top of page

Data Security & Privacy Policy

Last updated: January 2026

​

 

Data Security

BEYOND is designed with security and data protection as core principles. We implement reasonable technical and organisational safeguards appropriate to the nature of the information we collect and the educational environments in which the platform is used.

Our security controls include:

​

Encryption

All data is encrypted in transit using TLS and encrypted at rest within our hosting environment.

Secure Australian Hosting

All production data is hosted exclusively in Australia using Amazon Web Services (AWS) infrastructure located in Sydney, NSW.
BEYOND does not store or process production data outside Australia.

​

Platform Architecture

The platform is custom-built and maintained by our internal development team. Core application functionality is delivered through internal services and a limited number of controlled third-party infrastructure providers required to operate the platform.

​

Access Controls

Role-based access control (RBAC) is enforced to ensure users only have access to data and functionality appropriate to their role (for example: student, teacher, Careers Adviser, school administrator, system administrator).

​

Account Management

BEYOND provides the ability to suspend or permanently disable user accounts in cases of misuse, abuse, or security concerns.

​

Credential Security

User passwords are not stored in plain text and are protected using industry-standard hashing and salting techniques.

​

Infrastructure Protection

Our AWS environment includes managed security controls such as firewalls, threat detection, and DDoS mitigation at the infrastructure level.

​

Monitoring and Logging

System logs are monitored to identify abnormal activity, unauthorised access attempts, or misuse.
Logs are retained to support investigation, troubleshooting, security review, and compliance requirements where appropriate.

While no system can be guaranteed to be completely secure, BEYOND takes reasonable and proportionate steps to protect personal information against unauthorised access, loss, misuse, or disclosure.

​

 

Privacy & Data

Plain-language data usage principles

Our full Privacy Policy explains how and why we collect, use, and protect personal information. The summary below is provided to explain this in clear, plain language.

​

 

Why we collect data

We collect limited personal information to:

  • Operate and administer the BEYOND platform

  • Provide career exploration tools and personalised content

  • Support schools, teachers, and Careers Advisers in guiding students

  • Communicate relevant information such as opportunities, events, or platform updates

  • Facilitate connections where a user explicitly requests engagement with an institution or organisation

We do not collect sensitive information such as health data, financial data, or government identifiers.

​

 

What data we collect

The platform collects only the following information:

  • First name

  • Last name

  • Email address

  • Role (student or teacher)

  • School

  • Year level

  • Phone number (optional)

​

 

Who we share data with

  • For school-based users, authorised teachers and Careers Advisers at the user’s school may access limited student data to support career planning and guidance.

  • BEYOND does not sell personal data or make it available for commercial reuse.

​

 

When data may be shared

Personal information may be shared in limited circumstances, including:

  • When a user registers for an event, relevant information may be shared with the event host and associated registration systems.

  • Where disclosure is required to operate the platform, comply with legal obligations, or protect users and BEYOND.

  • With trusted third-party service providers strictly for infrastructure, hosting, security, or platform delivery purposes.

​

 

 

Third-party services

BEYOND uses a small number of trusted third-party service providers to operate the platform and associated services, including:

  • Amazon Web Services (AWS) – infrastructure and database hosting (Australia only)

  • Vercel – application hosting

  • Bitbucket – source code management

  • SendGrid – transactional and platform email delivery

  • Cloudflare – DNS, content delivery, and network security services

  • Wix – hosting and management of public-facing marketing pages
     

Optional AI-enabled features use the OpenAI API in a closed-loop configuration.
User data is not used to train AI models and is not retained by OpenAI beyond request processing.

All third-party providers are contractually required to handle personal information in a manner consistent with applicable privacy laws and BEYOND’s privacy obligations.

​

 

Who controls your data

  • Users retain control of their personal information.

  • Users may request access, correction, or deletion of their data at any time by contacting [email protected].

  • Users may opt out of non-essential communications at any time.

  • ​

 

Data retention

Personal information is retained while a user account remains active.
If a deletion request is made, personal data will be removed from active systems in accordance with applicable laws and operational requirements.

​

 

Privacy enquiries and updates

Privacy enquiries can be directed to [email protected].

Material changes to BEYOND’s privacy practices will be communicated to users via email or through the platform.

Beyond Logo
  • Instagram
  • Facebook
  • LinkedIn

The career advice you need, all in one place

Terms of Use

© 2026 BEYOND Workspace. All rights reserved.

Privacy Policy

Beyond Workspace is a school calendar and event management platform. Users authenticate with Google OAuth to securely access their account and, with permission, connect their Google Calendar for scheduling features.

bottom of page