R
RTO Grow
Sign InStart Free Trial

Privacy Policy

Last updated: 25 April 2026.

This policy explains how Everyshot Pty Ltd (ABN 51 246 891 780, trading as RTO Grow) collects, uses, stores, and discloses personal information when you use rtogrow.com.au or the RTO Grow platform. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

What we collect

We collect information in three categories.

Visitors and prospects. When you browse rtogrow.com.au or contact us, we collect your IP address, browser metadata, the pages you visit, and any contact details you submit (name, email, phone, RTO name).

RTO administrators and staff. When your RTO signs up, we collect account credentials, contact details, role assignments, and the actions you take inside the platform (logged for audit purposes).

Student data entered by your RTO. RTOs use the platform to manage their students. The data your RTO enters about its students — name, date of birth, USI, contact details, fee records, enrolments, assessment outcomes, evidence files — is processed by us on the RTO's behalf. Your RTO is the data controller; we are the data processor.

Why we collect it

  • To provide the RTO Grow platform and its features
  • To support compliance reporting (AVETMISS to NCVER and state training authorities, on behalf of your RTO)
  • To send transactional emails (password resets, invoices, system notifications)
  • To answer support questions you send us
  • To improve the platform (aggregated usage analytics, never sold)

Cookies and tracking

We use first-party cookies for authentication and session management. We use Google Tag Manager to capture aggregate usage analytics. We do not run advertising trackers. You can block cookies in your browser; the platform requires session cookies to function.

Who we share it with

We share data only with the subprocessors required to run the service:

  • Supabase — primary database and authentication, hosted in the Sydney AWS region (ap-southeast-2)
  • Vercel — application hosting and global edge delivery
  • Stripe — payment processing for platform billing and student-facing payments
  • Resend / AWS SES — transactional email delivery
  • Anthropic — AI-assisted draft generation for learner guides and assessment mapping (only when explicitly invoked by an RTO admin; your data is not used to train models)

We do not sell personal information. We do not transfer data outside Australia for storage. AVETMISS exports are delivered to NCVER and the relevant state training authority by your RTO, in line with the RTO's reporting obligations.

How long we keep it

Student records are retained for 7 years after course completion in line with the Standards for Registered Training Organisations 2015 (clause 3.4) and the Privacy Act. Account credentials are retained while your subscription is active and deleted within 90 days of cancellation, except where retention is required by law.

Your rights

Under the Australian Privacy Principles you can:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion (subject to retention obligations)
  • Lodge a complaint with us, or with the Office of the Australian Information Commissioner (oaic.gov.au)

Email hello@rtogrow.com.au with the subject Privacy request and we will respond within 30 days.

Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production systems is restricted to a small number of named personnel and audit-logged. Each RTO's data is isolated by row-level security in the database; no RTO can see another RTO's records.

Changes to this policy

We update this policy when we add subprocessors or change how data is handled. The Last updated date at the top reflects the most recent change. Material changes are emailed to RTO administrators.

Contact

Privacy questions: hello@rtogrow.com.au
Postal: Everyshot Pty Ltd, Bunbury, Western Australia
ABN: 51 246 891 780