Last updated: Sunday, 3rd May, 2026
Artie Codes Pty Ltd (ABN: 77 653 043 102) trading as Foxloop ("we", "us") respects your privacy. This Privacy Policy outlines how we collect, use, and protect your data in compliance with the Privacy Act 1988 (Cth), as amended by the Privacy and Other Legislation Amendment Act 2024 (POLA), and the Australian Privacy Principles (APPs).
Through our platform, we process Personally Identifiable Information (PII) and sensitive health information necessary for educational enrolment. This includes, but is not limited to:
Names, dates of birth, and contact details of parents and students.
Medical conditions, allergies, and dietary requirements.
Immunisation status and related certificates.
Foxloop processes this information solely on behalf of, and under the instructions of, the Educational Providers. Foxloop does not independently determine the purposes of data collection, nor do we sell, license, or use your personal information for direct marketing or our own secondary research. By inputting this data, you explicitly consent to its collection and sharing with the specific providers you enrol with.
All personal and sensitive data is encrypted at rest using AES-256-GCM. Our primary databases are hosted with Digital Ocean in Sydney, Australia. Media and file storage (such as images or certificates) are hosted via Cloudflare R2 within the Oceania region.
Sub-processors and Cross-Border Disclosures: In addition to Digital Ocean and Cloudflare, we utilise Resend (US) for transactional email delivery. Where data is processed overseas, we take reasonable steps to ensure compliance with the APPs. Note: Payment processing (Stripe) and accounting integrations (Xero) are connected directly via the Educational Provider's own accounts; Foxloop securely passes data to these services but is not the account holder.
You can view your personal information at any time via the parent portal. You also have the right to download a complete copy of your data (including profiles, enrolments, attendance, payments, and documents) as a ZIP archive. To ensure system stability, data exports are limited to one request per 24-hour period.
You may request to delete your account via the parent portal, provided all active enrolments are cancelled first. Account deletion requests trigger a 30-day grace period, during which you may cancel the request. After 30 days, your Personally Identifiable Information (PII) and uploaded documents are permanently anonymised or deleted. However, de-identified transactional records (such as attendance and payment history) are preserved to maintain platform integrity.
In respect to end-user data, the Educational Provider acts as the primary Data Controller. Artie Codes Pty Ltd acts as a Data Processor, holding and securing the data on behalf of and at the instruction of the Provider.