Logo
Have you done your Alto today?
← Home

Alto Privacy Policy

Effective date: 11 December 2025

Alto ("we", "our", or "us") operates the Alto learning platform available at alto.guru.

This Privacy Policy explains how we collect, use, store, and protect personal information, particularly information relating to students.

We are committed to protecting the privacy and security of all users, especially children.

APP Compliance Statement

Alto Guru Pty Ltd (ACN: 673 683 522) is bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This Privacy Policy sets out how we manage personal information in accordance with the APPs.

Our APP Privacy Policy is available at alto.guru/privacy and our contact details for privacy enquiries are provided below.

1. Our approach to student privacy

Alto is designed for use by schools and families. We follow these principles:

  • We collect only the minimum data required to provide learning services.
  • We do not sell or rent student data.
  • We do not show advertising to students.
  • Student accounts are controlled by schools or parents.
  • Schools or parents can request data deletion at any time.

2. What information we collect

We collect this information with the consent of schools (acting on behalf of parents/guardians) or parents directly, and only where it is reasonably necessary to provide our educational services.

Student information

We may collect limited student information, such as:

  • First name or pseudonym
  • Class or year level
  • School name (if applicable)
  • Learning activity data (e.g. answers, progress, results)

Alto does not require student email addresses.

Schools may choose to use de-identified or pseudonymous student names.

Teacher and parent information

We may collect:

  • Name
  • Email address
  • School or organisation
  • Account login details

Technical information

When users access Alto, we may collect:

  • Device type
  • Browser type
  • IP address
  • Usage and performance data

This information helps us maintain and improve the service.

3. How we use information

We use personal information to:

  • Provide learning sessions and track progress
  • Allow teachers and parents to monitor students
  • Provide support and respond to enquiries
  • Maintain the security and reliability of the platform
  • Improve the learning experience

We do not use student data for advertising or marketing.

4. Data storage and hosting

Alto's Australian service is hosted on Amazon Web Services (AWS) infrastructure located in Sydney, Australia.

All personal information remains in Australia. We do not transfer personal information to overseas recipients. All third-party service providers are contractually required to store and process data within Australia only.

Data is stored securely using industry-standard security controls.

5. How we protect information

We implement comprehensive security measures including:

  • Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
  • Role-based access controls limiting staff access to personal information
  • Multi-factor authentication for all staff accounts
  • Regular security vulnerability assessments and penetration testing
  • Secure software development practices
  • Annual third-party security audits

All staff with access to personal information receive privacy and security training.

While no system is completely secure, we take reasonable steps to protect all information in accordance with APP 11.

6. Third-party service providers

We use a small number of trusted third-party providers to operate Alto. Current third-party providers include:

  • Amazon Web Services (cloud hosting, data stored in Sydney, Australia)

A current list is maintained at: alto.guru/third-party-services

These providers:

  • Only process data on our behalf
  • Are required to maintain confidentiality and security
  • Do not use student data for their own purposes
  • Are bound by data processing agreements requiring APP compliance and Australian data storage

7. Data retention and deletion

We retain student learning data for 3 years after last account activity to allow students to return to their learning journey, unless earlier deletion is requested.

Upon a deletion request, personal information is removed from active systems within 30 days and from backup systems within 90 days.

De-identified, aggregated data used for platform improvement may be retained indefinitely but cannot be re-identified.

Schools or parents may request the deletion of student data at any time.

To request deletion, contact privacy@alto.guru with the student name or ID and school name.

8. School and parent control

For school-managed accounts:

  • Schools control the creation and management of student accounts.
  • Schools may request data export or deletion at any time.

For parent-managed accounts:

  • Parents control their child's account.
  • Parents may request changes or deletion.

9. Cookies and analytics

Alto uses essential cookies to maintain user sessions and ensure platform functionality.

We may use analytics tools to collect de-identified, aggregated usage data to improve the platform. We do not use third-party advertising cookies or tracking technologies.

Users can manage cookie preferences through their browser settings, though disabling essential cookies may affect platform functionality.

10. Data breach response

If we become aware of a data breach that is likely to result in serious harm to individuals, we will:

  • Notify affected schools or parents within 72 hours of becoming aware
  • Notify the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme
  • Provide details of the breach, affected data, likely consequences, and steps being taken
  • Take immediate action to contain, investigate, and remediate the breach

11. Access and correction

Schools and parents may request access to personal information by contacting privacy@alto.guru. We will provide access within 14 days in CSV or JSON format. We will verify the identity of the requester before providing access.

If you believe personal information we hold is inaccurate, incomplete, or out-of-date, you may request correction. We will respond to correction requests within 14 days.

If we refuse access or correction, we will provide written reasons and information about complaint mechanisms.

There is no fee for access or correction requests.

12. Parental consent for minors

For students under 18, we rely on schools or parents to provide appropriate consent for the collection and use of personal information.

Schools are responsible for obtaining parental consent where required.

Parents may withdraw consent at any time by contacting privacy@alto.guru or through their school.

13. De-identification and aggregation

We may de-identify and aggregate personal information for research, analytics, and platform improvement.

De-identified information is modified so that individuals cannot reasonably be re-identified. Aggregated data combines information from multiple users so no individual can be identified.

De-identified and aggregated data is not subject to this Privacy Policy.

14. Automated decision making

Alto uses algorithms to adapt learning content to student performance levels. These automated decisions are made solely to enhance the educational experience and are always subject to teacher and parent oversight.

No automated decisions are made about student evaluation, promotion, or placement without human review.

15. Changes to this policy

We may update this Privacy Policy from time to time.

For material changes affecting how we handle personal information, we will notify schools and parents at least 30 days in advance via email or through the platform.

The latest version will always be available at: alto.guru/privacy

16. Contact us

If you have any questions about this Privacy Policy or our data practices, please contact:

Alto Guru Pty Ltd

ACN: 673 683 522

Email: privacy@alto.guru

Website: alto.guru

If you have a privacy complaint, please contact us at privacy@alto.guru. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992.

©2026 Alto
info@alto.guru
Terms
Privacy
Cookies