Privacy Policy

What Happens When You First Connect With Us

Initial contact generates minimal records. When someone fills out our contact form or sends an inquiry to help@orphiverniq.com, we receive their name, email address, and whatever message they've chosen to write. That's the extent of what enters our systems at this stage.

Phone inquiries to +61412676527 don't automatically create data records unless the conversation leads somewhere that requires follow-up. In those cases, we'll note down contact details and key points from the discussion. Nothing fancy, just enough to remember who we spoke with and what they needed.

This early-stage information serves one purpose: responding to the inquiry. We're not building profiles or tracking behavior. Someone asks a question, we answer it, and we keep enough information to maintain continuity if they reach out again.

Enrollment and Learning Program Records

Once someone enrolls in our financial model building programs, the information landscape changes. Education requires coordination, and coordination requires records.

Identity and Access Details

Account creation captures standard identifying elements: full name, email address, phone number, and location (we need to know participants are in Australia since our programs reference local financial contexts). We assign login credentials, which means storing authentication information securely.

Educational Progress Tracking

As learners move through program materials, our platform records their journey. Which modules they've completed, assessment results, time spent on different components, areas where they've asked for clarification. This isn't surveillance—it's how we ensure people aren't lost or struggling without support.

Project submissions get stored. When someone builds a financial model as part of coursework, that file lives in our system. We review these for feedback purposes, and they demonstrate skill development over time.

Communication History

Questions sent to instructors, feedback requests, technical support exchanges—these accumulate in our records. They're associated with individual accounts because educational support requires context. An instructor needs to see previous conversations to provide coherent guidance.

Why This Information Exists in Our Systems

Different data categories serve distinct functions. Let me walk through the operational reality.

Contact details enable basic communication. Program updates, schedule changes, responses to questions—these require knowing how to reach enrolled learners. When someone's payment fails or a technical issue affects their account, we need working contact information.

Progress data prevents people from falling through gaps. If completion rates drop in a particular module, that signals a problem we need to address. If someone hasn't logged in for weeks despite active enrollment, outreach might help get them back on track.

Assessment records document skill acquisition. Financial modeling education has tangible outcomes, and those outcomes need verification. Project portfolios demonstrate capability when participants enter professional settings.

Who Works With This Information

Internal access follows need-based logic. Not everyone at orphiverniq sees everything.

• Instructional staff access learning records and project submissions for their assigned cohorts
• Technical support sees account details and system usage data when troubleshooting problems
• Administrative personnel handle enrollment records, payment information, and general inquiries
• Program developers review aggregated progress data to improve curriculum (individual identities removed)

External Service Dependencies

Some functions require outside platforms. We don't operate email servers, payment processing infrastructure, or video hosting systems internally.

Our learning management platform runs on third-party infrastructure. That provider processes educational records under contract terms that restrict their use of data to providing the service we pay for.

Payment processing happens through financial services providers who handle transaction details. They see billing information and payment methods—that's inherent to processing transactions. These providers operate under financial industry regulations that govern data handling.

Email delivery services transmit our communications. When we send program updates or respond to inquiries, those messages route through messaging infrastructure we don't own. These services can technically access message content, though contractual agreements prohibit using it for purposes beyond delivery.

Video content hosting enables streaming of instructional materials. Usage metrics from these platforms tell us which videos get watched, but viewing data stays aggregated rather than tied to individual accounts.

Data Movement Beyond Australian Systems

Here's an uncomfortable truth about modern digital infrastructure: genuinely Australia-only data storage is nearly impossible at our operational scale. Several of our service providers use globally distributed systems where data might physically reside on servers outside Australian territory.

This happens under contractual frameworks that require providers to maintain security standards regardless of server location. But physical geography still matters for legal jurisdiction questions, so this disclosure seems important.

We've prioritized providers with Australian data center options where available. For services where that wasn't feasible, we've verified they comply with Australian Privacy Principles through contractual clauses that create enforceable obligations.

Security Measures and Realistic Risk Assessment

Account access requires authentication. Passwords get encrypted before storage—we can't read them even if we wanted to. Session management logs users out after inactivity periods. Payment details never touch our servers directly; they're handled by payment processors with financial industry security certifications.

Data transmission happens over encrypted connections. Files uploaded to our systems go through secure channels. Backups get encrypted and stored separately from primary systems.

Staff access requires individual credentials tied to specific permission levels. Nobody has blanket access to everything, and access attempts get logged for security review.

How Long Records Persist

Active enrollment means active records. Everything related to current learning programs stays accessible because it's operationally necessary.

After program completion, most educational records remain available to participants indefinitely. People should be able to reference their past coursework and download previous projects. That means we keep course materials, assessment results, and project portfolios accessible through alumni accounts.

Financial transaction records persist for seven years—that's an accounting requirement, not our preference. Tax obligations dictate minimum retention periods for business records.

Marketing inquiry data from people who never enrolled gets deleted after two years of inactivity. If someone asked about programs in 2023 but never signed up and hasn't engaged since, we remove their details.

Communication logs associated with closed accounts get anonymized after three years. The content might inform future program improvements, but individual identifiers get stripped out.

What Control Participants Actually Have

Account access means data access. Currently enrolled learners can log in and view everything we store about their educational journey. Profile information, progress records, submitted projects, communication history—it's all visible within account settings.

Correction requests get handled promptly. If stored information is wrong, tell us and we'll fix it. That applies to contact details, assessment records, anything that's inaccurate.

Deletion requests are more complicated. While someone remains enrolled, we can't remove records necessary for service delivery. After program completion, most educational records can be deleted on request, but financial transaction history has to stick around for those seven years mentioned earlier.

Data portability is straightforward for most content. Want a copy of your projects, assessment results, and course completion records in a standard format? We can generate that within a few business days of requesting it.

Withdrawal from marketing communication happens through unsubscribe links in emails or by contacting help@orphiverniq.com directly. This doesn't affect essential program communications—schedule changes and account notices still get sent—but stops promotional material.

Legal Basis and Compliance Framework

Most data handling occurs under contractual necessity. When someone enrolls in a learning program, delivering that service requires processing the information described throughout this document. That's the legal foundation.

Some processing relies on legitimate interests—ours and participants'. Improving programs based on aggregated usage data, preventing fraud, maintaining system security. These activities benefit everyone involved and don't override individual privacy rights.

Marketing communications require consent, which we obtain explicitly during enrollment or through separate opt-in mechanisms. This consent can be withdrawn at any time.

We operate under Australian Privacy Principles as established in the Privacy Act 1988. For learners in other jurisdictions, we extend similar protections regardless of whether their local laws require it.

Policy Changes and Update Notification

This document will change. As our programs develop, technology evolves, or regulations shift, privacy practices get adjusted accordingly.

Significant changes trigger direct notification to enrolled learners. Minor clarifications or updates that don't affect actual data handling might just result in a revised date at the top of this page.

The effective date above indicates the current version. Checking back periodically makes sense if you want to stay informed about any modifications.