may help Yuzee:

aunderstand how users find Yuzee;
bmeasure campaign performance;
cunderstand referral sources;
dmeasure ad conversions;
eavoid showing irrelevant ads;
fimprove marketing efficiency;
gmanage promotions;
hmeasure newsletter performance;
imeasure app-install campaigns;
jmanage remarketing where permitted;
kunderstand subscription conversion;
lunderstand paid-service interest; and
mimprove communications.

Marketing and attribution technologies may use cookies, pixels, tracking links, campaign IDs, device identifiers, advertising IDs or similar technologies.

Yuzee does not intend to use raw sensitive information for unrelated marketing.

15.12 Email, SMS and message tracking

Yuzee may use tracking technologies in emails, SMS links, push notifications, in-app messages or other communications.

This may help Yuzee understand:

awhether a message was delivered;
bwhether a message bounced;
cwhether a message was opened, where available;
dwhether a link was clicked;
ewhether a user unsubscribed;
fwhether a notification was received;
gwhether an RMO update was viewed;
hwhether a support message was received;
iwhether a payment notice was received;
jwhether a legal notice was delivered; and
kwhether communications are working properly.

Yuzee may use this information for service delivery, support, security, marketing where permitted, communication improvement and legal compliance.

15.13 Service communications and marketing communications

Yuzee may send service communications that are needed for account, security, payment, subscription, RMO, support, privacy, legal or platform purposes.

Service communications may still be sent even if a user unsubscribes from marketing.

Yuzee may also send marketing communications where permitted by law and user preferences.

Marketing communications may include information about:

aYuzee features;
bproduct updates;
cstudy opportunities;
dcareer opportunities;
einstitution opportunities;
femployer opportunities;
gpartner services;
hevents;
ipromotions;
jnewsletters;
ksurveys; and
lother relevant opportunities.

Users may unsubscribe from marketing communications where required or available.

15.14 Unsubscribe and communication preferences

Yuzee may provide ways to unsubscribe from marketing communications or manage communication preferences.

This may include:

aunsubscribe links;
baccount settings;
cnotification settings;
dSMS opt-out instructions;
esupport requests;
fpreference centres;
gapp notification settings;
hbrowser notification settings; or
iother available controls.

Yuzee may retain unsubscribe records to help ensure marketing preferences are respected.

Yuzee may still send non-marketing communications where needed for service, security, payment, subscription, RMO, support, privacy, legal or account purposes.

15.15 Third-party analytics and marketing providers

Yuzee may use third-party analytics, marketing, attribution, advertising, paywall, experimentation, crash reporting, monitoring or communication providers.

These providers may process information such as:

adevice information;
bbrowser information;
cIP address;
dapproximate location;
ecampaign source;
freferral source;
gapp events;
hwebsite events;
isubscription events;
jpurchase events;
kpaywall events;
lcommunication events;
mcrash logs;
nerror logs;
operformance events;
pcookie identifiers;
qdevice identifiers; and
rrelated metadata.

Third-party providers may have their own privacy policies, systems, processing locations and security practices.

15.16 Third-party cookies

Some cookies or tracking technologies may be placed or read by third-party providers.

These may include providers that support:

aanalytics;
badvertising;
cattribution;
dapp analytics;
ecrash reporting;
fpayment flows;
gvideo content;
hembedded content;
isocial media features;
jcustomer support tools;
kchat tools;
lsecurity tools;
mconsent management; and
nother Platform functions.

Yuzee may not control every cookie or tracking technology used by third-party websites, app stores, payment providers, social media platforms, embedded content or external services.

Users should review relevant third-party privacy and cookie notices.

15.17 Social media and embedded content

Yuzee may use social media features, embedded content, tracking pixels or links to third-party platforms.

These may include:

asocial media buttons;
bembedded videos;
cembedded forms;
dembedded maps;
eadvertising pixels;
fconversion pixels;
greferral links;
hshare links;
ilogin tools, if used;
jreview tools; and
kother embedded or connected third-party features.

These third parties may collect information about users according to their own privacy policies and settings.

15.18 Location-related analytics

Yuzee may collect approximate location information through IP address, account settings, device settings, app permissions, postcode, suburb, region or user-provided information.

Yuzee may use approximate location information to:

apersonalise results;
bsuggest relevant courses;
csuggest relevant jobs;
dsupport cost-of-living guidance;
esupport relocation guidance;
fimprove local recommendations;
gimprove analytics;
himprove security;
iprevent fraud;
junderstand regional usage; and
kimprove services.

Yuzee will not intentionally collect precise GPS location unless a feature requires it and appropriate notice or permission is provided.

Users may be able to control device location permissions through their device settings.

15.19 AI features and analytics

Yuzee may use analytics and logs to understand and improve AI features.

This may include information about:

aAI feature usage;
bprompt volume;
cresponse time;
derror rates;
esafety signals;
ffeedback;
gquality indicators;
hdocument review activity;
iRMO preparation activity;
jmatching activity;
kuser satisfaction indicators;
labuse signals;
mfair use limits;
nrate limits; and
otechnical performance.

Yuzee may use this information to improve AI quality, safety, reliability, cost management, user experience and platform performance.

Yuzee should avoid sending raw sensitive information to external analytics tools unless there is a lawful basis, appropriate safeguards and consent where required.

15.20 Paywall, subscription and credit analytics

Yuzee may use analytics to understand and manage paid services.

This may include analytics about:

asubscription plans;
bcredit usage;
ctop-ups;
dRMO Review Passes;
epaywall views;
fcheckout events;
gfailed payments;
hrefund events;
ipurchase completion;
jfree usage limits;
kpaid usage limits;
lentitlement records;
mconversion rates;
ncancellation events;
osupport requests; and
ppayment-provider or app-store events.

Yuzee may use this information to operate paid services, improve pricing, improve user experience, prevent misuse, manage entitlements and provide support.

15.21 Sensitive information and tracking technologies

Yuzee will take additional care where tracking or analytics could involve sensitive information.

Yuzee should not intentionally send raw sensitive information, raw uploaded documents, raw AI chats, raw counselling-style notes, raw health information, raw disability information, raw visa information, raw identity documents or similar high-risk information to external analytics, advertising, attribution or paywall tools unless there is a lawful basis, appropriate safeguards and consent where required.

Where reasonably appropriate, Yuzee may use de-identified, aggregated, minimised, redacted, bucketed or limited information for analytics and product improvement.

15.22 Children and young people

Yuzee may apply additional care when using cookies, tracking, analytics, advertising or communication technologies involving children and young people.

Where appropriate, Yuzee may limit certain marketing, analytics, profiling or tracking activities involving children and young people.

Yuzee may provide additional notices or consent processes where required or appropriate.

15.23 Browser and device controls

Users may be able to control cookies and tracking technologies through browser, device or app settings.

Depending on the browser, device or platform, users may be able to:

ablock cookies;
bdelete cookies;
climit tracking;
drestrict third-party cookies;
ereset advertising identifiers;
flimit ad personalisation;
gcontrol app tracking permissions;
hmanage notification permissions;
imanage location permissions;
jmanage camera or file permissions;
kuse private browsing modes; or
linstall privacy tools.

If users disable cookies or tracking technologies, some Yuzee features may not work properly.

15.24 Cookie preferences

Where available, Yuzee may provide cookie or privacy preference tools.

These tools may allow users to manage categories such as:

aessential cookies;
banalytics cookies;
cperformance cookies;
dpreference cookies;
emarketing cookies;
fadvertising cookies;
gthird-party cookies; and
hsimilar technologies.

Essential cookies and technologies may be required for the Platform to function and may not be optional.

Yuzee may update cookie preference tools over time.

15.25 Do Not Track and similar signals

Some browsers or devices may offer “Do Not Track” or similar signals.

Yuzee may not respond to all “Do Not Track” signals because there is no single consistent industry standard for how all websites, apps, providers and browsers should interpret those signals.

Where required by law or where supported by Yuzee’s systems, Yuzee may recognise or respond to certain privacy preference signals.

Users can use available cookie tools, browser settings, device settings, app permissions or Yuzee account settings to manage privacy choices where available.

15.26 De-identified and aggregated analytics

Yuzee may use de-identified or aggregated analytics to understand trends and improve the Platform.

This may include insights about:

awebsite usage;
bapp usage;
cuser onboarding;
dprofile completion;
ecourse interests;
fjob interests;
gskills trends;
hpathway trends;
ilocation trends;
jAI feature usage;
kdocument workflow usage;
lRMO activity;
msubscription activity;
nsupport trends;
oplatform performance;
pcrash trends;
qmarketing performance; and
rproduct improvement.

Yuzee will take reasonable steps to reduce the risk that de-identified or aggregated analytics identify an individual.

15.27 Overseas processing

Some cookies, analytics, advertising, attribution, app analytics, crash reporting, monitoring, communication or support providers may process information outside Australia.

More information is set out in the International and Overseas Processing section of this Privacy Policy.

Users should understand that third-party providers may process information in countries where they operate and may have their own privacy policies, systems and legal obligations.

15.28 Retention of analytics and tracking information

Yuzee may retain analytics, cookies, tracking and technical information for as long as reasonably needed for the purposes described in this Privacy Policy.

Retention periods may depend on:

athe technology used;
bthe provider used;
cthe purpose of collection;
daccount status;
elegal requirements;
fsecurity needs;
gfraud prevention needs;
hanalytics needs;
iproduct improvement needs;
jmarketing needs;
kdispute needs;
laudit needs; and
mbusiness operations.

Some cookies may expire when a browser session ends. Others may remain for longer unless deleted by the user, browser, device, provider or Yuzee.

15.29 User responsibility

Users should consider their own privacy settings when using Yuzee.

Users can take steps such as:

areviewing browser settings;
breviewing device settings;
creviewing app permissions;
ddeleting cookies;
elimiting ad tracking;
fusing privacy tools;
gmanaging notification settings;
havoiding unnecessary sensitive information in forms, prompts or documents;
ireviewing third-party privacy settings; and
jcontacting Yuzee with privacy questions.

15.30 Changes to cookies, tracking and analytics

Yuzee may update its cookies, tracking and analytics practices over time.

This may happen because of changes to:

awebsite features;
bapp features;
cAI features;
dRMO workflows;
edocument workflows;
fpayment systems;
gsubscription systems;
hanalytics tools;
imarketing tools;
jattribution tools;
kapp stores;
lcommunication providers;
msecurity tools;
nlegal requirements;
ouser expectations; or
pbusiness operations.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, cookie notices, consent tools, product notices or account settings.

15.31 Questions about cookies and analytics

Users can contact Yuzee with questions about cookies, tracking, analytics, marketing attribution or communication preferences.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask users to verify their identity before responding to certain privacy requests.

Marketing and Communications

16.1 Overview

Yuzee may communicate with users, Organisations, institutions, employers, partners and other contacts for service, support, security, legal, product, marketing and operational purposes.

Yuzee may communicate by:

aemail;
bSMS;
cphone;
din-app message;
epush notification;
fdashboard notice;
gwebsite notice;
hsupport ticket;
ichat;
jpostal mail;
ksocial media message;
lweb form;
mapp store message; or
nanother reasonable communication method.

This section explains how Yuzee may use personal information for communications and marketing.

16.2 Service communications

Yuzee may send service communications that are necessary or reasonably related to the Platform.

Service communications may include messages about:

aaccount creation;
blogin and authentication;
cpassword resets;
daccount security;
esuspicious activity;
fprivacy and security issues;
gdata breach notices;
hprofile updates;
iAI features;
jdocument uploads;
kdocument review;
lmatching results;
mrecommendations;
nRequest Multiple Offers;
oRMO status updates;
poffer request updates;
qinstitution responses;
remployer responses;
spartner responses;
tsupport requests;
ucomplaints;
vprivacy requests;
wpayments;
xinvoices;
yreceipts;
zsubscriptions;
aacredits;
abtop-ups;
acrefunds;
adchargebacks;
aechanges to services;
afchanges to policies;
aglegal notices; and
ahother service-related matters.

Service communications are not always optional because they may be needed to operate, protect or manage the Platform.

16.3 Marketing communications

Yuzee may send marketing communications where permitted by law and user preferences.

Marketing communications may include messages about:

aYuzee features;
bproduct updates;
cnew services;
dstudy opportunities;
etraining opportunities;
fcareer opportunities;
gjob-related opportunities;
hinstitution opportunities;
iemployer opportunities;
jpartner services;
kevents;
lwebinars;
mpromotions;
ndiscounts;
onewsletters;
psurveys;
qresearch invitations;
rreferral programs;
scampaigns;
toffers; and
uother information that may be relevant to users or Organisations.

Users may opt out of marketing communications where required or available.

16.4 Difference between service and marketing communications

A user may opt out of marketing communications, but Yuzee may still send service communications.

For example, even if a user unsubscribes from marketing, Yuzee may still send communications about:

aaccount security;
bpassword resets;
cpayment issues;
dsubscription status;
eRMO activity;
foffer request updates;
gsupport requests;
hprivacy requests;
icomplaints;
jdata breaches;
kpolicy changes;
llegal notices; and
mother important service-related matters.

Yuzee may decide whether a communication is a service communication or a marketing communication based on its purpose, content, legal requirements and the user’s relationship with Yuzee.

16.5 Consent for marketing

Yuzee may send marketing communications where Yuzee has consent or another lawful basis.

Consent may be express or inferred, depending on the circumstances and applicable law.

Express consent may be given through:

aticking a box;
bsigning up for a newsletter;
ccompleting a form;
dcreating an account and selecting marketing preferences;
eentering a promotion;
fregistering for an event;
grequesting information;
hspeaking with Yuzee by phone;
ireplying to a message;
jagreeing to receive updates; or
kanother clear consent action.

Inferred consent may apply where a person has an existing relationship with Yuzee and it is reasonable to believe they would expect relevant communications, subject to applicable law.

Yuzee may keep records of marketing consent, including who gave consent, when it was given, how it was given and what type of communication it related to.

16.6 No consent from unsolicited electronic messages

Yuzee should not send an electronic marketing message merely to ask for consent to send marketing, unless permitted by law.

Where Yuzee wants to obtain marketing consent, Yuzee should use lawful consent methods such as account settings, website forms, app prompts, checkout flows, onboarding flows, event registrations, support interactions or other appropriate channels.

16.7 Identifying Yuzee as the sender

Marketing communications from Yuzee should clearly identify Yuzee or the relevant Yuzee entity as the sender, where required by law.

Yuzee may include:

aYuzee’s business name;
blegal entity name;
cABN or ACN where appropriate;
dcontact details;
ewebsite details;
funsubscribe details; and
gother information required by law.

If a service provider sends a message on Yuzee’s behalf, the message should identify Yuzee as the business that authorised the message where required by law.

16.8 Unsubscribe from marketing

Yuzee will provide a way to unsubscribe from marketing communications where required or available.

Unsubscribe methods may include:

aclicking an unsubscribe link;
bupdating account preferences;
cusing a preference centre;
dreplying STOP to SMS messages where available;
efollowing instructions in the message;
fcontacting support; or
ganother method provided by Yuzee.

Yuzee will take reasonable steps to action unsubscribe requests within the timeframe required by law.

Yuzee may keep unsubscribe records to help ensure marketing preferences are respected.

16.9 Effect of unsubscribing

If a user unsubscribes from marketing communications, Yuzee will take reasonable steps to stop sending marketing communications to that user, subject to applicable law, system processing time and technical limitations.

Unsubscribing from marketing does not automatically:

aclose the user’s account;
bdelete personal information;
ccancel paid services;
dcancel subscriptions;
ecancel RMO requests;
fstop service communications;
gstop security communications;
hstop payment communications;
istop legal communications;
jstop privacy communications;
kstop support communications; or
lstop communications required or authorised by law.

16.10 Marketing preference centre

Yuzee may provide a preference centre or account settings that allow users to manage communication preferences.

Preferences may include:

anewsletters;
bproduct updates;
cstudy opportunities;
djob opportunities;
einstitution updates;
femployer updates;
gpartner offers;
hevents;
ipromotions;
jresearch invitations;
ksurveys;
lSMS marketing;
memail marketing;
npush notifications;
ophone contact; and
pother communication categories.

Preference settings may not apply to essential service communications.

16.11 SMS communications

Yuzee may send SMS messages for service, security, support, RMO, payment, marketing or other permitted purposes.

SMS messages may include:

averification codes;
blogin alerts;
csecurity notices;
dRMO updates;
eoffer request updates;
fsupport updates;
gappointment or call reminders;
hpayment reminders;
isubscription notices;
jmarketing messages where permitted;
kunsubscribe instructions; and
lother relevant communications.

Standard carrier charges may apply depending on the user’s mobile plan.

Users may be able to opt out of SMS marketing, but Yuzee may still send service or security SMS messages where permitted.

16.12 Push notifications

Yuzee may send push notifications through the app where enabled by the user’s device or app settings.

Push notifications may relate to:

aaccount activity;
bAI feature updates;
cmatching results;
drecommendations;
edocument reminders;
fRMO updates;
goffer responses;
hsupport messages;
ipayment or subscription notices;
jsecurity notices;
kproduct updates;
lmarketing where permitted; and
mother Platform activity.

Users may be able to disable push notifications through device settings or app settings.

Disabling push notifications may affect timely receipt of updates.

16.13 Email communications

Yuzee may send emails for service, support, privacy, security, billing, RMO, legal, marketing or operational purposes.

Emails may include:

aaccount emails;
bverification emails;
cpassword reset emails;
dsecurity alerts;
eAI feature updates;
fmatching results;
gRMO updates;
hoffer request updates;
isupport replies;
jcomplaint replies;
kprivacy notices;
lpayment notices;
minvoices;
nreceipts;
osubscription notices;
pnewsletters;
qpromotions;
rsurveys;
spolicy updates; and
tlegal notices.

Users should keep their email address accurate and monitor important Yuzee emails.

16.14 Phone calls

Yuzee may contact users, Organisations, institutions, employers or partners by phone where permitted.

Phone calls may be used for:

asupport;
baccount assistance;
cRMO support;
doffer request support;
einstitution outreach;
femployer outreach;
gpartner outreach;
hbilling issues;
isecurity concerns;
jcomplaint handling;
kprivacy request verification;
lonboarding;
mproduct feedback;
nsales or business development;
omarketing where permitted; and
pother service-related or business purposes.

Yuzee may keep call notes or call records where reasonably needed for support, quality, training, compliance, dispute resolution or business purposes.

Where required by law, Yuzee will respect applicable telemarketing rules and user preferences.

16.15 Recording calls or meetings

Yuzee may record or transcribe calls, meetings or online sessions where appropriate and permitted by law.

Recording or transcription may be used for:

asupport quality;
btraining;
ccomplaint handling;
ddispute resolution;
eRMO support;
foffer request support;
gproduct feedback;
hsecurity;
ilegal compliance;
jbusiness records; and
kservice improvement.

Where required or appropriate, Yuzee may notify participants before recording or transcription begins.

If a user does not want to be recorded, they should tell Yuzee before or during the call. Yuzee may offer another communication method where practical.

16.16 In-app messages and dashboard notices

Yuzee may send in-app messages, dashboard notices or website notices.

These may include:

aonboarding messages;
bprofile reminders;
cAI notices;
ddocument upload notices;
eRMO notices;
foffer updates;
gpayment notices;
hsubscription notices;
isystem notices;
jservice changes;
ksecurity notices;
lprivacy notices;
mlegal notices;
nmarketing messages where permitted;
ofeature announcements; and
pother Platform messages.

Some in-app or dashboard notices may be necessary for service, security, privacy or legal reasons.

16.17 Communications with Organisations

Yuzee may communicate with Organisations, institution staff, employer staff, partner staff, administrators, billing contacts, support contacts and other business contacts.

Communications may relate to:

aOrganisation Account setup;
bstaff access;
cdashboard use;
dCRM tools;
eRMO requests;
foffer responses;
guser communications;
hreporting;
ibilling;
jsubscriptions;
kcredits;
ltop-ups;
msupport;
nlegal terms;
oprivacy matters;
psecurity matters;
qproduct updates;
rtraining;
smarketing where permitted; and
tbusiness development.

Organisation users should ensure their contact details and staff permissions are accurate and current.

16.18 Communications with institutions, employers and partners for RMO

Yuzee may communicate with institutions, employers and partners to support Request Multiple Offers and offer request workflows.

This may include communications to:

aask whether an institution, employer or partner can respond to a user;
bsend user-approved RMO information;
cfollow up on responses;
drequest missing information;
eclarify offer conditions;
fhelp users understand responses;
gmanage documents;
hresolve issues;
ihandle complaints;
jimprove RMO workflows; and
kprovide support.

Yuzee may keep records of these communications for service delivery, evidence, support, billing, audit, compliance, dispute resolution and platform improvement.

16.19 Third-party communications

Institutions, employers, partners and other third parties may communicate with users after receiving information through Yuzee or after the user interacts with them.

Third-party communications may be governed by the third party’s own privacy policy, terms, consent process and legal obligations.

Yuzee is not responsible for third-party communications outside Yuzee’s control, except to the extent required by law or expressly agreed in writing.

Users should review third-party privacy policies and communication preferences.

16.20 Referral and partner communications

Yuzee may communicate with users about partner services where permitted by law and user preferences.

Partner communications may include:

astudy services;
bcareer services;
cemployment services;
dsupport services;
erelocation services;
ffinancial or funding-related services;
gaccommodation-related services;
htechnology services;
ipathway services;
jevents;
koffers;
lpromotions; and
mother services that may be relevant to users.

Where appropriate, Yuzee may identify whether a communication involves a partner, sponsored opportunity or commercial relationship.

16.21 Sponsored, promoted or partner communications

Yuzee may send or display sponsored, promoted, partner or commercial communications where permitted.

These may relate to:

ainstitutions;
bemployers;
cpartners;
dcourses;
ejobs;
fevents;
gservices;
hoffers;
ipromotions;
jsubscriptions;
kRMO services; or
lother opportunities.

Where reasonably required or appropriate, Yuzee may label sponsored, promoted, partner or commercial communications.

A sponsored, promoted or partner communication does not guarantee that the relevant course, job, institution, employer, partner, service or opportunity is suitable for the user.

16.22 AI-personalised communications

Yuzee may use AI, automation, user profiles, matching systems, recommendations and analytics to personalise communications.

This may include personalising:

aonboarding messages;
bAI guidance prompts;
ccourse suggestions;
djob suggestions;
epathway suggestions;
fdocument reminders;
gRMO reminders;
hsupport messages;
iservice recommendations;
jproduct updates;
kmarketing where permitted;
ltiming of communications;
mcontent of communications; and
ncommunication channels.

AI-personalised communications are based on available information and may not always be accurate, complete or relevant.

Users can contact Yuzee if communications appear incorrect, inappropriate, misleading or unwanted.

16.23 Sensitive information and marketing

Yuzee does not intend to use sensitive information for unrelated marketing.

Sensitive information may include health information, disability information, NDIS-related information, visa or migration-related information, financial hardship information, identity documents, counselling-style notes, information about children or young people or other sensitive information.

Yuzee should not intentionally use raw sensitive information to target unrelated marketing unless there is a lawful basis, appropriate safeguards and consent where required.

Yuzee may use general preferences, interests, account settings, service activity or de-identified or aggregated information to improve communications where permitted.

16.24 Children and young people

Yuzee may apply additional care to marketing and communications involving children and young people.

Where appropriate, Yuzee may:

alimit marketing to children and young people;
binvolve a parent, guardian, school, institution or authorised organisation;
cuse age-appropriate language;
dprovide additional notices;
eseek consent where required;
frestrict sensitive targeting;
grestrict certain partner communications;
hprioritise safety and support communications; and
icomply with applicable law.

16.25 Communication records

Yuzee may keep records of communications.

Communication records may include:

aemails;
bSMS messages;
cphone call notes;
dcall recordings, where applicable;
etranscripts, where applicable;
fin-app messages;
gdashboard notices;
hsupport tickets;
icomplaint messages;
jprivacy request messages;
kmarketing consent records;
lunsubscribe records;
mdelivery records;
nopen and click activity, where permitted;
oRMO communication records;
poffer request records;
qOrganisation communication records; and
rrelated metadata.

Yuzee may retain communication records for service delivery, support, quality assurance, compliance, privacy, security, billing, RMO management, dispute resolution, legal purposes, analytics and platform improvement.

16.26 Communication analytics

Yuzee may use communication analytics to understand whether communications are working properly.

This may include information about:

adelivery;
bbounce rates;
copen rates, where available;
dclick activity;
eunsubscribe activity;
fresponse rates;
gnotification delivery;
hSMS delivery;
icampaign performance;
jRMO communication performance;
ksupport response times;
luser engagement;
merror rates; and
ncommunication preferences.

Yuzee may use communication analytics to improve service communications, support, marketing where permitted, RMO updates, user experience and platform performance.

16.27 Communication frequency

Yuzee may manage communication frequency to avoid unnecessary or excessive communications.

Communication frequency may depend on:

aaccount activity;
buser preferences;
cmarketing consent;
dservice needs;
eRMO activity;
foffer request activity;
gsupport requests;
hpayment status;
isubscription status;
jsecurity events;
klegal requirements;
lapp settings;
mOrganisation Account activity; and
nproduct updates.

Users can manage marketing preferences where available, but some service communications may still be necessary.

16.28 If contact details are incorrect

Users should keep their contact details accurate and current.

If contact details are incorrect or outdated, Yuzee may be unable to provide important messages, including:

aaccount notices;
bsecurity alerts;
cRMO updates;
doffer updates;
epayment notices;
fsubscription notices;
gsupport replies;
hprivacy notices;
idata breach notices;
jlegal notices; and
kother important communications.

Yuzee is not responsible for missed communications caused by incorrect, outdated or inaccessible contact details provided by a user or Organisation, except to the extent required by law.

16.29 Communication preferences and account closure

Users may manage communication preferences where available.

Closing an account, unsubscribing from marketing or disabling notifications may affect communications.

However, Yuzee may still retain and use certain contact details where reasonably needed for legal, tax, accounting, payment, refund, chargeback, support, privacy, security, data breach, RMO, dispute, compliance, audit or other lawful purposes.

16.30 Changes to communication practices

Yuzee may update its communication and marketing practices over time.

This may happen because of changes to:

athe Platform;
bthe app;
cAI features;
dRMO workflows;
epaid services;
fOrganisation tools;
gmarketing tools;
hcommunication providers;
ilegal requirements;
juser preferences;
ksecurity needs; or
lbusiness operations.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, communication notices, marketing consent notices, product notices or account settings.

16.31 Contact about communications

Users can contact Yuzee about marketing, communications, unsubscribe requests, notification settings or communication preferences.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask users to verify their identity before responding to certain requests.

Children and Young People

17.1 Overview

Yuzee may be used by children, young people, parents, guardians, schools, institutions, employers, partners and Organisations that support education, training, career or pathway planning.

Yuzee takes additional care when handling personal information about children and young people.

This section explains how Yuzee may collect, use, disclose, protect and manage information about children and young people.

For the purposes of this Privacy Policy, children and young people may include users under 18 years of age.

17.2 Age approach

Yuzee may apply different privacy, consent, safety and support approaches depending on a user’s age, maturity, circumstances, account type, feature used, information involved and applicable law.

Yuzee may ask for age, age range, date of birth or another age-related indicator where reasonably needed to:

adetermine whether a user can use a feature;
bassess whether parent or guardian involvement is needed;
cprovide age-appropriate notices;
dmanage consent;
eprotect children and young people;
fcomply with law;
gmanage safety risks;
hmanage AI features;
imanage communications;
jmanage marketing restrictions;
kmanage RMO workflows;
lmanage sensitive information; and
mprovide appropriate support.

17.3 Users aged 15 to 17

Yuzee may allow users aged 15 to 17 to use certain features where Yuzee reasonably considers they may have capacity to understand the relevant privacy decision.

This may include features such as:

acreating a profile;
bexploring courses;
cexploring jobs;
dexploring skills;
eusing pathway guidance;
fusing AI-supported guidance;
guploading documents;
hreceiving recommendations;
icontacting support;
jmanaging communication preferences;
krequesting access or correction; and
lusing other age-appropriate features.

Yuzee may still involve or require a parent, guardian, school, institution or authorised Organisation where appropriate, required by law, required by a product feature, required by an Organisation workflow, or where Yuzee is unsure whether the young person has capacity.

17.4 Users under 15

Where a user is under 15, Yuzee may require parent, guardian, school, institution or authorised Organisation involvement before allowing access to certain features.

Yuzee may limit or restrict certain features for users under 15, including features involving:

aaccount creation;
bAI chat;
cdocument uploads;
dsensitive information;
eRMO;
foffer requests;
gsharing information with institutions;
hsharing information with employers;
isharing information with partners;
jpaid services;
kmarketing communications;
lpublic or social features, if any;
mdirect third-party contact; and
nother features Yuzee considers higher risk.

Yuzee may refuse, suspend, limit or close an account where Yuzee reasonably believes a user is under the required age for a feature or does not have appropriate consent or authority.

17.5 Parent and guardian involvement

Yuzee may involve a parent or guardian where required or appropriate.

This may include where:

athe user is under 15;
bthe user does not appear to have capacity to consent;
cYuzee is unsure whether the user has capacity to consent;
dsensitive information is involved;
eidentity documents are involved;
fhealth or disability information is involved;
gfinancial hardship information is involved;
hRMO is involved;
ioffer requests are involved;
jpaid services are involved;
ksafety concerns arise;
llegal requirements apply;
mthe user requests parent or guardian involvement; or
nYuzee reasonably considers parent or guardian involvement appropriate.

Yuzee may ask for information to verify parent or guardian authority before discussing, sharing, changing or deleting a young person’s information.

17.6 School, institution or Organisation-supported use

Yuzee may be used in connection with a school, institution, employer, partner, community organisation or other Organisation.

Where Yuzee is used through or with an Organisation, that Organisation may provide or receive certain information about children or young people, depending on the feature, agreement, consent process and applicable law.

Organisation-supported use may involve:

aaccount setup;
bstudent onboarding;
cprofile support;
dpathway guidance;
ecourse exploration;
fjob exploration;
gskills support;
hdocument support;
iRMO support;
jreporting;
kdashboards;
lsupport communications;
msafety processes; and
nprivacy or consent management.

Organisations are responsible for ensuring they have authority to provide information to Yuzee and to access or use information through Yuzee.

17.7 Information Yuzee may collect about children and young people

Yuzee may collect information about children and young people where reasonably needed for the Platform, permitted by law, consented to where required, or provided through an authorised workflow.

This may include:

aname;
bage or age range;
cdate of birth, where needed;
dcontact details;
eparent or guardian details;
fschool or institution details;
geducation history;
hstudy interests;
ijob interests;
jskills;
kgoals;
lmission;
mpreferences;
nlocation or region;
osupport needs;
paccessibility needs;
quploaded documents;
rAI prompts and chats;
sAI outputs;
tmatching results;
urecommendations;
vRMO information;
woffer request information;
xcommunication records;
yconsent records;
zsupport records; and
aatechnical, device and usage information.

17.8 Sensitive information about children and young people

Sensitive information about children and young people may require additional care.

This may include:

ahealth information;
bdisability information;
cNDIS-related information;
dmental health or wellbeing information;
eaccessibility information;
fsupport needs;
gschool support information;
hfinancial hardship information;
ifamily circumstances;
jcultural or religious considerations;
kidentity documents;
lvisa or migration-related information;
mcounselling-style notes;
ninformation in uploaded documents;
oinformation in AI prompts or chats;
pinformation in RMO workflows; and
qother information treated as sensitive under applicable law.

Yuzee will take additional care when handling sensitive information about children and young people.

Users, parents, guardians and Organisations should avoid providing unnecessary sensitive information.

17.9 AI features and young users

Yuzee may provide AI-supported features to help young users explore education, training, career, job, skills and pathway options.

AI features may support:

aguidance;
bcourse exploration;
cjob exploration;
dpathway suggestions;
eskills analysis;
fdocument summaries;
gRMO preparation;
hsupport responses;
ilearning or career planning;
jissue detection;
ksafety support; and
lplatform improvement.

Yuzee may limit, monitor, restrict or adapt AI features for children and young people where Yuzee considers it appropriate.

AI outputs are decision-support only. They do not replace the judgment of the young person, parent, guardian, school, institution, qualified adviser or other responsible adult.

17.10 No final decisions for children or young people

Yuzee does not use AI, profiling, matching, predictions, recommendations or suitability indicators to make final binding decisions for children or young people about:

aenrolment;
badmission;
cemployment;
dhiring;
evisa eligibility;
ffunding eligibility;
gscholarship eligibility;
hlegal rights;
imedical treatment;
jfinancial products;
kgovernment benefits;
lfinal course acceptance;
mfinal job acceptance;
nfinal support eligibility; or
oother high-impact third-party outcomes.

Yuzee provides decision-support only.

Final decisions may be made by the user, parent, guardian, school, institution, employer, partner, regulator, government body, professional adviser or other relevant third party.

17.11 Age-appropriate explanations

Where practical and appropriate, Yuzee may provide shorter, clearer or age-appropriate notices for children and young people.

These notices may explain:

awhat information Yuzee collects;
bwhy Yuzee collects it;
chow Yuzee uses it;
dwhether AI may be used;
ewhether information may be shared;
fwhether parent or guardian involvement is needed;
ghow to ask for help;
hhow to report a concern;
ihow to update information; and
jhow to contact Yuzee.

Yuzee may also provide notices for parents, guardians, schools, institutions or Organisations.

17.12 Parent, guardian and young person rights

Depending on the circumstances and applicable law, a child, young person, parent, guardian or authorised representative may be able to request:

aaccess to personal information;
bcorrection of personal information;
cupdate of profile information;
ddeletion of certain information;
ewithdrawal of consent where available;
faccount closure;
gmarketing opt-out;
hreview of AI-generated information;
ireview of RMO information;
jinformation about data sharing; or
kcomplaint handling.

Yuzee may need to consider the young person’s privacy, maturity, safety, best interests, consent, legal rights and relationship with the requester before responding.

Yuzee may refuse, limit or delay a request where permitted by law or where Yuzee reasonably considers there is a privacy, safety, legal or security concern.

17.13 Parent or guardian access to information

A parent or guardian may ask Yuzee for access to information about a child or young person.

Yuzee may ask for proof of identity and authority before providing access.

Yuzee may refuse or limit access where Yuzee reasonably considers that access may:

abreach the young person’s privacy;
bcreate a safety risk;
cbe contrary to the young person’s interests;
daffect another person’s privacy;
edisclose confidential information;
fdisclose sensitive information inappropriately;
ginterfere with a complaint or investigation;
hbreach legal obligations;
iconflict with the young person’s own capacity to make privacy decisions; or
jotherwise be inappropriate or unlawful.

17.14 Information provided by parents or guardians

Parents and guardians may provide information to Yuzee about a child or young person.

This may include:

acontact information;
bconsent information;
ceducation information;
dsupport needs;
ehealth or disability information;
faccessibility information;
gdocuments;
hfamily circumstances;
icommunication preferences;
jRMO information;
koffer request information; and
lsupport requests.

Parents and guardians should provide only information that is relevant, accurate and authorised.

17.15 Information provided by schools, institutions or Organisations

Schools, institutions, employers, partners or Organisations may provide information about children or young people where authorised and permitted.

This may include:

astudent information;
beducation information;
ccourse interest information;
dpathway information;
esupport needs;
fattendance or participation information, where relevant;
gdocuments;
hOrganisation account records;
istaff notes;
jdashboard activity;
kRMO support information; and
lcommunication records.

Organisations must ensure they have authority to provide the information and must handle any information received from Yuzee lawfully, securely and only for permitted purposes.

17.16 Document uploads involving children and young people

Documents involving children and young people may contain sensitive information.

These documents may include:

aschool records;
btranscripts;
ccertificates;
dsupport letters;
edisability support documents;
fhealth-related documents;
gidentity documents;
hvisa or migration documents;
ifamily documents;
jfinancial hardship documents;
kresumes;
lportfolios;
mapplication documents;
noffer documents; and
oother files.

Users, parents, guardians and Organisations should only upload documents that are relevant and authorised.

Unnecessary sensitive information should be removed or redacted where practical.

17.17 RMO involving children and young people

Yuzee may allow RMO or offer request workflows involving children and young people where appropriate.

Before information is shared through RMO, Yuzee may require:

auser confirmation;
bparent or guardian consent;
cschool or institution involvement;
dOrganisation authorisation;
eadditional notice;
fadditional consent;
gdocument review;
hsensitive information review;
iage-related checks; or
jother safeguards Yuzee considers appropriate.

Yuzee will not intentionally share information about a child or young person with institutions, employers or partners through RMO unless there is an appropriate request, approval, consent, authorisation, legal basis or workflow notice.

17.18 Marketing to children and young people

Yuzee may apply additional care to marketing involving children and young people.

Where appropriate, Yuzee may:

alimit marketing to children and young people;
bavoid using sensitive information for marketing;
cavoid unrelated marketing based on vulnerability indicators;
davoid pressure-based marketing;
euse age-appropriate language;
finvolve parents or guardians;
grespect unsubscribe requests;
hrestrict partner promotions;
irestrict sponsored communications; and
jcomply with applicable law.

Yuzee may still send service, safety, account, privacy, RMO, support or legal communications where permitted.

17.19 Profiling and personalisation for children and young people

Yuzee may use profiles, AI, automation, matching systems and recommendations to personalise guidance for children and young people.

This may help suggest possible:

acourses;
bjobs;
cskills;
dpathways;
esupport options;
finstitutions;
gemployers;
hpartners;
iservices;
jRMO preparation steps; and
kissue indicators.

Yuzee uses profiling and personalisation for decision-support only.

Yuzee should not use profiles of children or young people to make final binding decisions for them unless Yuzee expressly states otherwise in a specific notice and has a lawful basis.

17.20 Safety and wellbeing

Yuzee may use information to support safety, wellbeing and platform integrity.

This may include identifying or responding to:

aharmful messages;
bbullying or harassment;
cinappropriate content;
dpredatory behaviour;
esuspicious contact;
fself-harm indicators;
gviolence indicators;
hexploitation risks;
ifake offers;
jfake documents;
kaccount misuse;
lprivacy concerns;
msecurity concerns;
nunauthorised adult access;
ounauthorised Organisation access;
punlawful activity; and
qother safety risks.

Yuzee does not guarantee that every safety issue will be detected, prevented or resolved.

If there is an immediate risk of harm, users should contact emergency services or an appropriate crisis support service.

17.21 Reporting concerns

Children, young people, parents, guardians, schools, institutions, Organisations and other users may contact Yuzee about privacy, safety or account concerns involving a child or young person.

Concerns may include:

aunauthorised account use;
bincorrect information;
cinappropriate communications;
dsuspicious contact;
emisuse of documents;
funauthorised sharing;
gRMO concerns;
hAI output concerns;
ibullying or harassment;
jprivacy concerns;
ksecurity concerns;
lmarketing concerns; or
mother safety concerns.

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Security contact: [insert security email]

Yuzee may ask for identity or authority verification before discussing information about a child or young person.

17.22 Emergency, safety and legal disclosures

Yuzee may use or disclose information about a child or young person where required or authorised by law, or where Yuzee reasonably considers it necessary for safety, security, legal or child protection reasons.

This may include disclosure to:

aparents or guardians;
bschools;
cinstitutions;
demployers;
epartners;
fsupport services;
gemergency services;
hchild protection authorities;
iregulators;
jlaw enforcement;
kcourts;
lprofessional advisers;
maffected users; or
nother relevant parties.

Yuzee will aim to share only the information reasonably necessary in the circumstances.

17.23 Data security for children and young people

Yuzee will take reasonable steps to protect personal information about children and young people.

These steps may include:

aaccess controls;
brole-based permissions;
cauthentication controls;
dsecure storage;
eprovider controls;
fstaff access limits;
glogging;
hmonitoring;
idata minimisation where appropriate;
jsensitive information controls;
kRMO sharing controls;
ldocument controls;
mincident response processes; and
nother safeguards Yuzee considers appropriate.

No online platform can guarantee absolute security.

17.24 Retention and deletion involving children and young people

Yuzee may retain information about children and young people for as long as reasonably needed for the purposes described in this Privacy Policy.

Yuzee may retain information for purposes such as:

aaccount management;
bprofile support;
cAI features;
dmatching;
eRMO;
foffer requests;
gsupport;
hcomplaints;
iprivacy requests;
jlegal compliance;
ksafety;
lsecurity;
mfraud prevention;
ndispute resolution;
oaudit;
pbackups;
qde-identification;
ranalytics; and
splatform improvement.

A child, young person, parent, guardian or authorised representative may request deletion of certain information, subject to applicable law, verification requirements, retention requirements and Yuzee’s ability to action the request.

17.25 Overseas processing involving children and young people

Information about children and young people may be processed in Australia and overseas where Yuzee uses service providers, AI providers, cloud providers, app stores, payment providers, analytics tools, communication providers, support tools, security tools or other providers.

Yuzee will take reasonable steps to manage privacy and security risks involving overseas processing.

Yuzee may apply additional care where sensitive information about children or young people may be processed overseas.

More information is set out in the International and Overseas Processing section of this Privacy Policy.

17.26 Third-party services and children

Children and young people may interact with third-party institutions, employers, partners, app stores, payment providers, AI providers, external websites or other services through or in connection with Yuzee.

Third parties may have their own privacy policies, terms, age rules, safety practices, consent processes and complaint processes.

Yuzee is not responsible for a third party’s independent privacy or safety practices, except to the extent required by law or expressly agreed in writing.

Parents, guardians, schools and young users should review third-party privacy policies and safety information before using third-party services.

17.27 If Yuzee learns a user is under the required age

If Yuzee learns or reasonably suspects that a user is under the required age for a feature, does not have capacity to consent, or does not have required parent, guardian, school, institution or Organisation involvement, Yuzee may take action.

This may include:

arequesting more information;
brequesting parent or guardian involvement;
crequesting Organisation verification;
dlimiting the account;
elimiting AI features;
flimiting document uploads;
glimiting RMO;
hlimiting communications;
isuspending the account;
jclosing the account;
kdeleting certain information;
lde-identifying certain information;
mretaining records where required; or
ntaking another step Yuzee considers appropriate.

17.28 Questions about children and young people

If a child, young person, parent, guardian, school, institution or Organisation has questions about privacy, consent, AI, RMO, data sharing, access, correction, deletion or safety, they can contact Yuzee.

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Security contact: [insert security email]

Yuzee may ask for identity or authority verification before responding to certain requests.

17.29 Changes to children and young people practices

Yuzee may update its practices for children and young people as the Platform, AI features, RMO workflows, legal requirements, safety expectations, provider arrangements and business operations change.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices, product notices, age notices, parent notices, school notices or Organisation notices.

Nothing in this Privacy Policy limits rights, remedies or obligations that cannot lawfully be excluded, restricted or modified.

Organisation, Institution, Employer and Partner Data

18.1 Overview

Yuzee may collect, use, disclose, store and manage information relating to Organisations, institutions, employers, partners and their staff users.

This section applies where Yuzee interacts with:

aschools;
bregistered training organisations;
cTAFEs;
duniversities;
eprivate colleges;
fshort-course providers;
gpathway providers;
hemployers;
irecruiters;
japprenticeship or traineeship providers;
kplacement hosts;
linternship providers;
mservice providers;
ncommunity organisations;
otechnology providers;
pfunding-related organisations;
qgovernment-related organisations;
rpartners;
sorganisation administrators;
tstaff users;
ubilling contacts;
vlegal contacts;
wsupport contacts; and
xother Organisations that interact with Yuzee.

Yuzee may handle Organisation information and personal information about Organisation staff, users, applicants, candidates, students, contacts and other individuals.

18.2 Organisation Account information

Yuzee may collect and use information to create, manage, operate and support Organisation Accounts.

This may include:

aorganisation name;
btrading name;
cABN, ACN or other business identifier;
dorganisation type;
einstitution type;
femployer type;
gpartner type;
hbusiness address;
iwebsite;
jpublic contact details;
kadministrator details;
lstaff user details;
mbilling contact details;
nlegal contact details;
osupport contact details;
paccount settings;
qpermissions;
rdashboard settings;
ssubscription status;
tplan details;
ucredit usage;
vtop-up records;
wbilling records;
xsupport records; and
yother information needed to manage the Organisation Account.

18.3 Staff user information

Yuzee may collect personal information about staff users who access Yuzee on behalf of an Organisation.

This may include:

aname;
bwork email address;
cphone number;
djob title;
edepartment;
frole;
gpermissions;
hlogin records;
idashboard activity;
jCRM activity;
kRMO activity;
loffer response activity;
msupport requests;
ncommunication records;
obilling activity, where relevant;
padministrator actions;
qaudit logs; and
rother information needed to provide, secure and manage Organisation services.

Organisation staff users should only use Yuzee if they are authorised by their Organisation.

18.4 Organisation administrator responsibilities

Organisation administrators are responsible for managing access to Organisation Accounts.

This includes responsibility for:

ainviting authorised staff only;
bassigning appropriate roles;
cmanaging permissions;
dremoving access when staff leave;
eremoving access when staff change roles;
favoiding shared accounts;
gprotecting administrator credentials;
hreviewing dashboard access;
imonitoring staff use;
jensuring information is used only for permitted purposes;
kreporting suspicious activity;
lreporting unauthorised access;
mcomplying with Yuzee agreements;
ncomplying with privacy laws; and
ocomplying with internal Organisation policies.

Yuzee may suspend, restrict or remove Organisation access where Yuzee reasonably believes there is a privacy, security, misuse, fraud, legal, compliance or platform risk.

18.5 Organisation-provided information

Organisations may provide information to Yuzee.

This may include:

aorganisation profile information;
bcourse information;
cjob information;
dservice information;
epathway information;
fadmissions information;
geligibility information;
hfunding information;
ioffer information;
javailability information;
klocation information;
lstaff information;
muser information;
napplicant information;
ocandidate information;
pstudent information;
qemployer information;
rpartner information;
sdocuments;
tcommunications;
usupport records; and
vother information relevant to Yuzee’s services.

Organisations must ensure they have authority to provide information to Yuzee.

18.6 Accuracy of Organisation information

Organisations are responsible for ensuring that information they provide to Yuzee is accurate, current, complete, lawful and not misleading.

This includes information about:

acourses;
bjobs;
cservices;
dpathways;
eoffers;
feligibility;
gentry requirements;
hfees;
ifunding;
jlocations;
kdelivery modes;
lavailability;
mstart dates;
nemployment conditions;
ostaff users;
pOrganisation contacts;
qlegal status;
raccreditation;
sregistration;
tlicensing; and
uother information provided to Yuzee.

Yuzee may rely on Organisation-provided information to provide matching, recommendations, RMO, offer workflows, dashboards, reporting and support.

Yuzee does not independently verify every item of Organisation-provided information unless Yuzee expressly states otherwise.

18.7 Course, job and service information

Yuzee may collect and use course, job and service information from Organisations.

This may include:

acourse names;
bcourse codes;
cqualification levels;
dcourse descriptions;
eentry requirements;
ffees;
gfunding availability;
hdelivery mode;
icampus or location;
jonline availability;
kstart dates;
lduration;
mplacement requirements;
nwork-integrated learning details;
oaccreditation or registration details;
pjob titles;
qjob descriptions;
remployment type;
slocation;
tskills required;
uexperience required;
vsalary or wage information, where provided;
wservice descriptions;
xsupport services; and
yother information relevant to users.

This information may be used for matching, recommendations, search, RMO, reporting, analytics, data quality checks and platform improvement.

18.8 User information shared with Organisations

Yuzee may share user information with Organisations where permitted by this Privacy Policy, a Collection Notice, a consent notice, a product notice, Yuzee’s Terms and Conditions, an agreement with Yuzee, user request, user approval or applicable law.

This may include sharing information for:

aRequest Multiple Offers;
boffer requests;
ccourse enquiries;
djob enquiries;
eservice enquiries;
fapplication support;
gdocument review;
hpathway support;
iuser support;
jOrganisation dashboard functions;
kCRM workflows;
lcomplaint handling;
mdispute resolution;
nsafety or security matters; and
olegal or compliance purposes.

Where practical and appropriate, Yuzee aims to share only the information reasonably necessary for the relevant purpose.

18.9 Request Multiple Offers and Organisation recipients

Organisations may receive user information through Request Multiple Offers.

This may include information such as:

auser name;
bcontact details;
cprofile summary;
deducation history;
ework history;
fskills;
ggoals;
hpreferences;
ilocation preferences;
jcourse interests;
kjob interests;
lsupport needs;
mdocuments;
nRMO request details;
oAI-supported summaries;
phuman-reviewed summaries, where applicable;
qoffer request information; and
rother information relevant to the RMO workflow.

Organisations must use RMO information only for permitted purposes, such as assessing, responding to or supporting the relevant user request.

18.10 Organisation use of user information

Organisations that receive user information through Yuzee must handle that information lawfully, securely and only for permitted purposes.

Unless Yuzee expressly agrees otherwise in writing, Organisations must not:

ause user information for unrelated purposes;
bsell user information;
cshare user information without authority;
duse user information for unrelated marketing;
euse user information for unlawful discrimination;
fuse user information to mislead users;
guse user information to create fake offers;
huse user information to contact users outside permitted workflows where not authorised;
iscrape user information;
jcombine user information with unrelated data in a way that breaches law;
kuse user information for unauthorised profiling;
luse user information to train unrelated AI systems without authority;
mexpose user information through insecure systems;
nallow unauthorised staff access; or
ootherwise misuse user information.

18.11 Organisation privacy obligations

Organisations may have their own privacy, data protection, security, consumer, education, employment, anti-discrimination, spam, record-keeping and legal obligations.

Organisations are responsible for complying with their own obligations.

This may include obligations to:

aprovide privacy notices;
bcollect information lawfully;
cuse information only for permitted purposes;
dobtain consent where required;
eprotect personal information;
fmanage staff access;
grespond to access or correction requests;
hrespond to deletion requests where applicable;
imanage marketing consent;
jhandle complaints;
krespond to data breaches;
lavoid misleading or deceptive conduct;
mavoid unlawful discrimination;
nkeep course, job and service information accurate; and
ocomply with applicable law.

Yuzee is not responsible for an Organisation’s independent privacy practices, except to the extent required by law or expressly agreed in writing.

18.12 Organisation dashboards

Yuzee may provide Organisations with dashboards.

Dashboards may allow authorised Organisation users to access or manage:

aOrganisation profile information;
bstaff users;
cpermissions;
dcourse information;
ejob information;
fservice information;
gRMO requests;
hoffer request information;
iuser communications;
jCRM records;
kresponse status;
lreporting;
mbilling;
ncredits;
osubscription information;
psupport records;
qanalytics; and
rother Organisation features.

Dashboard access may be subject to role-based permissions, Organisation settings, Yuzee controls and applicable agreements.

18.13 CRM tools

Yuzee may provide CRM or relationship management tools to Organisations.

CRM tools may help Organisations manage:

auser enquiries;
bRMO requests;
coffer responses;
dcourse interest;
ejob interest;
fcommunications;
gstatus updates;
hfollow-ups;
idocuments;
jnotes;
ktasks;
lstaff assignments;
mreporting;
nconversion information;
osupport activity; and
pother permitted workflows.

Organisations must use CRM tools lawfully and only for permitted purposes.

18.14 Organisation notes and internal records

Organisation staff may create notes, records, statuses, tags, comments or other information in Yuzee dashboards or CRM tools.

These records may include personal information about users.

Organisations must ensure that Organisation notes and records are accurate, respectful, relevant, lawful and not discriminatory.

Organisations should not enter unnecessary sensitive information, offensive comments, irrelevant opinions or information they are not authorised to record.

Yuzee may access Organisation notes or records where reasonably needed for support, security, privacy, compliance, dispute resolution, legal purposes, platform improvement or account management.

18.15 Organisation communications with users

Organisations may communicate with users through Yuzee or outside Yuzee where permitted.

Organisation communications may relate to:

aRMO responses;
boffer requests;
ccourse information;
djob information;
eservice information;
feligibility questions;
gdocument requests;
hinterview or meeting requests;
iapplication steps;
jenrolment steps;
kemployment steps;
lsupport questions;
mcomplaints; and
nother permitted purposes.

Organisations must communicate lawfully, respectfully and accurately.

Organisations must not send spam, misleading messages, fake offers, discriminatory messages, harmful content, harassment, pressure-based communications or unrelated marketing unless authorised and permitted by law.

18.16 Sponsored, promoted or partner Organisations

Some Organisations may have commercial, subscription, partner, promoted, sponsored, referral or other business relationships with Yuzee.

These relationships may affect:

aOrganisation access to dashboards;
bOrganisation ability to respond to RMO;
cvisibility of Organisation information;
davailability of certain features;
esupport level;
freporting access;
gsponsored placement where displayed;
hpartner communications; or
icommercial workflows.

A commercial relationship does not guarantee that an Organisation, course, job, service or offer is suitable for a user.

Where reasonably required or appropriate, Yuzee may label sponsored, promoted, partner or commercial relationships.

18.17 Organisation reporting and analytics

Yuzee may provide Organisations with reporting and analytics.

Reports may include:

adashboard activity;
bRMO activity;
coffer request activity;
dresponse times;
ecourse interest;
fjob interest;
guser engagement;
hconversion indicators;
icommunication activity;
jsubscription usage;
kcredit usage;
lstaff activity;
mservice performance;
naggregated user trends;
ode-identified insights;
pbenchmarking;
qmarket insights; and
rother permitted reporting.

Where reasonably appropriate, Yuzee may use aggregated or de-identified information in Organisation reports.

Yuzee should not provide Organisations with unnecessary sensitive information in reports unless there is a lawful basis, appropriate safeguards and consent where required.

18.18 Staff activity monitoring

Yuzee may collect and use Organisation staff activity information.

This may include:

alogin records;
baccess logs;
cdashboard activity;
dCRM activity;
eRMO activity;
foffer response activity;
gnotes created;
hdocuments accessed;
imessages sent;
jpermissions changed;
kbilling actions;
lsupport requests;
msecurity events;
nsuspicious activity; and
oaudit logs.

Yuzee may use staff activity information for account management, security, audit, support, billing, compliance, dispute resolution, fraud prevention, misuse detection and platform improvement.

Organisations may also use staff activity records for their own lawful internal purposes.

18.19 Data quality and Organisation information checks

Yuzee may use AI, automation, staff review, user feedback, public data, third-party data and internal checks to assess Organisation information quality.

This may include checking for:

aoutdated course information;
boutdated job information;
cinconsistent fees;
dmissing entry requirements;
eunavailable courses;
funavailable jobs;
gduplicate records;
hbroken links;
imisleading descriptions;
jsuspicious offers;
kfake Organisations;
lfake staff users;
minaccurate contact details;
npoor response quality;
ouser complaints;
ppolicy breaches;
qprivacy risks; and
rother issues.

Yuzee does not guarantee that every issue will be detected, prevented or corrected.

18.20 Organisation use of AI

Organisations may use Yuzee AI features, automation, dashboards, CRM tools, summaries, recommendation tools, reporting or related functionality where available.

If Organisations use AI features, they must use them lawfully, responsibly and only for permitted purposes.

Organisations must not use AI features to:

aunlawfully discriminate;
bmake unfair or misleading decisions;
cgenerate fake offers;
dmisrepresent course, job or service information;
emislead users;
fharass or pressure users;
gcreate unlawful content;
hprocess user information without authority;
itrain unrelated AI systems without authority;
jextract Yuzee prompts or system instructions;
kreverse engineer Yuzee systems;
lbypass safety controls;
mscrape data;
nmisuse personal information; or
obreach law, Yuzee’s Terms or Organisation agreements.

18.21 Organisation security responsibilities

Organisations must take reasonable steps to protect information accessed through Yuzee.

This includes responsibility for:

asecure staff accounts;
bstrong passwords;
cappropriate access permissions;
dremoving former staff access;
eprotecting dashboards;
fprotecting downloaded information;
gprotecting exported reports;
hprotecting documents;
iavoiding shared logins;
jlimiting internal sharing;
kmonitoring staff activity;
lreporting suspected breaches;
mcooperating with Yuzee investigations;
ncomplying with data breach obligations;
osecuring Organisation systems; and
pcomplying with applicable law.

Yuzee may not control what happens to information after an Organisation downloads, exports, copies or stores it outside Yuzee.

18.22 Organisation data breaches

If an Organisation becomes aware of a suspected or confirmed data breach involving Yuzee information, the Organisation should notify Yuzee promptly.

This may include incidents involving:

aunauthorised dashboard access;
bstaff account compromise;
cunauthorised document access;
dunauthorised sharing;
eaccidental disclosure;
fincorrect recipient disclosure;
glost devices;
hdownloaded report exposure;
iexported data exposure;
jCRM misuse;
kRMO information exposure;
lfake offers;
mphishing;
nmalware;
ocyberattack; or
pother privacy or security incidents.

Organisations may have their own legal obligations to notify affected individuals, regulators or other parties.

18.23 Data sharing records involving Organisations

Yuzee may keep records of information shared with or received from Organisations.

These records may include:

auser consent records;
bRMO sharing records;
coffer request records;
dOrganisation recipient details;
edate and time of sharing;
finformation shared;
gstaff user involved;
hresponse status;
icommunication records;
jdashboard records;
ksupport records;
lcomplaint records;
maudit logs;
nlegal records; and
osecurity records.

Yuzee may use these records for service delivery, support, privacy compliance, legal compliance, audit, billing, dispute resolution, fraud prevention, security, RMO management and platform improvement.

18.24 Organisation requests about user information

Organisations may ask Yuzee to provide, correct, delete, restrict or update user information.

Yuzee may assess such requests based on:

athe user’s rights;
bthe Organisation’s authority;
cthe purpose of the request;
dprivacy law;
econsent records;
fRMO records;
gcontractual obligations;
hlegal obligations;
isecurity risks;
jdispute records;
kaudit requirements;
ltechnical availability; and
mYuzee’s internal processes.

Yuzee may refuse, limit or delay Organisation requests where Yuzee considers it appropriate or legally required.

18.25 User requests involving Organisations

Users may ask Yuzee about information shared with Organisations.

Depending on the request, Yuzee may:

aprovide information about what was shared;
bprovide information about when sharing occurred;
cprovide information about the Organisation recipient;
dcorrect Yuzee-held information;
eupdate a profile;
fupdate an RMO record;
gcontact the Organisation;
hask the user to contact the Organisation directly;
irestrict further sharing;
jdelete information from Yuzee systems where available and appropriate;
kretain records where required; or
ltake another reasonable step.

Yuzee may not be able to access, correct or delete information held independently by an Organisation after it has received the information.

18.26 Organisation retention of information

Organisations may retain information received through Yuzee according to their own privacy policies, record-keeping rules, legal obligations and systems.

This may include information received through:

aRMO;
boffer requests;
ccourse enquiries;
djob enquiries;
edocuments;
fcommunications;
gCRM exports;
hdashboard exports;
ireports;
jsupport workflows; or
kother Yuzee features.

Yuzee may not control Organisation retention after information has been shared, except to the extent required by law or expressly agreed in writing.

18.27 Organisation exports and downloads

Organisations may be able to export, download, copy or store information from Yuzee where permitted.

Organisations are responsible for protecting exported or downloaded information.

Yuzee may not control information once it is exported, downloaded, copied, printed, emailed, screenshot, transferred or stored outside Yuzee.

Organisations should avoid exporting or downloading personal information unless reasonably necessary and authorised.

18.28 Organisation integration and APIs

Yuzee may provide or support integrations, APIs, imports, exports or connected systems for Organisations.

These may allow information to move between Yuzee and Organisation systems or third-party tools.

Integrations may involve:

auser information;
bRMO information;
coffer request information;
dcourse information;
ejob information;
fdocuments;
gcommunications;
hdashboard data;
iCRM records;
jbilling records;
kanalytics;
lreporting; and
mtechnical logs.

Organisations must ensure integrations are authorised, secure, lawful and used only for permitted purposes.

Yuzee may restrict or disable integrations where Yuzee reasonably considers there is a privacy, security, legal, fraud, misuse or platform risk.

18.29 Organisation marketing and communications

Organisations may wish to communicate with users for course, job, offer, service, marketing or follow-up purposes.

Organisations must ensure that any marketing or electronic communications comply with applicable law and user preferences.

Organisations must not use user information received through Yuzee for unrelated marketing unless authorised, permitted by law and consistent with applicable notices or consent.

Yuzee may restrict Organisation access or take action where Yuzee reasonably believes an Organisation is sending spam, misleading communications, unrelated marketing, pressure-based messages, discriminatory communications or harmful content.

18.30 Organisation responsibility for lawful basis

Organisations are responsible for ensuring they have a lawful basis for any personal information they provide to Yuzee or receive from Yuzee.

This includes ensuring that they have appropriate authority, consent, notice, contractual basis, legal basis or other lawful basis for:

aproviding staff information;
bproviding user information;
caccessing user information;
dreceiving RMO information;
eresponding to offer requests;
fcontacting users;
gusing documents;
husing CRM records;
iexporting reports;
jusing analytics;
kusing AI features;
lsharing information internally;
msharing information externally; and
nretaining information.

18.31 Yuzee’s rights to restrict Organisation access

Yuzee may suspend, restrict, limit, remove or terminate Organisation access where Yuzee reasonably considers it necessary.

This may include where there is:

aprivacy risk;
bsecurity risk;
cdata breach risk;
dmisuse;
esuspected fraud;
ffake offers;
gmisleading information;
hunlawful discrimination;
ispam;
junauthorised marketing;
kuser complaints;
lregulator concern;
mlegal risk;
npayment issue;
obreach of Yuzee terms;
pbreach of Organisation agreement;
qplatform abuse; or
rother risk to users, Organisations, Yuzee or the Platform.

18.32 Changes to Organisation data practices

Yuzee may update Organisation data practices over time as the Platform, AI features, dashboards, CRM tools, RMO workflows, integrations, legal requirements, Organisation needs, provider arrangements and business operations change.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Organisation agreements, Collection Notices, consent notices, product notices or dashboard notices.

18.33 Contact about Organisation data

Users and Organisations can contact Yuzee about Organisation data, staff information, user information shared with Organisations, RMO records, dashboard access, privacy requests, correction requests, complaints or security concerns.

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Security contact: [insert security email]

Yuzee may ask for identity, authority or Organisation verification before responding to certain requests.

Third-Party Services and Providers

19.1 Overview

Yuzee may use third-party services, providers, tools, platforms, integrations and Organisations to provide, operate, protect, personalise, support and improve the Platform.

These third parties may help Yuzee with:

aAI features;
bcloud hosting;
cdata storage;
ddatabase services;
epayment processing;
fapp-store purchases;
ganalytics;
hcrash reporting;
icommunication delivery;
jcustomer support;
ksecurity monitoring;
lfraud prevention;
mmarketing attribution;
nproduct improvement;
odocument processing;
pRequest Multiple Offers;
qoffer request workflows;
rorganisation dashboards;
sreporting;
tprofessional advice; and
uother services needed to operate Yuzee.

Yuzee may share information with third parties where reasonably necessary for the purposes described in this Privacy Policy, any applicable Collection Notice, consent notice, product notice, Terms and Conditions, Organisation agreement or applicable law.

19.2 Types of third-party providers Yuzee may use

Yuzee may use third-party providers such as:

aAI providers;
bcloud hosting providers;
cdata storage providers;
ddatabase providers;
einfrastructure providers;
fpayment providers;
gapp stores;
hbanks and card networks;
ianalytics providers;
jcrash reporting providers;
kmonitoring providers;
lemail providers;
mSMS providers;
nphone providers;
opush notification providers;
psupport tools;
qCRM tools;
rhelp desk tools;
smarketing tools;
tattribution tools;
upaywall or subscription tools;
vsecurity providers;
wfraud prevention providers;
xidentity or verification providers, if used;
yprofessional advisers;
zinstitutions;
aaemployers;
abpartners;
acpublic data providers;
adcommercial data providers;
aelicensed data providers; and
afother providers that support Yuzee’s services.

19.3 Why Yuzee uses third parties

Yuzee may use third parties because they help Yuzee provide services that are secure, scalable, useful, reliable and practical.

Third parties may help Yuzee:

aprovide AI-supported guidance;
bprocess prompts and AI outputs;
chost the Platform;
dstore user information;
eprocess documents;
fprocess payments;
gmanage app subscriptions;
hsend emails;
isend SMS messages;
jsend push notifications;
krespond to support requests;
lmonitor system performance;
mdetect crashes;
ndetect fraud;
odetect misuse;
pimprove security;
qanalyse usage;
rimprove user experience;
smanage RMO workflows;
tconnect users with Organisations;
uprovide dashboards;
vimprove recommendations;
wimprove data quality;
xprovide professional advice; and
ycomply with legal obligations.

19.4 AI providers

Yuzee may use third-party AI providers to provide or support AI features.

AI providers may include providers such as:

aGoogle Gemini;
bAnthropic Claude;
cOpenAI/ChatGPT;
dxAI/Grok; and
eother current or future AI providers.

Yuzee may use AI providers for:

aAI chat;
bpersonalised guidance;
ccourse suggestions;
djob suggestions;
eskills analysis;
fpathway suggestions;
gdocument review;
hdocument summaries;
iRMO preparation;
joffer request support;
ksuitability explanations;
lsupport responses;
missue detection;
nmoderation;
odata classification;
pdata quality checks;
qproduct improvement; and
rother AI-supported features.

19.5 Information processed by AI providers

Where reasonably necessary, Yuzee may send information to AI providers.

This may include:

aprompts;
bmessages;
cAI chat history;
duploaded documents;
edocument extracts;
fprofile context;
ggoals;
hpreferences;
ieducation information;
jwork information;
kskills information;
lRMO information;
moffer request information;
nsupport information;
oAI outputs;
pusage records;
qerror logs;
rquality signals; and
srelated metadata.

Yuzee will take reasonable steps to manage privacy and security risks when using AI providers.

Where reasonably available and appropriate, Yuzee aims to configure third-party AI services so that personal information is not used to train public or general AI models.

If Yuzee materially changes this approach, Yuzee will update its notices or seek consent where required by law.

19.6 AI provider limitations

Third-party AI providers may have their own:

aprivacy policies;
bsecurity practices;
cterms;
dprocessing locations;
emodel behaviour;
ftechnical limits;
gavailability limits;
hretention practices;
idata-handling practices;
jsafety systems;
kerror rates;
lservice interruptions; and
mlegal obligations.

Yuzee is not responsible for a third-party AI provider’s independent acts, omissions, outages, model behaviour, legal compliance or data practices except to the extent required by law or expressly agreed in writing.

19.7 Cloud, hosting and infrastructure providers

Yuzee may use cloud, hosting, infrastructure, database, backup, logging and monitoring providers.

These providers may help Yuzee:

ahost the website;
bhost the app;
chost databases;
dstore user profiles;
estore uploaded documents;
foperate AI features;
goperate matching systems;
hoperate RMO workflows;
ioperate Organisation dashboards;
jmanage technical logs;
kmanage backups;
lsupport disaster recovery;
mmonitor system performance;
ndetect errors;
osupport security; and
pkeep the Platform available.

Cloud and infrastructure providers may process information in Australia or overseas.

19.8 Payment providers, app stores and billing tools

Yuzee may use third-party payment providers, app stores, banks, card networks, subscription tools or billing tools.

These providers may process information relating to:

apaid plans;
bsubscriptions;
cpurchases;
dcredits;
etop-ups;
fRMO Review Passes;
ginvoices;
hreceipts;
ipayment status;
jfailed payments;
krefunds;
lchargebacks;
mpayment disputes;
napp-store purchases;
oentitlement records; and
pbilling support.

Yuzee does not need to store full payment card details where payments are processed by third-party payment providers.

Payment providers, app stores, banks and card networks may have their own privacy policies, terms, security controls, dispute processes and legal obligations.

19.9 Analytics, product and performance providers

Yuzee may use analytics, product, performance, crash reporting, experimentation, attribution, paywall or monitoring providers.

These providers may help Yuzee:

aunderstand website usage;
bunderstand app usage;
cunderstand feature usage;
dmeasure onboarding;
emeasure profile completion;
fmeasure AI feature use;
gmeasure document workflow use;
hmeasure RMO workflow use;
imeasure payment and subscription activity;
jdetect crashes;
kdetect errors;
limprove user experience;
mimprove platform performance;
nimprove matching;
oimprove recommendations;
pimprove AI features;
qimprove support;
rdetect misuse;
sprevent fraud; and
timprove business operations.

Where reasonably appropriate, Yuzee may use de-identified, aggregated, minimised, redacted, bucketed or limited information for analytics and product improvement.

Yuzee should not intentionally send raw sensitive information, raw uploaded documents, raw counselling-style notes, raw AI chats, identity documents, detailed health information, disability information or similar high-risk information to analytics, attribution, advertising or paywall tools unless there is a lawful basis, appropriate safeguards and consent where required.

19.10 Communication providers

Yuzee may use communication providers to send and manage messages.

These providers may support:

aemail;
bSMS;
cphone calls;
dpush notifications;
ein-app messages;
fdashboard notices;
gsupport messages;
hverification codes;
ipassword reset messages;
jRMO updates;
koffer request updates;
lpayment notices;
msubscription notices;
nmarketing messages where permitted;
oprivacy notices;
plegal notices; and
qsecurity notices.

Communication providers may process contact details, message content, delivery status, response data, unsubscribe records and related metadata.

19.11 Customer support and help desk providers

Yuzee may use customer support, help desk, chat, ticketing or support management tools.

These tools may process information such as:

aname;
bemail address;
cphone number;
daccount details;
esupport request details;
fcomplaint details;
gprivacy request details;
hscreenshots;
iuploaded files;
jtechnical logs;
kbilling information;
lRMO information;
mOrganisation information;
nsupport notes;
ostaff responses;
presolution records; and
qrelated metadata.

Yuzee may use these tools to respond to users, manage support, investigate issues, handle complaints, improve service quality and keep support records.

19.12 Security and fraud prevention providers

Yuzee may use security, monitoring, authentication, fraud prevention, abuse detection or risk management providers.

These providers may help Yuzee detect, prevent or respond to:

aunauthorised access;
bsuspicious logins;
caccount takeover;
dfake accounts;
efake documents;
ffake offers;
gpayment fraud;
hsubscription misuse;
icredit misuse;
jRMO misuse;
kAI misuse;
lprompt injection;
mspam;
nscraping;
obot activity;
pharmful communications;
qprivacy risks;
rdata breaches;
scyberattacks; and
tother misuse or security risks.

Security providers may process technical information, device information, IP addresses, account activity, logs, risk signals, fraud signals and related metadata.

19.13 Institutions, employers and partners

Yuzee may share information with institutions, employers and partners where relevant to the user’s use of the Platform.

This may include sharing information for:

acourse matching;
bjob matching;
cpathway support;
dRequest Multiple Offers;
eoffer requests;
fuser-approved introductions;
gdocument review;
happlication support;
iservice referrals;
juser support;
kcomplaint handling;
ldispute resolution;
mreporting where permitted; and
nother services requested by the user or permitted by law.

Institutions, employers and partners may have their own privacy policies, terms, systems, security practices, retention practices and legal obligations.

Yuzee is not responsible for an institution’s, employer’s or partner’s independent handling of personal information except to the extent required by law or expressly agreed in writing.

19.14 Public, government, commercial and licensed data providers

Yuzee may use public, government, commercial, licensed, partner, research and third-party data sources.

These may include:

aABS data;
bAustralian Government data;
cstate and territory government data;
dlocal government data;
eregulator data;
feducation data;
gtraining data;
hlabour market data;
iskills data;
joccupation data;
kdemographic data;
lsuburb and postcode data;
mcost-of-living data;
ntransport data;
ohousing or rent data;
pglobal datasets;
qresearch publications;
rmarket research;
spublic websites;
tcommercial datasets; and
ulicensed datasets.

Yuzee may use these sources for matching, recommendations, AI guidance, research and development, analytics, data quality, pathway modelling, cost-of-living estimates, location insights and platform improvement.

External sources may be incomplete, delayed, inaccurate, revised, unavailable, inconsistent, aggregated, sampled or unsuitable for a specific purpose.

19.15 Professional advisers and business service providers

Yuzee may share information with professional advisers and business service providers where reasonably necessary.

These may include:

alawyers;
baccountants;
cauditors;
dinsurers;
etax advisers;
fprivacy advisers;
gsecurity advisers;
hconsultants;
ibusiness advisers;
jinvestors or prospective investors;
kdue diligence advisers;
lcorporate transaction advisers; and
mother professional service providers.

This may be needed for legal advice, accounting, tax, audit, insurance, governance, compliance, dispute resolution, security review, business planning, investment, funding, due diligence, merger, acquisition, restructure or other business purposes.

Where appropriate, Yuzee may use confidentiality arrangements, data minimisation, de-identification, aggregation or other safeguards.

19.16 Third-party integrations and APIs

Yuzee may support integrations, APIs, imports, exports or connected services.

These may allow information to move between Yuzee and:

aOrganisation systems;
bCRM systems;
cpayment systems;
dapp stores;
eanalytics tools;
fcommunication tools;
gsupport tools;
hAI tools;
idocument tools;
jsecurity tools;
kdata providers;
linstitution systems;
memployer systems;
npartner systems; or
oother connected services.

Where a user or Organisation enables or uses an integration, information may be shared with the connected service.

The connected service may have its own privacy policy, terms, security practices and retention practices.

19.17 External websites and links

Yuzee may link to external websites, apps, platforms, forms, documents or services.

External services may include:

ainstitution websites;
bemployer websites;
cpartner websites;
dgovernment websites;
eregulator websites;
fpayment pages;
gapp stores;
hsocial media platforms;
ivideo platforms;
jmaps;
kforms;
lsurveys;
mlearning platforms;
ncareer platforms; and
oother external services.

Yuzee does not control the privacy, security, content, accuracy, availability or practices of external services.

Users should review the relevant third-party privacy policy and terms before using an external service or providing information to a third party.

19.18 Third-party provider access

Third-party providers may access or process information only where relevant to the services they provide to Yuzee, subject to applicable law, provider arrangements and technical controls.

Yuzee may use safeguards such as:

aprovider due diligence;
bcontractual terms;
cconfidentiality obligations;
dprivacy obligations;
esecurity obligations;
faccess controls;
grole-based permissions;
hdata minimisation;
iprovider configuration;
jretention controls;
kincident notification obligations;
ldeletion or return requirements;
maudit or review rights where appropriate; and
nother safeguards Yuzee considers appropriate.

19.19 Third-party provider locations

Third-party providers may operate in Australia or overseas.

Personal information may be processed, stored, accessed or supported in countries where those providers operate.

This may include Australia, the United States, Canada, the United Kingdom, the European Union or European Economic Area, Singapore, New Zealand, India, Japan, Malaysia, the Philippines or other countries.

The countries involved may change as Yuzee’s providers, infrastructure, services and business operations change.

More information is set out in the International and Overseas Processing section of this Privacy Policy.

19.20 Third-party provider security

Yuzee will take reasonable steps to select and manage providers appropriate for the relevant service and risk level.

However, third-party providers may experience:

aoutages;
berrors;
ccyber incidents;
ddata breaches;
eservice interruptions;
ftechnical changes;
gmodel changes;
hAPI changes;
iprice changes;
jpolicy changes;
klegal changes;
laccess restrictions;
maccount limitations; or
nother issues outside Yuzee’s direct control.

Yuzee is not responsible for a third-party provider’s independent acts, omissions, outages, errors, security incidents, policy changes or legal compliance except to the extent required by law or expressly agreed in writing.

19.21 Third-party provider retention

Third-party providers may retain information according to their own systems, privacy policies, terms, legal obligations and provider settings.

Yuzee may request deletion, return, restriction or de-identification from third-party providers where appropriate and within Yuzee’s control.

Yuzee may not be able to control information that a third party independently holds, receives directly from a user, receives through a user-approved workflow, or is required to retain by law.

19.22 User choices involving third-party services

Users may have choices that affect third-party processing.

This may include choices about:

awhether to use AI features;
bwhether to upload documents;
cwhether to use RMO;
dwhether to share information with institutions;
ewhether to share information with employers;
fwhether to share information with partners;
gwhether to use paid services;
hwhether to make app-store purchases;
iwhether to enable app permissions;
jwhether to receive marketing;
kwhether to use external links;
lwhether to use third-party integrations; and
mwhether to provide optional information.

Some third-party processing may be necessary to provide certain features. If a user chooses not to use a required third-party-supported feature, Yuzee may not be able to provide the relevant service.

19.23 Sensitive information and third-party providers

Yuzee will take additional care where sensitive information may be processed by third-party providers.

Where reasonably appropriate, Yuzee may minimise, redact, restrict, de-identify, aggregate or avoid sharing sensitive information with third-party providers.

Some processing of sensitive information by third-party providers may still occur where reasonably necessary to provide the relevant service, process documents, provide AI features, manage RMO, provide support, protect safety, comply with law or operate the Platform.

19.24 Children and young people

Yuzee may apply additional care when third-party providers process information about children and young people.

Where appropriate, Yuzee may:

alimit the information shared;
blimit sensitive information;
cuse additional notices;
dinvolve a parent or guardian;
einvolve a school or Organisation;
fuse age-appropriate explanations;
grestrict marketing-related processing;
hrestrict unrelated profiling;
ireview provider suitability; and
japply other safeguards Yuzee considers appropriate.

19.25 Third-party marketing and advertising tools

Yuzee may use third-party marketing, advertising, attribution or campaign tools where permitted by law.

These tools may help Yuzee measure campaigns, manage referrals, understand conversions, improve marketing, manage communications and improve service relevance.

Yuzee does not intend to share raw sensitive information for unrelated marketing.

Where reasonably appropriate, Yuzee may use de-identified, aggregated, minimised, redacted, bucketed or limited information for marketing analytics and attribution.

Users may opt out of marketing communications where required or available.

19.26 Third-party responsibilities

Third parties that receive or process information may have their own legal, privacy, security, data breach, consumer, education, employment, anti-discrimination, spam, record-keeping and compliance obligations.

Third parties are responsible for complying with their own obligations.

This may include obligations to:

aprovide privacy notices;
bcollect information lawfully;
cuse information only for permitted purposes;
dobtain consent where required;
eprotect personal information;
fmanage staff access;
grespond to access or correction requests;
hrespond to deletion requests where applicable;
imanage marketing consent;
jhandle complaints;
krespond to data breaches;
lavoid misleading or deceptive conduct;
mavoid unlawful discrimination;
nkeep information accurate; and
ocomply with applicable law.

19.27 Provider changes

Yuzee may add, remove, replace or change third-party providers over time.

This may happen because of changes to:

atechnology;
bAI models;
ccloud infrastructure;
dpayment systems;
eapp stores;
fanalytics tools;
gcommunication tools;
hsupport tools;
isecurity tools;
jRMO workflows;
kOrganisation tools;
llegal requirements;
mprovider performance;
nprovider pricing;
oprovider availability;
puser needs; or
qbusiness operations.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices, product notices or account settings to reflect material provider changes.

19.28 If a third-party service is unavailable

Yuzee may rely on third-party services for important Platform functions.

If a third-party service is unavailable, delayed, restricted, changed, suspended or discontinued, some Yuzee features may be affected.

This may affect:

aAI features;
bdocument review;
cmatching;
dRMO;
eoffer request workflows;
fpayments;
gsubscriptions;
happ-store purchases;
ianalytics;
jcommunications;
ksupport;
ldashboards;
msecurity monitoring;
ndata storage; or
oother Platform features.

Yuzee may change providers, suspend features, limit access, modify functionality or take other steps Yuzee considers appropriate.

19.29 User responsibility when using third-party services

Users should review third-party privacy policies and terms before using third-party services or providing information to third parties.

This is especially important where users:

aclick external links;
bcontact institutions directly;
ccontact employers directly;
dcontact partners directly;
euse app stores;
fuse payment providers;
guse external forms;
hupload information to third-party websites;
iaccept third-party offers;
juse external AI tools;
kdownload or export Yuzee information; or
lcommunicate outside Yuzee.

Yuzee may not be able to control information once it is provided directly to a third party or shared outside the Platform.

19.30 Questions about third-party providers

Users can contact Yuzee with questions about third-party services, providers, integrations, AI providers, payment providers, app stores, analytics tools, communication providers, RMO recipients or overseas processing.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask users to verify their identity before responding to certain privacy requests.

Data Sources, Research and Development

20.1 Overview

Yuzee may use data from many sources to provide, personalise, operate, protect, improve and develop the Platform.

These sources may include:

ainformation provided by users;
binformation generated through user activity;
cuploaded documents;
dAI prompts, chats and outputs;
eRequest Multiple Offers information;
finformation provided by institutions;
ginformation provided by employers;
hinformation provided by partners;
iOrganisation dashboard information;
jpublic data;
kgovernment data;
lABS data;
mstate and territory data;
nlocal government data;
oregulator data;
peducation and training data;
qlabour market data;
rskills and occupation data;
sdemographic data;
tlocation and regional data;
ucost-of-living data;
vhousing, rent and transport data;
wglobal datasets;
xcommercial data;
ylicensed data;
zresearch publications;
aamarket research;
abpublic websites;
acthird-party service provider data;
adAI provider data or outputs;
aeYuzee’s own research and development; and
afother data sources relevant to Yuzee’s services.

Yuzee may combine, compare, classify, summarise, transform, analyse, derive insights from or otherwise process these sources to support the Platform.

20.2 Why Yuzee uses data sources

Yuzee may use data sources to help users and Organisations make better-informed decisions.

Yuzee may use data sources to support:

apersonalised guidance;
bAI-supported guidance;
ccourse matching;
djob matching;
eskills matching;
fpathway matching;
gsuitability indicators;
hrecommendation systems;
idocument review;
jRequest Multiple Offers;
koffer request support;
linstitution insights;
memployer insights;
npartner insights;
olocation guidance;
prelocation guidance;
qcost-of-living guidance;
rlabour market insights;
soccupation insights;
tskills-gap insights;
udata quality checks;
vissue detection;
wplatform safety;
xanalytics;
yreporting;
zresearch and development;
aaproduct improvement; and
abbusiness operations.

20.3 User-provided data

Yuzee may use information provided by users to personalise the Platform and improve guidance.

User-provided data may include:

aaccount information;
bcontact information;
cprofile information;
dgoals;
emission;
feducation history;
gwork history;
hskills;
iinterests;
jpreferences;
klocation preferences;
lsupport needs;
muploaded documents;
nAI prompts and chats;
oRMO information;
poffer request information;
qfeedback;
rsupport requests;
sprivacy requests; and
tother information users provide to Yuzee.

Users should keep their information accurate and current because Yuzee’s guidance, matching and recommendations may depend on the information provided.

20.4 Organisation-provided data

Yuzee may use information provided by institutions, employers, partners and other Organisations.

Organisation-provided data may include:

aorganisation profile information;
bcourse information;
cjob information;
dservice information;
epathway information;
fadmission information;
geligibility information;
hentry requirements;
ifees;
jfunding information;
kdelivery mode;
lcampus or location information;
mavailability information;
nstart dates;
oduration;
pplacement information;
qemployment information;
roffer information;
sstaff information;
tOrganisation dashboard activity;
uCRM records;
vRMO response records;
wreporting data; and
xother information relevant to Yuzee’s services.

Organisations are responsible for ensuring that information they provide to Yuzee is accurate, current, complete, lawful and not misleading.

Yuzee may rely on Organisation-provided information, but Yuzee does not independently verify every item of Organisation-provided information unless Yuzee expressly states otherwise.

20.5 Public and government data

Yuzee may use public and government data to support guidance, matching, recommendations, analytics, reporting and research.

This may include data from:

aAustralian Government sources;
bstate and territory government sources;
clocal government sources;
dregulator sources;
eeducation and training sources;
flabour market sources;
gskills and occupation sources;
hdemographic sources;
ipopulation sources;
jgeographic sources;
ktransport sources;
lhousing and rent sources;
mcost-of-living sources;
npublic registers;
opublic websites; and
pother public sources relevant to Yuzee’s services.

Public and government data may be used to help Yuzee understand course options, jobs, occupations, industries, locations, demographic trends, labour market conditions, cost-of-living indicators and pathway opportunities.

20.6 ABS data

Yuzee may use data from the Australian Bureau of Statistics, including statistical, demographic, geographic, population, labour, economic, regional, census or other ABS data where relevant.

Yuzee may use ABS data to support:

asuburb and regional insights;
bdemographic insights;
cpopulation insights;
dlabour market insights;
eemployment-related insights;
findustry insights;
gcost-of-living context;
hlocation comparisons;
irelocation guidance;
jeducation and pathway insights;
kresearch and development;
lanalytics;
mreporting;
ndata quality checks; and
oplatform improvement.

ABS data may be statistical, aggregated, sampled, modelled, revised, suppressed, delayed or subject to ABS methodology, terms, licences or limitations.

Yuzee does not control ABS data, ABS methodology, ABS release timing or ABS updates.

20.7 Education, training and course data

Yuzee may use education, training and course data from public sources, government sources, institutions, partners, licensed providers, commercial sources and Yuzee research.

This may include information about:

aschools;
bregistered training organisations;
cTAFEs;
duniversities;
eprivate colleges;
fshort-course providers;
gpathway providers;
hcourse names;
icourse codes;
jqualification levels;
kcourse descriptions;
lentry requirements;
mfees;
nfunding availability;
ostudy mode;
pdelivery mode;
qcampus locations;
ronline availability;
sstart dates;
tduration;
uunits or subjects;
vplacements;
waccreditation;
xrecognition of prior learning;
ycredit transfer;
zprovider registration information; and
aaother course or provider information.

Course data may change frequently. Users should confirm important course details with the relevant provider before making final decisions.

20.8 Job, employer and labour market data

Yuzee may use job, employer, occupation, industry, workforce and labour market data from public sources, government sources, employers, partners, commercial sources, licensed sources, job boards, research sources and Yuzee analysis.

This may include information about:

aoccupations;
bjob titles;
cindustries;
dskills;
eexperience requirements;
fqualifications;
glicences;
hregistrations;
isalary or wage indicators;
jwork locations;
kemployment type;
lworkforce trends;
mdemand indicators;
nshortage indicators;
oemployer profiles;
pjob availability;
qcareer pathways;
rapprenticeships;
straineeships;
tinternships;
uplacements;
vgraduate roles;
wfuture skills;
xautomation-related insights;
yregional employment trends; and
zother job or labour market information.

Job and labour market data may change quickly and may not predict a user’s actual employment outcome.

20.9 Skills, occupation and pathway data

Yuzee may use skills, occupation and pathway data to help users understand possible connections between study, training, work and services.

This may include:

askills taxonomies;
boccupation classifications;
cqualification frameworks;
dindustry frameworks;
ecompetency frameworks;
fcourse-to-job mappings;
gjob-to-course mappings;
hskills-gap analysis;
itransferable skills analysis;
jpathway models;
kcareer progression models;
lentry-level pathway indicators;
mupskilling indicators;
nreskilling indicators;
ofuture skills indicators;
plabour market transition indicators; and
qYuzee-developed pathway logic.

Skills, occupation and pathway data may involve assumptions, classifications, approximations and modelled relationships.

20.10 Location, relocation and cost-of-living data

Yuzee may use location, relocation and cost-of-living data to support users exploring study, work or pathway options in different locations.

This may include data about:

asuburbs;
bpostcodes;
cregions;
dcities;
estates and territories;
ftransport options;
gdistance indicators;
hcommute indicators;
ihousing indicators;
jrent indicators;
kcost-of-living indicators;
lpopulation indicators;
mregional labour markets;
nlocal education options;
olocal job options;
pcampus locations;
qremote study options;
rremote work indicators; and
srelocation considerations.

Cost-of-living, rent, transport and relocation information may be estimates, averages, approximations, historical figures, third-party data or modelled indicators.

Users should verify important cost, housing, transport and relocation details before making decisions.

20.11 Global and international data

Yuzee may use global or international data to support users, Organisations, research and platform improvement.

This may include data about:

aglobal education trends;
binternational study pathways;
cinternational labour markets;
dglobal skills trends;
emigration-related context;
foverseas institutions;
goverseas employers;
hinternational occupation data;
iinternational cost-of-living indicators;
jglobal demographic data;
kglobal economic data;
lpublic international datasets;
mcommercial international datasets;
nlicensed international datasets; and
oresearch publications.

Global and international data may be subject to different methodologies, definitions, legal systems, currencies, timeframes, languages, quality standards and update cycles.

20.12 Commercial and licensed data

Yuzee may use commercial or licensed data sources where relevant to its services.

Commercial or licensed data may include:

aeducation datasets;
blabour market datasets;
cjob market datasets;
doccupation datasets;
eskills datasets;
fcost-of-living datasets;
glocation datasets;
hdemographic datasets;
imarket research;
jbusiness data;
kinstitution data;
lemployer data;
mpartner data;
nanalytics data;
obenchmarking data; and
pother licensed or commercial datasets.

Commercial or licensed data may be subject to licence terms, access restrictions, usage limits, attribution requirements, update cycles, provider limitations and fees.

20.13 Public websites and web information

Yuzee may use information available from public websites where relevant and permitted.

This may include information from:

ainstitution websites;
bemployer websites;
cpartner websites;
dgovernment websites;
eregulator websites;
feducation websites;
gjob websites;
hcareer websites;
ipublic registers;
jpublic reports;
kopen datasets;
lresearch publications;
mmedia sources;
nindustry sources; and
oother public websites.

Public website information may be incomplete, outdated, incorrect, changed, removed, restricted, duplicated or subject to the relevant website’s terms.

Yuzee may not detect every change to public website information immediately.

20.14 Yuzee research and development

Yuzee may conduct research and development to improve the Platform.

Yuzee R&D may include:

aidentifying useful data sources;
btesting data quality;
ccleaning data;
dclassifying data;
emapping courses;
fmapping jobs;
gmapping skills;
hmapping pathways;
icreating taxonomies;
jcomparing data sources;
kbuilding matching logic;
lbuilding recommendation systems;
mbuilding suitability indicators;
nbuilding RMO workflows;
obuilding AI prompts;
pbuilding AI workflows;
qtesting AI outputs;
rtesting document review tools;
stesting forecasting tools;
ttesting issue-detection tools;
uanalysing user needs;
vanalysing Organisation needs;
wanalysing feedback;
ximproving data pipelines;
yimproving product features; and
zimproving Yuzee’s services over time.

20.15 Data transformation and derived insights

Yuzee may transform, combine or derive insights from information.

This may include generating:

acourse categories;
bjob categories;
coccupation categories;
dskills categories;
epathway categories;
finstitution categories;
gemployer categories;
hlocation categories;
isuitability indicators;
jmatch scores;
kranking signals;
lrecommendation reasons;
mpathway suggestions;
nskills-gap indicators;
odocument issue indicators;
pRMO readiness indicators;
qservice recommendations;
rcost-of-living indicators;
srelocation indicators;
tlabour market indicators;
udata quality indicators;
vfraud or misuse indicators;
wsafety indicators;
xde-identified insights; and
yaggregated insights.

Derived insights are decision-support only. They may involve assumptions, approximations, classifications, models, AI, automation and human judgment.

20.16 AI and data analysis

Yuzee may use AI, automation, data analysis and human review to process data sources.

This may include using AI or automation to:

asummarise data;
bclassify data;
ccompare data;
dextract information;
eidentify patterns;
fidentify missing data;
gidentify inconsistencies;
hidentify outdated data;
iidentify duplicate data;
jidentify low-confidence information;
kgenerate match explanations;
lgenerate recommendations;
mgenerate suitability indicators;
ngenerate pathway suggestions;
ogenerate RMO summaries;
pgenerate document summaries;
qgenerate issue indicators;
rimprove data quality;
simprove platform safety; and
timprove user experience.

AI and automation may make mistakes. Yuzee does not guarantee that AI or automation will identify every issue, correct every error or produce perfect insights.

20.17 Data quality checks

Yuzee may use data quality checks to improve information used on the Platform.

Data quality checks may include checking for:

amissing information;
bduplicate information;
coutdated information;
dconflicting information;
einconsistent information;
fbroken links;
gunavailable courses;
hunavailable jobs;
ichanged fees;
jchanged entry requirements;
kchanged locations;
lchanged funding rules;
mchanged course availability;
nchanged job availability;
olow-confidence data;
punusual patterns;
qsuspicious Organisation activity;
rsuspicious offers;
suser reports;
tOrganisation reports;
uprovider updates;
vpublic source updates;
wAI output issues; and
xother data quality issues.

Yuzee does not guarantee that every data issue will be detected, corrected or updated immediately.

20.18 Data limitations

Data used by Yuzee may have limitations.

Data may be:

aincomplete;
boutdated;
cdelayed;
dinaccurate;
einconsistent;
fduplicated;
gestimated;
hmodelled;
iinferred;
jaggregated;
ksampled;
lsuppressed;
mrevised;
nwithdrawn;
ounavailable;
pincorrectly formatted;
qincorrectly classified;
runsuitable for a specific purpose;
saffected by third-party errors;
taffected by user errors;
uaffected by Organisation errors;
vaffected by AI errors;
waffected by system errors; or
xaffected by future changes.

Yuzee uses data to support guidance and decision-making, but data should not be treated as perfect, complete or guaranteed.

20.19 Source licences, restrictions and attribution

Some data sources may be subject to licences, terms, restrictions, attribution requirements, API limits, access limits, fees or other conditions.

Yuzee may need to:

acomply with source licence terms;
bprovide attribution where required;
climit use of certain data;
dremove data when required;
eupdate data when required;
fstop using a source;
gchange how data is displayed;
hrestrict access to certain data;
ilimit downloads or exports;
jcomply with API limits;
kcomply with commercial data terms; and
lcomply with legal or provider requirements.

Use of a data source does not mean that the source endorses Yuzee, Yuzee’s recommendations, Yuzee’s AI outputs, Yuzee’s matching or Yuzee’s services.

20.20 Source updates and changes

Data sources may change over time.

Changes may include:

adata updates;
bdata corrections;
cnew releases;
drevised methodology;
ediscontinued datasets;
fchanged licences;
gchanged API access;
hchanged formats;
ichanged definitions;
jchanged source websites;
kremoved pages;
lchanged availability;
mchanged course listings;
nchanged job listings;
ochanged fees;
pchanged entry requirements;
qchanged provider status;
rchanged employer status; and
schanged legal or regulatory requirements.

Yuzee may not update all data immediately after a source changes.

20.21 No endorsement by data sources

Where Yuzee uses data from a third-party source, that use does not mean the source endorses, sponsors, approves or verifies Yuzee.

This applies to data from:

aABS;
bgovernment bodies;
cregulators;
dpublic websites;
einstitutions;
femployers;
gpartners;
hcommercial providers;
ilicensed providers;
jresearch publications;
kmedia sources;
lapp stores;
mAI providers; and
nother third-party sources.

Yuzee is responsible for its own services, but third-party sources are responsible for their own data, websites, licences, terms and updates.

20.22 Data source register

Yuzee may maintain an internal data source register.

The data source register may record information such as:

asource name;
bsource owner;
csource type;
ddata category;
epurpose of use;
fupdate frequency;
glicence terms;
hattribution requirements;
irestrictions;
jdata quality notes;
kprivacy risks;
lsensitive-data risks;
mprocessing location;
naccess method;
olast reviewed date;
pknown limitations;
qresponsible Yuzee owner; and
raction required.

The data source register is an internal governance tool and may not be publicly available.

20.23 Data source accuracy and correction reports

Users, Organisations and third parties may report inaccurate, outdated, incomplete, misleading or unsafe data to Yuzee.

Reports may relate to:

acourse information;
bjob information;
cinstitution information;
demployer information;
epartner information;
flocation information;
gcost-of-living information;
hpathway information;
iskills information;
jpublic data;
kgovernment data;
lABS data;
mglobal data;
ncommercial data;
oAI-generated information;
pmatching results;
qrecommendations;
rsuitability indicators;
sRMO information; or
tother Platform information.

Yuzee may review the report and take action where Yuzee reasonably considers it appropriate.

Possible actions may include correcting, updating, removing, hiding, reprocessing, annotating, de-prioritising, flagging, escalating, contacting the source or taking no action where Yuzee reasonably considers no change is required.

20.24 Correction of personal information within data sources

Where a data source includes personal information, Yuzee will take reasonable steps to manage accuracy, completeness, currency and relevance where required by applicable law.

Users may contact Yuzee if they believe personal information held by Yuzee is inaccurate, outdated, incomplete, irrelevant or misleading.

Yuzee may correct personal information, add a note, update a profile, reprocess a match, contact a source, request more evidence, restrict use or take another reasonable step where appropriate.

Yuzee may not be able to correct the original third-party source if Yuzee does not control it.

20.25 De-identified and aggregated research

Yuzee may use de-identified or aggregated information for research and development.

This may include research about:

auser needs;
bcourse interests;
cjob interests;
dskills trends;
epathway trends;
flocation trends;
gcost-of-living trends;
hRMO trends;
ioffer trends;
jInstitution engagement;
kEmployer engagement;
lPartner engagement;
mAI quality;
nmatching quality;
odocument workflow quality;
psupport quality;
qplatform safety; and
rproduct improvement.

Yuzee will take reasonable steps to reduce the risk that de-identified or aggregated research identifies an individual.

20.26 Research involving sensitive information

Yuzee may apply additional care where research or development involves sensitive information.

Sensitive information may include health information, disability information, NDIS-related information, financial hardship information, visa or migration-related information, identity documents, information about children or young people, counselling-style notes or other sensitive information.

Where reasonably appropriate, Yuzee may minimise, redact, restrict, de-identify or aggregate sensitive information before using it for research, analytics, testing or product improvement.

Yuzee should not intentionally use raw sensitive information for unrelated research or development unless there is a lawful basis, appropriate safeguards and consent where required.

20.27 Research involving children and young people

Yuzee may apply additional care where research or development involves information about children or young people.

Where appropriate, Yuzee may:

aminimise the information used;
bde-identify information;
caggregate information;
drestrict access;
eavoid unrelated profiling;
favoid unnecessary sensitive information;
ginvolve parents, guardians, schools or Organisations where required;
huse additional privacy review;
iuse age-appropriate notices where practical; and
jcomply with applicable law.

20.28 Data and AI model improvement

Yuzee may use data to evaluate and improve AI features, matching systems, prompts, recommendation systems, document review tools, issue-detection tools and RMO workflows.

This may include using:

afeedback;
bquality signals;
cerror logs;
dAI outputs;
eprompts;
fdocument workflow records;
gmatching records;
hRMO records;
isupport records;
jOrganisation feedback;
kdata quality reports;
lde-identified information;
maggregated information;
nstaff review;
otesting;
pvalidation; and
qresearch and development.

Where reasonably available and appropriate, Yuzee aims to configure third-party AI services so that personal information is not used to train public or general AI models.

If Yuzee materially changes this approach, Yuzee will update its notices or seek consent where required by law.

20.29 Data use for business and investor reporting

Yuzee may use de-identified, aggregated or business-level data for reporting, planning, funding, investment, partnership, operational and business purposes.

This may include reporting about:

aplatform usage;
buser growth;
cengagement;
dcourse interests;
ejob interests;
fRMO activity;
goffer activity;
hsubscription activity;
iOrganisation engagement;
jrevenue indicators;
ksupport trends;
lAI usage;
mproduct performance;
nmarket insights;
ogrowth trends; and
pother business metrics.

Yuzee should avoid disclosing personal information in investor, partner or business reporting unless there is a lawful basis, appropriate safeguards, confidentiality protections and consent where required.

20.30 No guarantee of outcomes from data

Yuzee uses data, research, AI and analysis to support guidance and decision-making.

Yuzee does not guarantee that data-based guidance will result in:

acourse acceptance;
benrolment;
cjob offers;
demployment;
epromotions;
fsalary increases;
gfunding;
hscholarships;
ivisa outcomes;
jlicensing or registration outcomes;
kperfect course selection;
lperfect job selection;
mperfect pathway selection;
naccurate prediction of future events;
oaccurate prediction of labour market changes;
paccurate prediction of user success;
qaccurate prediction of Organisation decisions; or
rany other specific outcome.

Users should review important information and verify key details before making final decisions.

20.31 High-volume data processing

Yuzee may process large volumes of data from many sources.

Because of the scale, variety and changing nature of data, Yuzee cannot manually verify every:

adata point;
bcourse;
cjob;
dinstitution;
eemployer;
fpartner;
gsource;
hdocument;
iAI output;
jrecommendation;
kmatch;
lpathway;
moffer;
nuser profile;
oOrganisation record;
ppublic website;
qdata update;
rsource limitation; or
sthird-party claim.

Yuzee may use a combination of automation, AI, data quality checks, human review, user feedback, Organisation feedback and source updates to improve data quality over time.

20.32 User and Organisation responsibility to verify

Users and Organisations should verify important information before making final decisions.

Important information may include:

acourse availability;
bcourse fees;
centry requirements;
dfunding eligibility;
eaccreditation;
fprovider registration;
gcourse content;
hcourse delivery mode;
ijob availability;
jemployer requirements;
ksalary or wage information;
lwork rights;
mvisa implications;
nlicensing or registration requirements;
ooffer conditions;
papplication deadlines;
qcost-of-living information;
rrelocation information;
sinstitution requirements;
temployer requirements; and
uother information that may materially affect a decision.

Users should confirm important information with the relevant institution, employer, partner, regulator, government body or qualified adviser.

20.33 Changes to data sources and research practices

Yuzee may update its data sources, research practices and development practices over time.

This may happen because of changes to:

aYuzee services;
bAI features;
cmatching systems;
dRMO workflows;
eOrganisation tools;
fpublic data;
ggovernment data;
hABS data;
iglobal data;
jcommercial data;
klicensed data;
luser needs;
mOrganisation needs;
nlegal requirements;
oprovider arrangements;
ptechnology;
qdata quality; and
rbusiness operations.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices, product notices, data notices or internal data source registers.

20.34 Questions about data sources

Users and Organisations can contact Yuzee about data sources, data quality, research, AI, recommendations, matching, suitability indicators or corrections.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask users to verify their identity before responding to certain privacy requests.

Yuzee may ask Organisations to verify their authority before responding to Organisation-related requests.

Privacy Complaints

21.1 Overview

Yuzee takes privacy concerns seriously.

Users, Organisations, staff users, parents, guardians, authorised representatives and other individuals may contact Yuzee if they have a privacy question, concern or complaint.

A privacy complaint may relate to how Yuzee collects, holds, uses, discloses, stores, protects, corrects, deletes or otherwise manages personal information.

Yuzee will handle privacy complaints in a fair, respectful and reasonable way.

21.2 What privacy complaints may be about

A privacy complaint may relate to:

aaccount information;
bprofile information;
cAI prompts or chats;
dAI outputs;
eYuzee profiles;
fpersonalised guidance;
gmatching or recommendations;
huploaded documents;
isensitive information;
jinformation about children or young people;
kRequest Multiple Offers;
loffer request workflows;
minformation shared with institutions;
ninformation shared with employers;
oinformation shared with partners;
pinformation shared with AI providers;
qoverseas processing;
rmarketing communications;
sunsubscribe requests;
tcookies and analytics;
uOrganisation dashboard access;
vstaff user access;
wdata retention;
xdeletion requests;
yaccess requests;
zcorrection requests;
aadata breaches;
absecurity incidents;
acthird-party providers;
adRMO consent;
aedocument sharing;
afprivacy notices; or
agany other privacy-related matter.

21.3 How to make a privacy complaint

To make a privacy complaint, contact Yuzee using the details below.

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Postal address: [insert postal address]

Where possible, a complaint should include:

athe complainant’s name;
baccount email;
cphone number, if relevant;
dOrganisation name, if relevant;
ethe privacy issue being reported;
fwhat happened;
gwhen it happened;
hwhich feature or service was involved;
iwhether AI, documents, RMO, payments, marketing or Organisation access was involved;
jscreenshots or documents, where relevant;
kany reference number, ticket number, RMO number, payment reference or Organisation account details;
lthe outcome the complainant is seeking; and
mpreferred contact method.

Yuzee may ask for more information if the complaint is unclear, incomplete or difficult to investigate.

21.4 Identity and authority verification

Yuzee may need to verify the identity or authority of the person making the complaint.

This helps protect privacy and prevents unauthorised access to personal information.

Yuzee may ask for verification where the complaint involves:

aaccount information;
bprofile information;
cuploaded documents;
dsensitive information;
eAI chats or prompts;
fRMO information;
gpayment records;
hinformation about children or young people;
iOrganisation Account information;
jstaff user information;
kaccess requests;
lcorrection requests;
mdeletion requests; or
nanother person’s information.

Yuzee may refuse, delay or limit its response if Yuzee cannot reasonably verify identity or authority.

21.5 Complaints by parents, guardians or authorised representatives

A parent, guardian, legal representative, support person or authorised representative may make a privacy complaint on behalf of another person where authorised or permitted by law.

Yuzee may ask for evidence of authority before discussing or changing another person’s information.

Evidence of authority may include:

awritten authority;
bparent or guardian evidence;
cpower of attorney;
dlegal representative authority;
eOrganisation administrator authority;
fschool or institution authority where relevant;
gsupport worker authority; or
hother evidence Yuzee reasonably considers appropriate.

Yuzee may refuse or limit a representative complaint where Yuzee is not satisfied that the person has authority, or where responding may create a privacy, safety, legal or security risk.

21.6 Complaints involving children or young people

Yuzee may apply additional care to privacy complaints involving children or young people.

Yuzee may consider:

athe young person’s age;
bthe young person’s maturity;
cthe young person’s privacy;
dthe young person’s safety;
eparent or guardian authority;
fschool or Organisation involvement;
gsensitive information;
huploaded documents;
iAI interactions;
jRMO information;
kdata sharing;
llegal requirements; and
many risk of harm.

Yuzee may refuse, delay or limit disclosure of information to a parent, guardian, Organisation or representative where Yuzee reasonably considers there is a privacy, safety, legal or security concern.

21.7 How Yuzee handles complaints

When Yuzee receives a privacy complaint, Yuzee may take steps to:

aacknowledge the complaint;
bverify identity or authority;
cunderstand the issue;
dask for more information;
eidentify the account, document, AI chat, RMO request, Organisation, provider or workflow involved;
freview relevant records;
greview consent records;
hreview data sharing records;
ireview access logs;
jreview support records;
kreview communication records;
lreview provider records, where relevant;
massess whether personal information was mishandled;
nassess whether correction, deletion, restriction, notification or remediation is appropriate;
orespond to the complainant;
ptake action where appropriate; and
qkeep records of the complaint and response.

The steps Yuzee takes may depend on the nature, seriousness, complexity and urgency of the complaint.

21.8 Complaint response timeframes

Yuzee will aim to respond to privacy complaints within a reasonable time.

The time needed may depend on:

athe complexity of the complaint;
bwhether identity verification is required;
cwhether another person’s information is involved;
dwhether an Organisation is involved;
ewhether an institution, employer or partner is involved;
fwhether a third-party provider is involved;
gwhether AI, documents or RMO records are involved;
hwhether sensitive information is involved;
iwhether children or young people are involved;
jwhether legal advice is needed;
kwhether a security incident or data breach assessment is needed;
lwhether archived or backup records need to be considered; and
mapplicable law.

Where a complaint is complex or requires more time, Yuzee may provide an update where appropriate.

21.9 Possible complaint outcomes

After reviewing a privacy complaint, Yuzee may take one or more actions.

This may include:

aexplaining what happened;
bcorrecting information;
cupdating a profile;
dupdating contact details;
edeleting certain information;
frestricting certain information;
gde-identifying certain information;
hadding a note or statement;
ireprocessing an AI output;
jre-running a match;
kupdating a recommendation;
lupdating an RMO record;
mpausing further sharing;
ncontacting an institution, employer or partner;
ocontacting a service provider;
pupdating consent records;
qupdating communication preferences;
runsubscribing the user from marketing;
schanging account permissions;
trestricting Organisation access;
uinvestigating staff access;
vimproving a process;
wimproving a notice;
ximproving security controls;
yproviding an apology where appropriate;
ztaking no further action where Yuzee reasonably considers no action is required; or
aataking another reasonable step.

21.10 Complaints involving AI, profiling or recommendations

A privacy complaint may relate to AI, profiling, prediction, matching, recommendations, suitability indicators or personalised guidance.

This may include concerns that:

aan AI output was inaccurate;
ba recommendation was misleading;
ca profile indicator was wrong;
da match was unfair;
ea forecast was inappropriate;
fan issue indicator was wrong;
gsensitive information was used incorrectly;
hAI used information the user did not expect;
iinformation was sent to an AI provider;
jan AI chat included personal information;
kan AI output affected a user’s decision;
lan AI-supported summary was shared through RMO; or
ma user wants more information about how AI was used.

Yuzee may review the concern and take reasonable steps where appropriate.

Yuzee’s AI, profiling, matching and recommendation tools are decision-support tools only. They do not make final study, career, employment, migration, financial, legal, health, enrolment, funding or life decisions for users.

21.11 Complaints involving Request Multiple Offers

A privacy complaint may relate to Request Multiple Offers or offer request workflows.

This may include concerns about:

awhat information was shared;
bwho information was shared with;
cwhen information was shared;
dwhether consent was recorded;
ewhether documents were shared;
fwhether sensitive information was shared;
gwhether the wrong Organisation received information;
hwhether an institution, employer or partner misused information;
iwhether an offer response was mishandled;
jwhether RMO records are inaccurate;
kwhether information should be corrected or deleted; or
lwhether further sharing should stop.

Yuzee may review RMO records, consent records, data sharing logs, communication records and Organisation activity where appropriate.

If information has already been shared with an institution, employer, partner or other third party, Yuzee may not be able to control that third party’s independent handling of the information, except to the extent required by law or expressly agreed in writing.

21.12 Complaints involving institutions, employers or partners

A privacy complaint may involve an institution, employer, partner or other Organisation.

Yuzee may review the complaint where it relates to Yuzee’s handling of information.

Yuzee may also contact the relevant Organisation where appropriate.

Organisations may have their own privacy policies, complaint processes, legal obligations and responsibilities.

Yuzee is not responsible for an Organisation’s independent privacy practices, except to the extent required by law or expressly agreed in writing.

Users may need to contact the relevant Organisation directly if the complaint relates to that Organisation’s own handling of information outside Yuzee.

21.13 Complaints involving third-party providers

A privacy complaint may involve a third-party provider used by Yuzee.

This may include:

aAI providers;
bcloud providers;
cpayment providers;
dapp stores;
eanalytics providers;
fcommunication providers;
gsupport tools;
hsecurity providers;
imonitoring tools;
jmarketing tools;
kprofessional advisers; or
lother service providers.

Yuzee may review the issue and contact the relevant provider where appropriate.

Third-party providers may have their own privacy policies, security practices, retention practices, complaint processes and legal obligations.

21.14 Complaints involving data breaches

If a privacy complaint suggests that a data breach may have occurred, Yuzee may assess the matter under its data breach process.

This may involve:

aidentifying the incident;
bcontaining the issue;
creviewing affected information;
dreviewing affected users or Organisations;
eassessing whether serious harm is likely;
fassessing whether notification is required;
gnotifying affected individuals where required;
hnotifying regulators where required;
itaking remediation steps;
jkeeping incident records; and
kimproving controls where appropriate.

More information is set out in the Data Breaches section of this Privacy Policy.

21.15 Complaints involving marketing or communications

A privacy complaint may relate to marketing or communications.

This may include concerns about:

aunwanted marketing emails;
bunwanted SMS marketing;
cunwanted phone calls;
dunsubscribe requests;
ecommunication preferences;
fpush notifications;
gpartner communications;
hsponsored communications;
iRMO communications;
jservice communications;
kuse of sensitive information for marketing;
lchildren or young people receiving marketing; or
mincorrect contact details.

Yuzee may review the issue, update communication preferences, unsubscribe the user from marketing where appropriate, correct contact details or take other reasonable steps.

Yuzee may still send service, account, security, payment, RMO, support, privacy, legal or other non-marketing communications where permitted.

21.16 Complaints involving access, correction or deletion requests

A privacy complaint may relate to how Yuzee handled an access, correction, deletion, portability, account closure or user control request.

Yuzee may review:

athe original request;
bidentity verification steps;
cthe response provided;
dreasons for refusal or limitation;
ewhether information was corrected;
fwhether information was deleted;
gwhether retention was required;
hwhether backup or archived records were involved;
iwhether third-party records were involved;
jwhether another person’s privacy was involved;
kwhether Organisation records were involved; and
lwhether further action is appropriate.

21.17 Anonymous or pseudonymous complaints

Where practical and lawful, Yuzee may allow people to make general privacy enquiries anonymously or using a pseudonym.

However, Yuzee may not be able to investigate or resolve a complaint properly without identifying information.

Yuzee may require identity or authority verification where the complaint involves:

aaccount information;
bprofile information;
cdocuments;
dsensitive information;
eAI records;
fRMO records;
gpayment records;
hOrganisation records;
ichildren or young people;
jaccess requests;
kcorrection requests;
ldeletion requests; or
manother person’s information.

21.18 Complaint records

Yuzee may keep records of privacy complaints and responses.

These records may include:

acomplaint details;
bcomplainant details;
caccount details;
dOrganisation details;
eidentity verification steps;
fcorrespondence;
gscreenshots;
hdocuments;
isupport records;
jAI records;
kRMO records;
laccess logs;
mdata sharing records;
ninvestigation notes;
olegal advice;
pdecisions made;
qactions taken;
rresponse sent;
sregulator communications;
tremediation steps; and
urelated audit records.

Yuzee may retain complaint records for legal, compliance, audit, privacy, security, dispute resolution, insurance, governance and operational purposes.

21.19 No retaliation

Yuzee will not treat a user unfairly merely because they make a privacy complaint, ask a privacy question, request access, request correction, request deletion where available, withdraw consent where available, or contact a privacy regulator.

However, Yuzee may still take reasonable action where necessary for account security, platform safety, legal compliance, payment issues, misuse, fraud, abuse, Organisation access, RMO integrity or other lawful reasons.

21.20 Escalation to a regulator

If a user is not satisfied with Yuzee’s response to a privacy complaint, or if Yuzee does not respond within the period required or expected by applicable law, the user may be able to contact a privacy regulator.

For Australian privacy matters, users may be able to contact the Office of the Australian Information Commissioner.

Users may also have access to another regulator, external dispute resolution scheme, industry body, consumer body or authority depending on the issue, location, service, Organisation or applicable law.

21.21 External dispute resolution schemes

In some situations, a privacy complaint may need to be raised with an external dispute resolution scheme before being made to a privacy regulator.

This may apply to certain sectors, providers or services.

Yuzee may direct a complainant to another Organisation, provider, regulator or dispute resolution scheme where Yuzee reasonably considers the complaint relates to that party or scheme.

21.22 International users

Users outside Australia may have privacy complaint rights under local privacy or data protection laws.

Depending on the user’s location and the circumstances, Yuzee may provide additional information, processes or rights where required by applicable law.

International users may contact Yuzee using the privacy contact details in this Privacy Policy.

21.23 Cooperation with regulators

Yuzee may cooperate with privacy regulators, consumer regulators, courts, tribunals, law enforcement, external dispute resolution schemes, professional advisers, insurers and other relevant parties where required or appropriate.

This may include providing information where required or authorised by law.

Yuzee may also seek legal advice before responding to regulator requests, formal notices, subpoenas, court orders or other legal processes.

21.24 Improvements from complaints

Yuzee may use privacy complaints to improve the Platform.

This may include improving:

aprivacy notices;
bCollection Notices;
cconsent screens;
dRMO workflows;
eAI notices;
fdocument upload notices;
gaccount controls;
haccess request processes;
icorrection request processes;
jdeletion request processes;
ksecurity controls;
lprovider controls;
mOrganisation controls;
nstaff training;
ouser support;
pdata quality;
qAI quality;
rmarketing preferences; and
sinternal privacy governance.

Where appropriate, Yuzee may use de-identified or aggregated complaint information for analytics, reporting, training, research and platform improvement.

21.25 Contact for privacy complaints

Privacy complaints should be sent to:

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Postal address: [insert postal address]

Yuzee may ask the complainant to verify their identity or authority before investigating or responding.

21.26 Changes to complaint handling

Yuzee may update its privacy complaint handling process as the Platform, AI features, RMO workflows, Organisation tools, providers, legal requirements, regulator guidance and business operations change.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices, product notices or internal complaint handling processes.

Nothing in this Privacy Policy limits rights, remedies or obligations that cannot lawfully be excluded, restricted or modified.

Changes to this Privacy Policy

22.1 Overview

Yuzee may update this Privacy Policy from time to time.

Yuzee may update this Privacy Policy because of changes to:

athe Platform;
bthe website;
cthe app;
dAI features;
ematching systems;
frecommendation systems;
gprofiling practices;
hRequest Multiple Offers workflows;
idocument upload or document review features;
jOrganisation dashboards;
kCRM tools;
lpayment systems;
msubscription systems;
ncookies, analytics or tracking tools;
omarketing or communication practices;
pdata sources;
qresearch and development practices;
rthird-party providers;
sAI providers;
tcloud providers;
upayment providers;
vapp stores;
wlegal requirements;
xregulator guidance;
ysecurity practices;
zprivacy practices;
aabusiness operations; or
abother matters relevant to how Yuzee handles personal information.

22.2 Current version

The current version of this Privacy Policy will show the effective date or last updated date.

Users should check the current version of this Privacy Policy from time to time.

The current version will usually be available on Yuzee’s website, app or another place Yuzee considers appropriate.

22.3 Material changes

Where Yuzee makes material changes to this Privacy Policy, Yuzee may take reasonable steps to notify users where required by law or where Yuzee considers it appropriate.

A material change may include a significant change to:

athe kinds of personal information Yuzee collects;
bhow Yuzee collects personal information;
cwhy Yuzee uses personal information;
dhow Yuzee uses AI or automation;
ehow Yuzee uses profiling, prediction or decision-support;
fhow Yuzee shares information;
ghow Yuzee uses sensitive information;
hhow Yuzee handles information about children or young people;
ihow Yuzee uses RMO information;
jhow Yuzee shares information with institutions, employers or partners;
khow Yuzee uses third-party AI providers;
lhow Yuzee processes information overseas;
mhow Yuzee handles data retention or deletion;
nhow users can access or correct information;
ohow users can complain;
phow Yuzee uses cookies, tracking or analytics; or
qanother privacy practice that may materially affect users.

22.4 How Yuzee may notify users of changes

Yuzee may notify users of Privacy Policy changes by one or more reasonable methods.

This may include:

aupdating the Privacy Policy on the website;
bupdating the Privacy Policy in the app;
csending an email;
dsending an in-app message;
eshowing an account notice;
fshowing a dashboard notice;
gshowing a website banner;
hshowing a consent screen;
ishowing a Collection Notice;
jshowing a product-specific notice;
ksending a push notification;
lsending an SMS where appropriate;
mnotifying Organisation administrators;
nupdating Organisation agreements or dashboard notices; or
ousing another reasonable communication method.

The method of notice may depend on the nature of the change, the affected users, the information involved, legal requirements and practical considerations.

22.5 When changes take effect

Changes to this Privacy Policy may take effect on the date stated in the updated Privacy Policy or notice.

If no separate effective date is stated, changes may take effect when the updated Privacy Policy is published or made available.

Where required by law, Yuzee may provide advance notice or seek consent before certain changes take effect.

22.6 Continued use after changes

If a user continues to use Yuzee after an updated Privacy Policy takes effect, Yuzee may treat that continued use as acceptance of the updated Privacy Policy, where permitted by law.

However, where a change requires consent under applicable law, Yuzee will seek consent where required.

If a user does not agree with a change, the user may stop using the relevant feature or contact Yuzee about available options.

Some information may still be retained or used where reasonably needed for legal, tax, accounting, audit, payment, support, security, fraud prevention, RMO, dispute, compliance, backup, de-identification or other lawful purposes.

22.7 Consent for new uses

Yuzee may ask for consent where required by law or where Yuzee considers consent appropriate.

This may occur where Yuzee introduces or materially changes:

asensitive information handling;
bAI features;
cautomated decision-support;
dprofiling;
eRMO sharing;
fdocument sharing;
goverseas processing;
hthird-party provider use;
imarketing communications;
japp permissions;
kchildren or young person features;
lintegrations;
mdata sharing with Organisations;
ndata sharing with partners;
ouse of personal information for new purposes; or
pother features involving personal information.

If a user does not provide consent where consent is required, Yuzee may not be able to provide the relevant feature or service.

22.8 Changes involving AI, profiling and automated decision-support

Yuzee may update this Privacy Policy where Yuzee changes how it uses AI, automation, profiling, prediction, matching, recommendation systems or decision-support tools.

This may include changes to:

aAI chat;
bAI guidance;
cAI providers;
dprompts;
eAI model providers;
fdocument review;
gdocument summaries;
hcourse matching;
ijob matching;
jpathway recommendations;
kskills analysis;
lsuitability indicators;
missue detection;
nRMO preparation;
ooffer request support;
pdata quality checks;
qsafety tools;
rprofiling logic;
sprediction tools;
tuser control tools; and
uautomated decision-support disclosures.

Where required by law, Yuzee may provide additional information about computer programs, personal information use and decisions that could reasonably be expected to significantly affect an individual’s rights or interests.

22.9 Changes involving third-party providers

Yuzee may update this Privacy Policy where Yuzee adds, removes, replaces or materially changes third-party providers.

This may include changes involving:

aAI providers;
bcloud providers;
cdata storage providers;
dpayment providers;
eapp stores;
fanalytics providers;
gcommunication providers;
hSMS providers;
iemail providers;
jsupport tools;
ksecurity providers;
lmonitoring providers;
mmarketing tools;
nattribution tools;
oprofessional advisers;
pinstitutions;
qemployers;
rpartners;
spublic data sources;
tcommercial data sources; or
ulicensed data sources.

Yuzee may not notify users of every routine provider, infrastructure or operational change unless required by law or unless Yuzee considers the change material to privacy.

22.10 Changes involving overseas processing

Yuzee may update this Privacy Policy where overseas processing arrangements materially change.

This may include changes to:

acountries where information may be processed;
boverseas AI providers;
coverseas cloud providers;
doverseas payment providers;
eoverseas app stores;
foverseas analytics providers;
goverseas support providers;
hoverseas communication providers;
ioverseas institutions;
joverseas employers;
koverseas partners;
lcross-border disclosure safeguards; or
mother overseas processing arrangements.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices or product notices.

22.11 Changes involving RMO and sharing

Yuzee may update this Privacy Policy where Yuzee changes Request Multiple Offers or related sharing workflows.

This may include changes to:

awhat information is collected for RMO;
bwhat information is shared through RMO;
cwho information may be shared with;
dhow users approve sharing;
ehow documents are shared;
fhow sensitive information is handled;
ghow RMO consent records are kept;
hhow RMO recipients respond;
ihow RMO records are retained;
jhow RMO paid services operate;
khow RMO support is provided; and
lhow RMO complaints are handled.

Where appropriate, Yuzee may provide product-specific RMO notices or consent screens in addition to this Privacy Policy.

22.12 Changes involving children and young people

Yuzee may update this Privacy Policy where Yuzee changes how it handles information about children and young people.

This may include changes to:

aage rules;
bage verification;
cparent or guardian involvement;
dschool-supported use;
eOrganisation-supported use;
fAI features for young users;
gRMO for young users;
hdocument uploads involving young users;
isensitive information involving young users;
jmarketing to young users;
kaccess or correction processes;
lsafety processes; or
mconsent processes.

Where appropriate, Yuzee may provide age-appropriate notices, parent notices, school notices or Organisation notices.

22.13 Changes involving security, data breaches and retention

Yuzee may update this Privacy Policy where Yuzee changes its security, data breach, retention, deletion, de-identification or backup practices.

This may include changes to:

aaccess controls;
bauthentication;
cencryption practices;
dprovider controls;
esecurity monitoring;
fincident response;
gdata breach processes;
hnotification processes;
iretention periods;
jdeletion processes;
kde-identification processes;
lbackup practices;
marchive practices;
naccount closure processes; and
oprivacy request processes.

Yuzee may not describe every technical or security detail publicly where doing so could create a security, misuse or operational risk.

22.14 Archived versions

Yuzee may keep archived versions of this Privacy Policy for legal, compliance, audit, dispute, governance and record-keeping purposes.

Yuzee may provide previous versions where required by law or where Yuzee considers it appropriate.

Yuzee may also keep internal records showing when a Privacy Policy version was published, updated, approved or replaced.

22.15 User responsibility to review updates

Users should review this Privacy Policy from time to time.

Users should also review relevant Collection Notices, consent notices, product notices, RMO notices, cookie notices, AI notices, payment notices and Organisation notices when using specific features.

If a user has questions about a change, the user may contact Yuzee.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

22.16 If a user does not agree with changes

If a user does not agree with a change to this Privacy Policy, the user may stop using the relevant feature or contact Yuzee about available options.

Depending on the feature and applicable law, options may include:

aupdating preferences;
bwithdrawing consent where available;
cdisabling certain features;
dopting out of marketing;
echanging app permissions;
fnot using AI features;
gnot uploading documents;
hnot using RMO;
iclosing an account;
jrequesting access;
krequesting correction;
lrequesting deletion where available; or
mmaking a privacy complaint.

Some information may still be retained, used or disclosed where reasonably needed for legal, tax, accounting, audit, payment, support, security, fraud prevention, RMO, dispute, compliance, backup, de-identification or other lawful purposes.

22.17 No reduction of non-excludable rights

Nothing in this Privacy Policy, including any update to this Privacy Policy, excludes, restricts or modifies any right, remedy or obligation that cannot lawfully be excluded, restricted or modified.

Where a law gives a user rights that cannot be limited, those rights continue to apply.

22.18 Contact about changes

Users can contact Yuzee with questions about changes to this Privacy Policy or Yuzee’s privacy practices.

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Postal address: [insert postal address]

Yuzee may ask users to verify their identity before responding to certain privacy requests.

Contact Details and Privacy Notices

23.1 Overview

This section explains how users, Organisations, parents, guardians, authorised representatives and other individuals can contact Yuzee about privacy, security, access, correction, deletion, complaints, AI, profiling, Request Multiple Offers, data sharing and related matters.

Yuzee encourages users to contact Yuzee if they have questions or concerns about how personal information is collected, used, disclosed, stored, protected or managed.

Yuzee may ask for identity, account, authority or Organisation verification before responding to certain requests.

23.2 Yuzee legal entity details

Yuzee’s legal details are:

Legal entity: [insert legal entity name]
Trading name: Yuzee
ABN/ACN: [insert ABN/ACN]
Registered office: [insert registered office address]
Principal place of business: [insert business address if different]
Website: [insert website URL]
App: [insert app name and app store links if applicable]

These details should be kept accurate and updated.

23.3 Privacy contact

For privacy questions, privacy requests or privacy complaints, contact:

Privacy Officer / Privacy Contact: [insert privacy officer name or role]
Email: [insert privacy email, for example privacy@yuzee.com]
Phone: [insert phone number if available]
Postal address: [insert postal address]

Yuzee recommends using the privacy email for privacy-related requests so they can be directed to the right team.

23.4 Support contact

For general support, account help, technical issues, billing questions, RMO support, offer request support or platform questions, contact:

Support team: [insert support team name]
Email: [insert support email]
Phone: [insert support phone number if available]
Support page: [insert support URL if available]

Support requests may involve personal information. Yuzee may keep support records for service delivery, quality, compliance, privacy, security, dispute resolution and platform improvement.

23.5 Security contact

For suspected security issues, suspicious activity, unauthorised access, account compromise, vulnerability reports, phishing concerns or possible data breaches, contact:

Security contact: [insert security email, for example security@yuzee.com]
Privacy contact: [insert privacy email]
Support contact: [insert support email]

Users should contact Yuzee promptly if they believe:

atheir account has been accessed without permission;
btheir password, email, phone or device has been compromised;
ctheir documents have been accessed by the wrong person;
dtheir RMO information has been shared incorrectly;
ean Organisation has misused information;
fthey received a suspicious message claiming to be from Yuzee;
gthey found a possible vulnerability;
hthey believe there has been a privacy or security incident; or
ithey believe there has been a data breach.

23.6 Legal contact

For legal notices, formal correspondence, regulator correspondence, subpoenas, court documents or legal requests, contact:

Legal contact: [insert legal email]
Postal address: [insert legal postal address]
Attention: Legal / Privacy / Compliance

Yuzee may require legal notices to be sent to a specific address or email address.

Yuzee may not accept legal notices sent through general support channels, social media, app reviews, chatbot messages or informal communication channels unless required by law.

23.7 Access and correction requests

Users may contact Yuzee to request access to or correction of personal information Yuzee holds about them.

Requests should be sent to:

Privacy contact: [insert privacy email]
Support contact: [insert support email]

A request should include, where possible:

athe user’s name;
baccount email;
cphone number, if relevant;
dthe type of information requested;
ethe information the user believes is incorrect, outdated, incomplete, irrelevant or misleading;
fthe correct information, where applicable;
gthe relevant feature, document, AI chat, RMO request, offer request, payment, support ticket or Organisation record;
hsupporting documents, where relevant; and
ipreferred contact method.

Yuzee may ask for identity verification before responding.

23.8 Deletion, account closure and retention questions

Users may contact Yuzee about deletion, account closure, retention, de-identification or removal of certain information.

Requests should be sent to:

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Deletion or account closure may not result in immediate deletion of all information.

Yuzee may retain information where reasonably needed for legal, tax, accounting, audit, payment, support, privacy, security, fraud prevention, RMO, offer request, dispute, complaint, compliance, backup, de-identification or other lawful purposes.

Yuzee may explain retention limits where appropriate.

23.9 AI, profiling and recommendation questions

Users may contact Yuzee about AI, profiling, prediction, matching, suitability indicators, recommendations or personalised guidance.

Requests may relate to:

aAI prompts;
bAI chats;
cAI outputs;
dYuzee profiles;
ecourse recommendations;
fjob recommendations;
gpathway suggestions;
hsuitability indicators;
iskills-gap indicators;
jdocument summaries;
kRMO summaries;
lissue indicators;
mservice recommendations; or
nautomated decision-support.

Users can contact:

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may review AI or profiling concerns and take reasonable steps where Yuzee considers appropriate.

Possible actions may include correcting information, updating a profile, reprocessing a recommendation, re-running a match, adding a note, escalating to staff review, improving a system or explaining why no change is made.

23.10 Request Multiple Offers privacy questions

Users may contact Yuzee about privacy issues involving Request Multiple Offers or offer request workflows.

This may include questions about:

awhat information was collected;
bwhat information was shared;
cwho information was shared with;
dwhen information was shared;
ewhether documents were shared;
fwhether sensitive information was shared;
gwhether consent was recorded;
hwhether a recipient misused information;
iwhether information can be corrected;
jwhether further sharing can be stopped;
kwhether information can be deleted; or
lhow an RMO privacy concern will be handled.

Users can contact:

Privacy contact: [insert privacy email]
Support contact: [insert support email]

23.11 Organisation privacy contact

Organisations, institution staff, employer staff, partner staff and Organisation administrators may contact Yuzee about Organisation privacy matters.

This may include questions about:

aOrganisation Account data;
bstaff user information;
cdashboard access;
dCRM records;
eRMO records;
fuser information shared with the Organisation;
goffer request records;
hstaff permissions;
ibilling contacts;
jOrganisation data breaches;
kOrganisation privacy obligations;
laccess logs;
mdeletion or correction requests; or
ncomplaints.

Organisation privacy requests should be sent to:

Privacy contact: [insert privacy email]
Organisation support contact: [insert organisation support email]

Yuzee may ask for Organisation verification or administrator authority before responding.

23.12 Parent, guardian and authorised representative contact

Parents, guardians, carers, support people, legal representatives or authorised representatives may contact Yuzee about privacy matters involving another person.

Yuzee may ask for proof of identity and authority before discussing, sharing, correcting, deleting or changing another person’s information.

Requests may be sent to:

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may refuse, delay or limit a request where Yuzee reasonably considers there is a privacy, safety, legal, security or authority concern.

23.13 Contact about children and young people

Children, young people, parents, guardians, schools, institutions or Organisations may contact Yuzee about privacy, safety, AI, data sharing, RMO, documents, marketing, access, correction or deletion involving children or young people.

Contact:

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Security contact: [insert security email]

Yuzee may apply additional care and verification before responding to requests involving children or young people.

23.14 Contact about marketing and communications

Users can contact Yuzee about marketing, unsubscribe requests, SMS messages, push notifications, partner communications, sponsored communications or communication preferences.

Contact:

Marketing preferences: [insert marketing preferences email or URL]
Support contact: [insert support email]
Privacy contact: [insert privacy email]

Users may also be able to unsubscribe through links, account settings, SMS opt-out instructions, notification settings or other tools provided by Yuzee.

Yuzee may still send service, account, security, payment, RMO, support, privacy, legal or other non-marketing communications where permitted.

23.15 Contact about cookies and tracking

Users can contact Yuzee about cookies, tracking, analytics, advertising attribution, app SDKs, device permissions or cookie preferences.

Contact:

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Cookie settings page: [insert cookie settings URL if available]

Users may also manage some cookies, tracking, advertising identifiers, notification settings, location permissions and app permissions through browser, device or app settings.

23.16 Contact about overseas processing

Users can contact Yuzee about overseas processing, overseas disclosures, AI providers, cloud providers, payment providers, app stores, analytics tools, support tools or international data transfers.

Contact:

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may provide general information about likely overseas processing and may update this Privacy Policy or related notices as providers and processing locations change.

23.17 Contact about third-party providers

Users can contact Yuzee about third-party providers used by Yuzee, including AI providers, cloud providers, payment providers, app stores, analytics tools, communication tools, support tools, security tools, institutions, employers and partners.

Contact:

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Third parties may have their own privacy policies, terms, security practices, retention practices and complaint processes.

Yuzee may not control third-party privacy practices outside Yuzee’s own handling of information, except to the extent required by law or expressly agreed in writing.

23.18 What to include when contacting Yuzee

To help Yuzee respond efficiently, users should include relevant details where possible.

This may include:

aname;
baccount email;
cphone number;
dOrganisation name, if relevant;
erole or authority, if relevant;
frelevant feature or service;
grelevant document;
hrelevant AI chat or output;
irelevant RMO request;
jrelevant offer request;
krelevant payment or invoice;
lrelevant support ticket;
mrelevant date or timeframe;
nscreenshots, where helpful;
odescription of the issue;
prequested outcome; and
qpreferred contact method.

Users should avoid sending unnecessary sensitive information when making an enquiry.

23.19 Identity verification before responding

Yuzee may ask for identity verification before responding to certain requests.

This may apply to:

aaccess requests;
bcorrection requests;
cdeletion requests;
daccount closure requests;
eprivacy complaints;
fdata breach matters;
gsecurity matters;
hRMO records;
iuploaded documents;
jsensitive information;
kpayment records;
lOrganisation Account records;
mchildren or young people’s information;
nrepresentative requests; and
orequests involving another person’s information.

Yuzee may refuse, delay or limit a response if Yuzee cannot reasonably verify identity or authority.

23.20 Response time expectations

Yuzee will aim to respond to privacy requests, access requests, correction requests and complaints within a reasonable time.

The response time may depend on:

athe type of request;
bthe complexity of the request;
cwhether identity verification is needed;
dwhether authority verification is needed;
ewhether sensitive information is involved;
fwhether children or young people are involved;
gwhether AI records are involved;
hwhether documents are involved;
iwhether RMO records are involved;
jwhether an Organisation is involved;
kwhether a third-party provider is involved;
lwhether legal advice is needed;
mwhether archived or backup records are involved; and
napplicable law.

If Yuzee needs more information or more time, Yuzee may contact the requester where appropriate.

23.21 Alternative formats and accessibility

Yuzee may provide this Privacy Policy, privacy notices or privacy information in another format where reasonable and practical.

Alternative formats may include:

aemail copy;
bprintable copy;
clarge text;
dsimplified summary;
eaccessible digital format;
fparent or guardian notice;
gyoung user notice;
hOrganisation notice;
itranslated summary where available; or
janother reasonable format.

Users may contact Yuzee if they need help understanding this Privacy Policy or accessing privacy information.

23.22 Privacy notices and product notices

Yuzee may provide additional privacy notices or product notices for specific features.

These may include:

aCollection Notices;
bAI notices;
cdocument upload notices;
dRMO consent notices;
esensitive information notices;
fchildren and young people notices;
gparent or guardian notices;
hOrganisation notices;
icookie notices;
jmarketing consent notices;
kapp permission notices;
lpayment notices;
mdata sharing notices;
noverseas processing notices; and
oother feature-specific notices.

These notices should be read together with this Privacy Policy.

23.23 If contact details change

Yuzee may update its contact details from time to time.

The current contact details will usually be available in the latest version of this Privacy Policy, on the Yuzee website, in the Yuzee app or through another official Yuzee channel.

Users should use the latest contact details published by Yuzee.

Yuzee may not be responsible for missed communications sent to outdated, incorrect or unofficial contact details, except to the extent required by law.

23.24 Official communication channels

Users should use official Yuzee communication channels for privacy, security, support and legal matters.

Official channels may include:

aYuzee’s website;
bYuzee’s app;
cYuzee’s published privacy email;
dYuzee’s published support email;
eYuzee’s published security email;
fYuzee’s published legal email;
gYuzee’s official support portal;
hYuzee’s official dashboard notices; or
ianother channel Yuzee confirms as official.

Yuzee may not treat social media comments, app reviews, public posts, informal messages, chatbot prompts or unofficial communications as formal privacy, security or legal notices unless required by law.

23.25 Records of contact and requests

Yuzee may keep records of privacy requests, support requests, security reports, legal notices, complaints, access requests, correction requests, deletion requests, RMO concerns, AI concerns and related communications.

These records may be used for:

aresponding to the request;
bverifying identity or authority;
ckeeping evidence;
dimproving support;
eprivacy compliance;
fsecurity compliance;
glegal compliance;
haudit;
idispute resolution;
jcomplaint handling;
kdata breach assessment;
lfraud prevention;
mplatform improvement; and
nbusiness operations.

23.26 Escalation options

If a user is not satisfied with Yuzee’s response to a privacy complaint, they may have the right to contact a privacy regulator or other relevant body.

For Australian privacy matters, users may be able to contact the Office of the Australian Information Commissioner.

Depending on the issue, users may also have access to consumer regulators, external dispute resolution schemes, industry bodies, app stores, payment providers, institutions, employers, partners or other relevant authorities.

23.27 No limitation of legal rights

Nothing in this Privacy Policy limits rights, remedies or obligations that cannot lawfully be excluded, restricted or modified.

If applicable law gives a user rights that cannot be limited, those rights continue to apply.

23.28 Changes to contact processes

Yuzee may update its contact details, request processes, support processes, privacy processes, security processes or legal notice processes over time.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices, product notices, support pages or account tools.

Users should check the latest version of this Privacy Policy and Yuzee’s official channels for current contact details.

Anonymity, Pseudonymity, Data Minimisation and Unsolicited Information

24.1 Overview

Yuzee aims to collect personal information in a fair, lawful, reasonable and proportionate way.

Yuzee does not want users, Organisations or third parties to provide unnecessary personal information, sensitive information, documents or information about other people.

This section explains:

awhen users may be able to deal with Yuzee anonymously;
bwhen users may be able to use a pseudonym;
cwhen Yuzee needs users to identify themselves;
dhow Yuzee applies data minimisation;
ehow Yuzee handles unnecessary information;
fhow Yuzee handles unsolicited personal information; and
ghow users can reduce privacy risk when using Yuzee.

24.2 Anonymous use

Where practical, users may be able to use some parts of Yuzee without identifying themselves.

Anonymous use may include:

abrowsing public pages;
breading general information;
cviewing general guidance;
dviewing general course or job information;
eviewing public help content;
fviewing public privacy notices;
gviewing public terms;
husing limited website features;
imaking a general enquiry that does not require account access;
jasking a general question that does not require personalised support; or
kusing other features that Yuzee makes available without account registration.

Anonymous use may still involve collection of limited technical information, such as IP address, browser information, device information, cookie information, analytics information, security logs or similar data.

Yuzee may not be able to provide personalised services anonymously.

24.3 Pseudonymous use

Where practical, users may be able to use a pseudonym or limited identifier when dealing with Yuzee.

A pseudonym may include:

aa display name;
ba nickname;
ca username;
da non-identifying email address;
ea limited account name;
fa support reference number; or
ganother identifier that is not the user’s full legal name.

Pseudonymous use may still involve personal information if Yuzee can reasonably identify the user from account details, email address, phone number, payment records, device information, Organisation records, support records or other information.

Yuzee may link a pseudonym to other information where reasonably needed to provide services, protect security, manage accounts, comply with law or respond to requests.

24.4 When identification is required

Yuzee may require users to identify themselves where identification is reasonably needed, legally required, authorised by law or impracticable to avoid.

Identification may be required for:

aaccount creation;
baccount login;
cpersonalised profiles;
dAI-supported personalised guidance;
edocument uploads;
fdocument review;
gRequest Multiple Offers;
hoffer requests;
isharing information with institutions;
jsharing information with employers;
ksharing information with partners;
lpayment processing;
msubscriptions;
ncredits;
orefunds;
pchargebacks;
qbilling support;
raccess requests;
scorrection requests;
tdeletion requests;
uaccount closure requests;
vprivacy complaints;
wsecurity incidents;
xdata breach matters;
yOrganisation dashboards;
zstaff access;
aachildren and young people workflows;
abparent or guardian requests;
acauthorised representative requests;
adlegal notices;
aefraud prevention;
afmisuse detection; and
agother services where identification is reasonably necessary.

24.5 Limited identification

Where Yuzee needs to identify a user, Yuzee aims to collect only the information reasonably needed for the relevant purpose.

For example, Yuzee may not need a full legal name for a general enquiry, but may need stronger identity verification for an access request, RMO request, payment issue, security issue, document issue or privacy complaint.

Yuzee may use different levels of verification depending on the sensitivity, risk and purpose of the request.

24.6 Data minimisation

Yuzee aims to collect, use and disclose personal information in a way that is proportionate to the relevant service or purpose.

Yuzee should not collect personal information merely because it may be useful in the future.

Yuzee may apply data minimisation by:

amaking some fields optional;
blimiting mandatory fields;
ccollecting summary information instead of full documents where appropriate;
dcollecting approximate location instead of precise location where appropriate;
elimiting sensitive information collection;
fredacting unnecessary document information where appropriate;
glimiting staff access;
hlimiting Organisation access;
ilimiting RMO sharing to relevant information;
jusing de-identified or aggregated information where appropriate;
klimiting analytics information where appropriate;
llimiting marketing information where appropriate;
mretaining information only as long as reasonably needed; and
ndeleting, de-identifying or restricting information where appropriate.

24.7 Required and optional information

Some information may be required to use certain Yuzee features.

Required information may include information needed to:

acreate an account;
bsecure an account;
cprovide personalised guidance;
dcreate a Yuzee profile;
eprocess a document;
fprepare an RMO request;
gshare information with a selected recipient;
hprocess a payment;
iprovide support;
jmanage an Organisation Account;
kverify identity;
lprevent fraud;
mcomply with law; or
nprotect users and the Platform.

Other information may be optional.

If a user chooses not to provide optional information, Yuzee may still provide some services, but recommendations, AI guidance, matching, document review, RMO workflows or support may be less accurate, less complete or unavailable.

24.8 Fair and lawful collection

Yuzee aims to collect personal information by fair and lawful means.

Yuzee should not collect personal information through deception, misleading conduct, unauthorised access, hidden collection, unfair pressure or other improper means.

Yuzee may collect information:

adirectly from users;
bfrom authorised representatives;
cfrom parents or guardians where appropriate;
dfrom Organisations where authorised;
efrom institutions where authorised;
ffrom employers where authorised;
gfrom partners where authorised;
hfrom public sources where permitted;
ifrom government sources where permitted;
jfrom commercial or licensed sources where permitted;
kfrom service providers where permitted;
lfrom AI providers where permitted; and
mfrom other lawful and fair sources.

24.9 Direct collection where practical

Where practical, Yuzee aims to collect personal information directly from the individual concerned.

Yuzee may collect information from another person or source where:

athe user authorises it;
bthe user requests a feature that requires it;
ca parent or guardian provides it;
dan authorised representative provides it;
ean Organisation provides it under an authorised workflow;
fan institution, employer or partner provides it;
gpublic or government data is relevant to Yuzee’s services;
hcollection from the individual is unreasonable or impracticable;
isecurity, fraud prevention or safety requires it;
jlaw permits or requires it; or
kanother lawful basis applies.

24.10 Public information

Yuzee may use information from public sources where relevant and permitted.

However, Yuzee should not assume that personal information can be used without limits merely because it is publicly available.

Public information may still involve privacy, consent, fairness, accuracy, copyright, licence, platform terms, confidentiality, safety or reputational issues.

Yuzee may assess public information based on:

asource reliability;
bpurpose of use;
csensitivity;
duser expectations;
elegal requirements;
flicence terms;
gwhether the information relates to a child or young person;
hwhether the information may create harm;
iwhether the information is current;
jwhether the information is relevant; and
kwhether the use is fair and proportionate.

24.11 Data scraping, crawling and automated collection

Yuzee may use automated tools to collect or analyse publicly available data where permitted and appropriate.

This may include data relevant to courses, jobs, institutions, employers, partners, locations, labour markets, skills, cost-of-living indicators, public websites, government datasets or other data sources.

Yuzee should not use automated collection methods in a way that is unlawful, unfair, misleading, excessive or inconsistent with applicable restrictions.

Yuzee may limit, exclude, review, de-identify, aggregate, correct or remove data collected through automated methods where appropriate.

24.12 Sensitive information minimisation

Yuzee may collect sensitive information only where reasonably needed, permitted by law and consented to where required.

Users should avoid providing unnecessary sensitive information.

Sensitive information may include:

ahealth information;
bdisability information;
cNDIS-related information;
dmental health information;
efinancial hardship information;
fvisa or migration-related information;
gidentity documents;
hgovernment identifiers;
icultural or religious information;
jcriminal history information;
kinformation about children or young people;
lcounselling-style notes;
mfamily circumstances; and
nother information treated as sensitive under applicable law.

Where reasonably appropriate, Yuzee may minimise, redact, restrict, de-identify, aggregate, delete or avoid using sensitive information.

24.13 Children and young people minimisation

Yuzee applies additional care to personal information about children and young people.

Yuzee should not collect more information about children or young people than is reasonably needed for the relevant feature, support, safety, consent, school, Organisation, AI, document or RMO workflow.

Where appropriate, Yuzee may require parent, guardian, school, institution or Organisation involvement before collecting, using or sharing information about a child or young person.

24.14 AI prompt minimisation

Users should avoid entering unnecessary personal information or sensitive information into AI prompts, chats or messages.

Yuzee may use AI prompts, chats and outputs to provide AI features, support, safety, quality review, debugging, platform improvement and other purposes described in this Privacy Policy.

Where reasonably appropriate, Yuzee may use minimisation steps for AI features, such as:

alimiting prompt data;
busing summaries;
credacting unnecessary information;
drestricting sensitive information;
elimiting provider access;
fconfiguring AI providers to reduce model-training risk where available;
gmonitoring misuse;
hlimiting retention where appropriate; and
iproviding product notices.

24.15 Document minimisation

Uploaded documents may contain more information than Yuzee needs.

Users should review documents before uploading them and remove unnecessary information where practical.

Documents may include:

aresumes;
btranscripts;
ccertificates;
didentity documents;
evisa documents;
fwork history documents;
gsupport documents;
hmedical or disability documents;
ifinancial documents;
jschool documents;
kapplication documents;
loffer documents; and
mother files.

Yuzee may use document minimisation steps where appropriate, such as redaction, extraction, summarisation, limited access, deletion, restricted sharing, de-identification or asking the user to upload a different document.

24.16 RMO minimisation

Request Multiple Offers may involve sharing personal information with institutions, employers, partners or other recipients.

Yuzee aims to share only the information reasonably needed for the relevant RMO purpose.

RMO minimisation may include:

ashowing users what information may be shared;
basking users to review information before sharing;
climiting document sharing;
dlimiting sensitive information;
eusing profile summaries;
fsharing relevant preferences only;
glimiting recipient access;
hkeeping sharing records;
iallowing users to ask questions before sharing; and
jusing RMO-specific consent notices.

Once information has been shared with an RMO recipient, Yuzee may not be able to control that recipient’s independent handling of the information, except to the extent required by law or expressly agreed in writing.

24.17 Organisation data minimisation

Organisations should provide Yuzee only the information that is relevant, authorised, accurate, current and reasonably needed.

Organisations should not provide unnecessary personal information, sensitive information or information about children and young people unless there is a lawful basis and the information is relevant to the authorised workflow.

Organisations should avoid uploading or entering:

airrelevant staff notes;
bunnecessary sensitive information;
coffensive comments;
ddiscriminatory comments;
eunnecessary medical information;
funnecessary identity documents;
gexcessive family information;
hinformation about unrelated third parties;
iinformation collected without authority; or
jinformation that the Organisation is not permitted to share.

24.18 Unsolicited personal information

Yuzee may sometimes receive personal information that it did not request.

This may happen where:

aa user uploads an unnecessary document;
ba user includes extra information in an AI prompt;
ca user sends unnecessary sensitive information;
da user provides information about another person;
ea parent or guardian provides extra information;
fan Organisation uploads unnecessary information;
gan institution, employer or partner sends extra information;
ha support message includes unnecessary personal information;
ia complaint includes information about third parties;
ja document includes hidden metadata;
ka file includes unrelated pages;
la screenshot shows unrelated information; or
ma third party sends information without being asked.

Yuzee may review unsolicited personal information and decide whether Yuzee could have collected it for a lawful and relevant purpose.

24.19 How Yuzee may handle unsolicited information

If Yuzee receives unsolicited personal information, Yuzee may take one or more steps depending on the circumstances.

Yuzee may:

akeep the information if it could lawfully and reasonably have collected it;
buse the information for the purpose for which it was provided;
crestrict access to the information;
ddelete the information;
ede-identify the information;
fredact unnecessary information;
gask the sender to provide a revised document;
hask the sender to remove unnecessary information;
ireturn the information where appropriate;
jignore the information;
kprevent the information from being used in matching or AI features;
lprevent the information from being shared through RMO;
mrecord why the information was retained or deleted;
nretain the information where required for legal, security, audit, complaint or dispute purposes; or
otake another reasonable step.

Yuzee may not be required to notify every person mentioned in unsolicited information if notification would be unreasonable, impracticable, disproportionate, unsafe, unlawful or unnecessary in the circumstances.

24.20 Excessive information

Yuzee may refuse, limit, delete, de-identify, redact or restrict excessive information.

Excessive information may include information that is:

anot relevant;
bnot needed;
ctoo detailed;
dtoo sensitive;
eabout unrelated people;
fabout children or young people without authority;
gunsafe to process;
hunlawful to process;
ioutside the purpose of the feature;
junsuitable for AI processing;
kunsuitable for RMO sharing;
linaccurate or misleading;
moffensive or discriminatory;
nconfidential without authority; or
ootherwise inappropriate.

24.21 Information about other people

Users and Organisations should not provide personal information about another person unless they have authority or a lawful basis.

Information about other people may include:

afamily members;
bemergency contacts;
cparents;
dguardians;
echildren;
fclassmates;
gteachers;
hreferees;
iemployers;
jco-workers;
ksupport workers;
lcase workers;
mhealth professionals;
nfriends;
oOrganisation staff; or
pother individuals.

If a user or Organisation provides information about another person, they must ensure they are authorised to do so and that the information is accurate, relevant and lawful.

Yuzee may redact, restrict, delete, de-identify or refuse to process information about another person where appropriate.

24.22 De-identification and aggregation

Yuzee may use de-identified or aggregated information where appropriate to reduce privacy risk.

De-identified or aggregated information may be used for:

aanalytics;
breporting;
cresearch;
dproduct improvement;
eAI quality improvement;
fdata quality checks;
gmarket insights;
hOrganisation reporting;
iinvestor reporting;
jplatform safety;
ksupport improvement;
lRMO workflow improvement; and
mbusiness operations.

Yuzee will take reasonable steps to reduce the risk that de-identified or aggregated information identifies an individual.

24.23 Product design and privacy controls

Yuzee may design product controls to support minimisation and user control.

These controls may include:

aoptional fields;
brequired field labels;
cprivacy notices;
dconsent screens;
edocument warnings;
fsensitive information warnings;
gAI prompt warnings;
hRMO review screens;
isharing previews;
jdeletion tools;
kcorrection tools;
lprofile editing tools;
mmarketing preference tools;
ncookie preference tools;
oaccount closure tools; and
pprivacy request tools.

Yuzee may update these controls over time.

24.24 Security benefits of minimisation

Minimising personal information can reduce privacy and security risk.

Holding less unnecessary information may reduce the impact of:

aaccidental disclosure;
bunauthorised access;
cdata breaches;
dstaff misuse;
eOrganisation misuse;
fexcessive sharing;
ginaccurate recommendations;
hinappropriate AI outputs;
idocument exposure;
jRMO sharing errors;
kidentity fraud;
lsecurity incidents; and
mlegal or compliance risk.

24.25 Consequences of not providing information

Users may choose not to provide certain information, subject to feature requirements.

If a user does not provide information Yuzee reasonably needs, Yuzee may be unable to:

acreate an account;
bverify identity;
cpersonalise guidance;
dcomplete a profile;
eprovide accurate recommendations;
fprocess documents;
gprovide AI features;
hprepare RMO requests;
ishare information with selected recipients;
jprocess payments;
kmanage subscriptions;
lprovide support;
minvestigate complaints;
nrespond to privacy requests;
oprevent fraud;
pprotect account security; or
qprovide other Platform features.

24.26 Contact about minimisation or unnecessary information

Users can contact Yuzee if they believe Yuzee holds unnecessary, excessive, inaccurate, outdated, incomplete, irrelevant, misleading or sensitive information.

Privacy contact: [insert privacy email]
Support contact: [insert support email]

Yuzee may ask for identity verification before responding to certain requests.

Yuzee may correct, delete, de-identify, restrict, redact, annotate, update or retain information depending on the circumstances, applicable law, technical availability, retention obligations and Yuzee’s legitimate operational needs.

24.27 Changes to this approach

Yuzee may update its approach to anonymity, pseudonymity, data minimisation, fair collection and unsolicited information as the Platform, AI features, RMO workflows, Organisation tools, provider arrangements, legal requirements and business operations change.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices, product notices or internal processes.

Nothing in this Privacy Policy limits rights, remedies or obligations that cannot lawfully be excluded, restricted or modified.

Government Identifiers, Identity Documents and Verification

25.1 Overview

Yuzee may sometimes collect, receive, use, store, verify, disclose or process government identifiers, identity documents or verification information.

Yuzee treats this information as higher-risk information.

This section explains how Yuzee may handle information such as:

agovernment-related identifiers;
bidentity documents;
cvisa documents;
dproof-of-age documents;
estudent identifiers;
fwork-rights information;
gverification records;
hdocument extracts;
idocument numbers;
jphotos or images in documents;
ksignatures;
lofficial certificates; and
mother identity-related information.

Users and Organisations should not provide identity documents or government identifiers unless Yuzee specifically requests them or they are clearly necessary for the relevant feature, support request, Organisation workflow, RMO workflow, payment issue, verification process or legal purpose.

25.2 What may be treated as a government identifier or identity-related record

Government identifiers and identity-related records may include:

apassport numbers;
bpassport images;
cvisa grant numbers;
dvisa documents;
ework-rights information;
fdriver licence numbers;
gdriver licence images;
hMedicare numbers;
iCentrelink reference numbers;
jtax file numbers;
kAustralian Business Numbers;
lAustralian Company Numbers;
mUnique Student Identifiers;
nstudent numbers issued by public institutions;
ogovernment-issued concession card numbers;
pproof-of-age card numbers;
qbirth certificate information;
rcitizenship certificate information;
simmigration documents;
tpolice check documents;
uworking with children check information;
vNDIS-related numbers or records;
whealthcare identifiers;
xgovernment benefit identifiers;
ypublic-sector employee identifiers;
zqualification certificates issued or recognised by government bodies;
aaregulator-issued identifiers;
abprofessional registration numbers;
aclicences;
adpermits;
aeidentity verification reports; and
afother identifiers issued by or connected to a government agency, regulator, public authority or official body.

Not all of these identifiers will be needed by Yuzee. Users should provide only what is necessary.

25.3 Identity documents may contain sensitive information

Identity documents may contain more information than Yuzee needs.

Identity documents may include:

afull legal name;
bdate of birth;
cplace of birth;
dgender marker;
enationality;
fcitizenship status;
gimmigration status;
hphoto;
isignature;
jresidential address;
kdocument number;
lexpiry date;
mmachine-readable zone;
nbarcode;
oQR code;
pvisa conditions;
qhealth-related information;
rdisability-related information;
scriminal-history-related information;
tfamily information;
ufinancial information;
vgovernment identifiers;
wmetadata;
xhidden document properties; and
yother personal or sensitive information.

Users should review documents before uploading them and remove or redact unnecessary information where practical.

25.4 Yuzee does not want unnecessary identity information

Yuzee does not want users or Organisations to provide unnecessary identity documents, government identifiers or verification information.

Users and Organisations should not upload or send:

apassport copies unless requested or necessary;
bdriver licence copies unless requested or necessary;
cMedicare information unless requested or necessary;
dtax file numbers unless specifically requested through an appropriate lawful process;
evisa documents unless relevant;
ffull birth certificates unless relevant;
gpolice checks unless relevant;
hworking with children checks unless relevant;
ihealth or disability documents unless relevant;
jfinancial hardship documents unless relevant;
kidentity documents about another person unless authorised;
ldocuments containing unrelated third-party information;
mdocuments containing hidden metadata where not needed; or
ndocuments that include more information than the relevant feature requires.

Yuzee may delete, de-identify, redact, restrict, ignore or refuse unnecessary identity information where appropriate.

25.5 When Yuzee may collect identity documents or identifiers

Yuzee may collect identity documents, identifiers or verification information where reasonably needed for a lawful purpose.

This may include:

averifying a user’s identity;
bverifying account ownership;
cresponding to an access request;
dresponding to a correction request;
eresponding to a deletion request;
fresponding to an account closure request;
ghandling a privacy complaint;
hhandling a security incident;
iinvestigating suspected fraud;
jinvestigating account misuse;
kmanaging payment disputes;
lmanaging refunds or chargebacks;
msupporting Request Multiple Offers;
nsupporting course applications;
osupporting job or employment-related workflows;
psupporting work-rights checks where relevant;
qsupporting institution, employer or partner requirements;
rsupporting Organisation Account verification;
sverifying staff authority;
tcomplying with law;
uresponding to regulator, court or legal requests;
vprotecting users, Organisations or Yuzee; or
wanother lawful and reasonable purpose.

25.6 Government identifiers are not Yuzee account IDs

Yuzee should not use a government identifier as Yuzee’s own general account identifier unless required or authorised by law.

Yuzee may assign its own internal account ID, user ID, profile ID, Organisation ID, RMO ID, support ticket ID, payment reference, transaction reference or other internal identifier.

Yuzee should not make a passport number, driver licence number, Medicare number, tax file number, visa number, Unique Student Identifier or similar government-related identifier the main Yuzee account identifier unless legally permitted and necessary.

25.7 Use of government identifiers

Yuzee may use government identifiers only where permitted by law and reasonably needed for the relevant purpose.

This may include use for:

aidentity verification;
bdocument verification;
cwork-rights support;
dOrganisation verification;
einstitution or employer workflows;
fRMO workflows where relevant and approved;
glegal compliance;
hfraud prevention;
isecurity;
jpayment or billing compliance;
kprivacy request verification;
lcomplaint handling;
maudit;
ndispute resolution; or
oanother lawful and permitted purpose.

Yuzee should not use government identifiers for unrelated marketing, unrelated profiling, unnecessary analytics or unrelated AI training.

25.8 Disclosure of government identifiers

Yuzee may disclose government identifiers or identity documents only where permitted by law and reasonably necessary for the relevant purpose.

This may include disclosure to:

aa user-selected institution;
ba user-selected employer;
ca user-selected partner;
dan Organisation authorised by the user;
ean identity verification provider;
fa payment provider;
ga cloud or storage provider;
han AI provider where necessary and appropriate;
ia legal adviser;
jan auditor;
ka regulator;
la law enforcement body;
ma court or tribunal;
na government agency;
oa service provider that supports Yuzee; or
panother party where required or authorised by law.

Yuzee should aim to disclose only the information reasonably needed for the purpose.

25.9 Identity verification

Yuzee may verify identity or authority before providing access to certain information or services.

Verification may be required for:

aaccess requests;
bcorrection requests;
cdeletion requests;
daccount closure requests;
eprivacy complaints;
fdata breach matters;
gsecurity matters;
hpayment issues;
irefunds;
jchargebacks;
kRMO records;
ldocument records;
mOrganisation Account requests;
nstaff administrator requests;
oparent or guardian requests;
pauthorised representative requests; and
qlegal requests.

Yuzee may use a proportionate verification approach based on the sensitivity and risk of the request.

Yuzee should not ask users to provide more verification information than is reasonably necessary.

25.10 Verification methods

Yuzee may verify identity or authority using one or more methods.

This may include:

aaccount login;
bemail verification;
cSMS verification;
dmulti-factor authentication;
esupport questions;
fpayment reference checks;
gRMO reference checks;
hOrganisation administrator confirmation;
idocument checks;
jidentity document upload;
kidentity verification provider checks;
lparent or guardian authority checks;
mlegal representative authority checks;
nschool or institution authority checks;
ostaff role verification;
pmanual review; or
qanother reasonable verification method.

The verification method may depend on the feature, request, sensitivity, risk, technical availability and applicable law.

25.11 Identity verification providers

Yuzee may use third-party identity verification providers where appropriate.

Identity verification providers may process information such as:

aname;
bdate of birth;
cemail address;
dphone number;
eaddress;
fidentity document images;
gdocument numbers;
hverification result;
ifraud risk signals;
jdevice information;
kIP address;
lbiometric or facial comparison information, if used;
mliveness checks, if used;
nverification logs; and
orelated metadata.

Identity verification providers may have their own privacy policies, security practices, retention practices, processing locations and legal obligations.

Yuzee should use identity verification providers only where reasonably appropriate and should take reasonable steps to manage privacy and security risks.

25.12 Biometric information

Yuzee does not intend to collect biometric information unless a feature specifically requires it and Yuzee provides appropriate notice and consent where required.

Biometric information may include:

afacial images used for biometric matching;
bliveness check data;
cvoiceprint data;
dfingerprint data;
ebiometric templates;
fbiometric verification results; or
gsimilar biometric identifiers.

If Yuzee introduces biometric verification, Yuzee should provide additional notice, obtain consent where required, use appropriate safeguards and limit retention where appropriate.

25.13 Tax file numbers

Yuzee does not generally need tax file numbers for ordinary user accounts, AI guidance, matching, recommendations, document review or RMO.

Users should not provide tax file numbers unless Yuzee specifically requests them through a secure and lawful process.

Yuzee may need to handle tax file numbers only in limited circumstances, such as employment-related workflows, contractor payments, tax, accounting, payroll, legal compliance or other legally required processes.

Tax file numbers should be handled with additional care.

Yuzee should not use tax file numbers for unrelated matching, marketing, AI training, analytics, recommendations or general account identification.

25.14 Medicare, health and disability identifiers

Yuzee does not generally need Medicare numbers, healthcare identifiers, NDIS numbers or health-related identifiers for ordinary user accounts.

Users should not provide these identifiers unless specifically requested or clearly necessary for a relevant support, health, disability, accessibility, NDIS, safety, verification, Organisation or service workflow.

Where Yuzee receives these identifiers, Yuzee will treat them as high-risk information and apply additional care where appropriate.

Yuzee should not use health-related identifiers for unrelated marketing, unrelated profiling, unrelated AI training or unrelated analytics.

25.15 Visa, migration and work-rights documents

Yuzee may receive visa, migration or work-rights information where relevant to study, work, placement, employment, eligibility, RMO or support workflows.

This may include:

avisa status;
bvisa subclass;
cvisa grant number;
dvisa expiry date;
evisa conditions;
fwork-rights information;
gpassport information;
hmigration-related documents;
istudy-rights information;
jplacement eligibility information; and
krelated documents.

Yuzee does not provide migration, visa, legal or immigration advice unless expressly stated in writing by an appropriately qualified provider.

Users should verify migration, visa and work-rights matters with the relevant government body, qualified adviser, institution, employer or partner.

25.16 Unique Student Identifier and student IDs

Yuzee may receive Unique Student Identifiers, student IDs, provider-issued IDs or education-related identifiers where relevant to education, training, enrolment, application, RMO, offer request, support or Organisation workflows.

Yuzee should not collect or share these identifiers unless reasonably needed for the relevant purpose.

Institutions and Organisations are responsible for ensuring that any student identifiers they provide to Yuzee are collected, used and disclosed lawfully and with appropriate authority.

25.17 Certificates, qualifications and official documents

Yuzee may receive certificates, transcripts, statements of attainment, qualification records, licences, registrations or official documents.

These documents may be used for:

aprofile creation;
bskills analysis;
ccourse matching;
djob matching;
epathway guidance;
fdocument review;
gRMO;
hoffer requests;
iOrganisation workflows;
jverification support;
ksupport requests; or
lother relevant services.

Users should provide only relevant documents and should consider redacting unnecessary information where practical.

Yuzee does not guarantee that every certificate, qualification, licence or official document will be verified unless Yuzee expressly states otherwise.

25.18 Police checks and working with children checks

Yuzee may receive police checks, working with children checks, working with vulnerable people checks or similar documents where relevant to a specific course, job, placement, employer, institution, partner, support or RMO workflow.

These documents may contain sensitive information.

Users and Organisations should provide these documents only where relevant, authorised and necessary.

Yuzee should restrict access to these documents and avoid using them for unrelated purposes.

Yuzee does not guarantee that it will verify every check unless expressly stated otherwise.

25.19 Identity documents and AI features

Identity documents may be processed by AI features where reasonably necessary for document review, summarisation, extraction, RMO preparation, support, quality review, data classification or issue detection.

Yuzee should apply additional care before using identity documents with AI features.

Where reasonably appropriate, Yuzee may:

aavoid sending full identity documents to AI providers;
buse document extracts instead of full documents;
credact unnecessary identifiers;
dsummarise relevant information;
erestrict sensitive fields;
flimit provider access;
gconfigure AI provider settings to reduce model-training risk where available;
huse human review;
irestrict retention;
jwarn users before uploading sensitive documents; or
kdisable AI processing for certain high-risk documents.

Users should avoid uploading identity documents into AI chats unless the feature specifically asks for them.

25.20 Identity documents and RMO

Request Multiple Offers may involve sharing identity documents or identity-related information with institutions, employers, partners or other recipients.

Yuzee should not share identity documents through RMO unless the sharing is relevant, authorised and reasonably necessary for the RMO purpose.

Before sharing identity documents through RMO, Yuzee may require:

auser confirmation;
buser consent;
cparent or guardian consent where appropriate;
dOrganisation authorisation where appropriate;
eadditional notice;
freview of the document;
gredaction of unnecessary information;
hselection of specific recipients;
iconfirmation of the purpose; and
jrecording of the sharing event.

Once identity documents are shared with an institution, employer, partner or other recipient, Yuzee may not be able to control that recipient’s independent handling of the information, except to the extent required by law or expressly agreed in writing.

25.21 Identity documents and Organisation dashboards

Organisation users may access identity documents or identity-related information only where permitted by their role, Organisation agreement, user consent, product workflow, Yuzee controls and applicable law.

Organisation administrators are responsible for ensuring that staff access is appropriate.

Organisations must not use identity documents or government identifiers for unrelated purposes.

Organisations must protect identity documents and identifiers from misuse, unauthorised access, unauthorised disclosure, loss, copying, downloading, export or misuse.

Yuzee may restrict Organisation access where Yuzee reasonably considers there is a privacy, security, fraud, legal, user safety or platform risk.

25.22 Organisation responsibilities

Organisations must not provide identity documents, government identifiers or verification information to Yuzee unless they have authority and a lawful basis.

Organisations are responsible for ensuring that information they provide is:

aauthorised;
brelevant;
caccurate;
dcurrent;
ecomplete where required;
flawful;
gnot misleading;
hnot excessive;
isecurely handled; and
jprovided only for a permitted purpose.

Organisations should not upload identity documents or government identifiers about users, staff, students, applicants, candidates or other people unless the information is necessary and authorised.

25.23 Redaction and minimisation

Where practical and appropriate, Yuzee may use redaction or minimisation to reduce identity document risk.

This may include removing or masking:

adocument numbers;
bpassport numbers;
cMedicare numbers;
dtax file numbers;
esignature images;
fmachine-readable zones;
gbarcodes;
hQR codes;
iunrelated pages;
junrelated people’s information;
kunnecessary health information;
lunnecessary family information;
munnecessary address information;
nunnecessary photo information;
ohidden metadata; and
pother unnecessary information.

Yuzee may ask users or Organisations to upload a redacted or replacement document where appropriate.

25.24 Metadata and hidden information

Files and images may contain hidden metadata or embedded information.

This may include:

aauthor name;
bdocument history;
clocation data;
ddevice information;
etimestamps;
fcomments;
gtracked changes;
hhidden text;
iprevious versions;
jembedded images;
kfile paths;
lsoftware information; and
mother metadata.

Users and Organisations should remove unnecessary metadata before uploading documents where practical.

Yuzee may process metadata where reasonably needed for document handling, security, fraud prevention, support, troubleshooting, verification, RMO, audit or platform operation.

25.25 Security controls for identity information

Yuzee will take reasonable steps to protect identity documents, government identifiers and verification information.

Controls may include:

arestricted access;
brole-based permissions;
cauthentication;
dencryption where appropriate;
esecure storage;
fsecure transmission;
gaccess logging;
haudit logs;
istaff access limits;
jprovider controls;
kOrganisation access limits;
ldocument download limits where available;
mredaction;
nretention limits;
odeletion or de-identification processes;
pincident response processes;
qstaff training;
rinternal policies; and
sother reasonable safeguards.

No online platform can guarantee absolute security.

25.26 Access logs and audit records

Yuzee may keep logs and records about access to identity documents or government identifiers.

These records may include:

auser who uploaded the document;
bdate and time of upload;
cfile type;
daccess activity;
estaff user access;
fOrganisation user access;
gsharing activity;
hRMO recipient activity;
idownload activity where available;
jredaction activity;
kdeletion activity;
lverification activity;
msupport activity;
nsecurity activity; and
orelated metadata.

Yuzee may use these records for privacy, security, audit, support, dispute resolution, fraud prevention, compliance, RMO management and platform improvement.

25.27 Retention of identity documents and identifiers

Yuzee may retain identity documents, government identifiers and verification information for as long as reasonably needed for the purpose for which they were collected or another lawful purpose.

Retention may be needed for:

aaccount verification;
baccess request verification;
ccorrection request verification;
ddeletion request verification;
eRMO records;
foffer request records;
gOrganisation workflows;
hpayment disputes;
irefunds;
jchargebacks;
kfraud prevention;
lsecurity;
mlegal compliance;
ntax or accounting requirements;
oaudit;
pdispute resolution;
qcomplaint handling;
rregulator requests;
slaw enforcement requests;
tdata breach assessment;
ubackups; and
vother lawful purposes.

Where identity documents or identifiers are no longer reasonably needed, Yuzee may delete, de-identify, redact, restrict or put the information beyond use where appropriate.

25.28 Backups and archived copies

Identity documents or identifiers may remain temporarily in backups, archives or system logs even after deletion from active systems.

Yuzee may take reasonable steps to delete, de-identify, restrict or put information beyond use in backups and archives where appropriate and technically practical.

Backup deletion may not be immediate.

Yuzee may retain backup or archived copies where reasonably needed for legal, security, disaster recovery, audit, dispute, compliance or operational purposes.

25.29 Deletion requests involving identity documents

Users may request deletion of identity documents or identifiers.

Yuzee may delete, redact, de-identify, restrict or put the information beyond use where appropriate.

Yuzee may refuse, delay or limit deletion where retention is reasonably needed for:

alegal obligations;
btax or accounting obligations;
cpayment records;
drefunds;
echargebacks;
fRMO records;
goffer request records;
hOrganisation records;
isecurity;
jfraud prevention;
kaudit;
ldispute resolution;
mcomplaints;
nprivacy requests;
odata breach assessment;
pregulator requests;
qcourt orders;
rbackups;
stechnical constraints; or
tanother lawful purpose.

25.30 Data breaches involving identity information

A data breach involving identity documents, government identifiers or verification information may create higher risk.

If Yuzee suspects or becomes aware of a data breach involving this type of information, Yuzee may assess:

awhat information was involved;
bwhether document numbers were exposed;
cwhether images were exposed;
dwhether signatures were exposed;
ewhether photos were exposed;
fwhether government identifiers were exposed;
gwhether sensitive information was exposed;
hwhether children or young people were affected;
iwhether RMO recipients were involved;
jwhether Organisations were involved;
kwhether third-party providers were involved;
lwhether serious harm is likely;
mwhether notification is required;
nwhat remediation steps are available; and
owhether additional security controls are needed.

More information is set out in the Data Breaches section of this Privacy Policy.

25.31 Identity fraud and misuse

Identity documents and government identifiers can be misused.

Yuzee may use security, fraud prevention, monitoring, verification, audit logs, access controls, document controls and provider controls to reduce misuse risk.

Yuzee does not guarantee that every identity fraud, fake document, impersonation, misuse, unauthorised access or security issue will be detected, prevented or resolved.

Users and Organisations should contact Yuzee promptly if they believe identity information has been misused.

25.32 User responsibilities

Users should take care when providing identity documents or identifiers.

Users should:

aprovide identity documents only where requested or necessary;
bavoid sending tax file numbers unless specifically requested through a secure lawful process;
cavoid uploading full identity documents where a partial or redacted copy is sufficient;
dremove unnecessary pages;
eremove unnecessary metadata where practical;
favoid uploading documents about another person unless authorised;
gkeep account login details secure;
hcontact Yuzee if a document was uploaded by mistake;
icontact Yuzee if identity information appears inaccurate; and
jcontact Yuzee if they suspect misuse or unauthorised access.

25.33 Organisation responsibilities

Organisations should take care when requesting, uploading, accessing, downloading, exporting or storing identity documents or identifiers through Yuzee.

Organisations should:

arequest only necessary documents;
bprovide clear reasons for document requests;
cavoid collecting excessive information;
drestrict staff access;
eavoid unnecessary downloads;
favoid unnecessary exports;
gprotect copied or downloaded documents;
hdelete or return documents when no longer needed where appropriate;
iavoid using identity documents for unrelated purposes;
javoid unrelated marketing;
kavoid unrelated AI training;
lreport suspected breaches promptly;
mcomply with privacy law;
ncomply with anti-discrimination law;
ocomply with consumer law; and
pcomply with Yuzee’s Organisation terms and policies.

25.34 Third-party recipient responsibilities

Institutions, employers, partners, verification providers, payment providers, app stores, service providers and other third parties may have their own privacy, security, retention, verification, legal and data breach obligations.

Yuzee is not responsible for a third party’s independent handling of identity documents or government identifiers, except to the extent required by law or expressly agreed in writing.

Users should review third-party privacy policies and terms before providing identity documents directly to third parties.

25.35 Overseas processing of identity information

Identity documents, identifiers or verification information may be processed in Australia or overseas where Yuzee uses third-party providers, AI providers, cloud providers, payment providers, app stores, verification providers, support tools, security tools or other service providers.

Yuzee will take reasonable steps to manage privacy and security risks involving overseas processing.

Yuzee may apply additional care where identity information is processed overseas.

More information is set out in the International and Overseas Processing section of this Privacy Policy.

25.36 Children and young people

Yuzee may apply additional care when handling identity documents or identifiers relating to children and young people.

Where appropriate, Yuzee may require:

aparent or guardian involvement;
bschool or Organisation involvement;
cadditional notice;
dadditional consent;
estronger verification;
frestricted access;
grestricted sharing;
hredaction;
ilimited retention;
jdeletion or de-identification; and
kadditional safety review.

Users, parents, guardians and Organisations should avoid providing unnecessary identity documents or identifiers about children and young people.

25.37 If identity information is uploaded by mistake

If a user or Organisation uploads identity information by mistake, they should contact Yuzee promptly.

Contact:

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Security contact: [insert security email]

Yuzee may delete, de-identify, restrict, redact, ignore, replace or retain the information depending on the circumstances, applicable law, technical availability, retention requirements, security needs and Yuzee’s legitimate operational needs.

25.38 Questions about identity documents and identifiers

Users and Organisations can contact Yuzee with questions about identity documents, government identifiers, verification, redaction, deletion, RMO sharing, AI processing, Organisation access, overseas processing or security.

Contact:

Privacy contact: [insert privacy email]
Support contact: [insert support email]
Security contact: [insert security email]

Yuzee may ask for identity or authority verification before responding to certain requests.

25.39 Changes to identity document and verification practices

Yuzee may update its identity document, government identifier and verification practices as the Platform, AI features, RMO workflows, Organisation tools, legal requirements, provider arrangements, verification tools, security risks and business operations change.

Where required by law or where reasonably appropriate, Yuzee may update this Privacy Policy, Collection Notices, consent notices, product notices, document upload notices, RMO notices or internal processes.

Nothing in this Privacy Policy limits rights, remedies or obligations that cannot lawfully be excluded, restricted or modified.

What are you looking for?

Privacy Policy

In plain terms

Introduction and Privacy Commitment

1.1 About this Privacy Policy

1.2 Who we are

1.3 Our privacy commitment

1.4 Plain-English summary

1.5 AI, data and user control

1.6 Relationship with other Yuzee documents

1.7 Collection Notices and consent notices

1.8 When this Privacy Policy applies

1.9 Information about other people

1.10 Users outside Australia

1.11 No guarantee of absolute security

1.12 Changes to this Privacy Policy

1.13 Contact Yuzee about privacy

Scope of this Privacy Policy

2.1 Who this Privacy Policy applies to

2.2 What services this Privacy Policy covers

2.3 Individual users

2.4 Organisation users

2.5 Institutions, employers and partners

2.6 Parents, guardians and authorised representatives

2.7 Children and young people

2.8 Website visitors

2.9 App users

2.10 AI, prompts and automated tools

2.11 Request Multiple Offers and offer workflows

2.12 Paid services, subscriptions and payments

2.13 Communications with Yuzee

2.14 Information about other people

2.15 Third-party services and external websites

2.16 De-identified and aggregated information

2.17 When this Privacy Policy does not apply

2.18 Additional rights for some users

Key Definitions

3.1 Why these definitions matter

3.2 Personal information

3.3 Sensitive information

3.4 User

3.5 Individual user

3.6 Organisation user

3.7 Organisation

3.8 Institution

3.9 Employer

3.10 Partner

3.11 Yuzee profile

3.12 AI Features

3.13 AI provider

3.14 Prompt

3.15 AI output

3.16 Matching

3.17 Suitability indicator

3.18 Forecasting and prediction

3.19 Decision-support

3.20 Request Multiple Offers or RMO

3.21 Offer

3.22 User Content

3.23 Organisation Content

3.24 Third-party service provider

3.25 Third-party source

3.26 De-identified information

3.27 Aggregated information

3.28 Cookies and tracking technologies

3.29 Consent

3.30 Collection Notice

3.31 Privacy request

3.32 Data breach

3.33 Overseas processing

3.34 User control

3.35 Platform

What Information Yuzee Collects

4.1 Overview

4.2 Account information

4.3 Contact information

4.4 Profile information

4.5 Education and training information

4.6 Work, career and employment information

4.7 Skills, interests and pathway information