TebTally
TebTally

Privacy Policy

Last updated: January 4, 2026

TebTally™ Pty Ltd (ABN 96 110 054 130) provides educational software including Spell Star™, Behaviour Tracker™, WriteTally™, Formative Check™, Class Builder™, HousePoints™, and Classroom Pro™. This policy explains how we collect, use, and protect your data.

Data We Collect

  • Account information: Name, email address, school/organisation name
  • Student data: Names, class rosters, and activity data provided by schools
  • Usage data: Feature usage, timestamps, and session information
  • Device information: Browser type, operating system (for PWA/mobile apps)
  • Authentication data: OAuth tokens from Google sign-in (not stored long-term)

Where Data is Stored

  • Application hosting: Vercel (Sydney region available for Australian schools)
  • Database: Neon PostgreSQL (encrypted at rest, SOC 2 Type II compliant)
  • Authentication: id.tebtally.com (self-hosted identity provider)
  • File storage: Vercel Blob (encrypted, region-locked)

Data is stored in secure, access-controlled databases. We use encryption in transit (TLS 1.3) and at rest for all sensitive information.

Security Measures

  • Row-level security: Database isolation ensures schools only see their own data
  • Role-based access: SUPERADMIN → ADMIN → TEACHER → STUDENT hierarchy
  • Rate limiting: Protection against abuse on authentication and API endpoints
  • Audit logging: All sensitive actions are logged for accountability
  • Password security: bcrypt hashing with secure salt rounds
  • Session management: JWT tokens with 24-hour expiry, httpOnly cookies

How We Use Data

  • To provide and operate the TebTally™ services
  • To authenticate users and manage access permissions
  • To provide customer support and respond to enquiries
  • To improve our services based on anonymised usage patterns
  • To send service-related notifications (not marketing without consent)

Data Sharing

We do not sell personal information. We only share data with third parties when required to provide the service:

  • Vercel: Application hosting and edge functions
  • Neon: Database hosting
  • Google: OAuth authentication and Classroom API integration
  • Stripe: Payment processing (for paid subscriptions)
  • PostHog: Anonymised product analytics
  • Sentry: Error monitoring and performance tracking

Your Rights

Under GDPR and the Australian Privacy Act, you have the right to:

  • Access: Request a copy of your personal data
  • Export: Download your data in a portable format (JSON)
  • Correction: Update inaccurate personal information
  • Deletion: Request deletion of your account and data
  • Objection: Object to certain processing of your data

To exercise these rights, contact privacy@tebtally.com. We will respond within 30 days.

Data Retention

  • Account data is retained while the account remains active
  • Student data is retained according to school policies and applicable law
  • Deleted accounts are purged within 30 days of confirmed deletion request
  • Anonymised analytics data may be retained indefinitely
  • Audit logs are retained for 2 years for security and compliance

Data Breach Notification

In the event of a data breach affecting personal information, we will:

  • Notify affected schools within 72 hours of confirming the breach
  • Provide details of what data was affected and remediation steps
  • Report to relevant authorities as required by law (OAIC in Australia, supervisory authorities under GDPR)

Cookies and Analytics

We use essential cookies for authentication and session management. We use PostHog for anonymised product analytics to understand how features are used. We do not use cookies for advertising or tracking across websites.

Children's Privacy

TebTally™ services are designed for use in educational settings. Student accounts are created and managed by schools in compliance with COPPA (US), GDPR (EU), and Australian privacy requirements. We do not knowingly collect personal information directly from children under 13 without parental or school consent.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated to school administrators via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact Us

For privacy questions, data requests, or concerns:

TebTally™ Pty Ltd
ABN 96 110 054 130
New South Wales, Australia

← Back to TebTally™