top of page

Privacy Policy

Last updated: 2 July 2025

Introduction

Looping EduTech, a division of Ninefiftysix Pty Ltd (“Looping”, “we”, “us”, or “our”), is committed to protecting your privacy in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

In addition, we align our practices with internationally recognised data protection standards, including the General Data Protection Regulation (GDPR). GDPR is widely considered one of the most comprehensive and rigorous privacy frameworks in the world, and by aligning with its core principles, such as data minimisation, transparency, access rights, and secure handling. Looping supports global user rights and expectations across all regions in which we operate.

While Looping is not ISO/IEC 27701 certified, our systems are closely aligned with its core privacy management principles, including:

  • Minimal data collection (only what is required for authentication and assessment)

  • Strong encryption standards (AES-256 at rest, TLS 1.3 in transit)

  • Biometric and identity-based student authentication

  • Strict role-based access control and two-factor authentication

  • Transparent retention policies and audit-ready evidence handling

  • Anonymised and contractually protected use of third-party AI services

 

This Privacy Policy explains how Looping collects, uses, stores, and protects personal information in connection with our immersive learning and assessment platform. It outlines the categories of data we collect, the specific purposes for which that data is used, how we manage data retention and security, and how we comply with Australian privacy laws and internationally recognised data protection standards.

Information We Collect

During Learning Sessions (Students)

When a learner uses Looping for training or assessment, we collect only the information required to securely verify identity, personalise the learning experience, and generate assessment evidence. This includes:

  • Full name: collected to match the student with their unique identifier (e.g. USI or Student ID) for compliance and session tracking. Only the first name is used within the learning interaction to personalise the experience.

  • Student identifier: such as a Unique Student Identifier (USI), LMS-issued student ID, or institution-specific number.

  • Biometric voiceprint: generated from a one-time voice sample, used solely for secure session authentication.

  • Session interaction data: including responses, completed tasks, timestamps, and engagement logs during the scenario.

  • Session recording: a full video and audio recording of the learner’s final VR session, stored securely for audit and assessment evidence.

About Voice Authentication:

  • Looping uses biometric voice recognition to verify that the authorised student is accessing the platform.

  • This removes the need for passwords or shared credentials and ensures session security.

  • The authentication uses a generic, non-identifying phrase (e.g. “Let’s begin my session now”) that does not include a name, ID, or personal details.

  • The biometric voiceprint is encrypted, stored securely, and used only to confirm the identity of the student at session launch.

 

Licensing, Organisational & Admin Accounts

If your organisation holds a licence or partnership with Looping (e.g. as an RTO, school, or enterprise training provider), we may collect the following details during account setup:

  • Full name of the designated contact person

  • Work email address

  • Organisation name and role

  • (Optional) phone number for onboarding or support purposes

 

All payment processing is handled externally via a secure, PCI-compliant third-party provider. Looping does not store, process, or even see any credit card numbers or payment details.

 

Session Tracking & Usage Data

Looping collects session-level data each time a learner begins an Immersive Learning Module, regardless of whether the session is completed.

The following data is recorded at the point of session launch:

  • Learner’s full name

  • Learner’s unique identifier (e.g. LMS ID, national student number, or institution-issued ID)

  • The name or code of the Immersive Learning Module

  • The timestamp marking the start of the session

  • The name of the organisation, training provider, school, or educator the learner is linked to

  • (If applicable) the timestamp marking session completion

 

Website Visitors (Voluntary Submissions Only)

When you visit the Looping website, we may collect information only if you submit it voluntarily, such as by:

  • Requesting a demo

  • Joining the pilot program

  • Filling out a contact or enquiry form

 

In these cases, we may collect:

  • Your name

  • Email address

  • Organisation name (if provided)

 

This information is used solely to respond to your enquiry, is not connected to any learning or authentication data, and is never shared with third parties.

Data Storage & Encryption

Looping uses strong encryption and secure infrastructure to protect all user data during collection, transmission, storage, and archiving.

 

Data at Rest

All stored data — including learner session records, interaction logs, and assessment evidence — is encrypted using AES-256 encryption. This applies to both active storage and long-term archival storage environments. Data access is strictly controlled through permission-based systems, and no personal data is publicly accessible at any time.

 

Data in Transit

All data transmitted between Looping and connected systems — including learning management systems (LMSs), secure third-party services, and learner devices — is encrypted using TLS 1.3 or higher. This ensures that sensitive information such as authentication data and session interactions remain secure throughout their lifecycle.

 

Retention & Lifecycle

  • Data from immersive sessions is stored in secure infrastructure for a defined period, after which it is automatically transferred to long-term encrypted archival storage.

  • Archived data is retained for as long as required under applicable compliance, legal, or institutional policies.

  • All transfers between storage environments are encrypted and managed through automated lifecycle controls to minimise risk.

 

Security Monitoring

Looping uses secure system logging and monitoring to detect unauthorised access attempts, session anomalies, and authentication errors. All monitoring is conducted in line with privacy regulations and supports internal security auditing and system review processes.

Third-Party Providers

Looping works with carefully selected third-party providers to support the secure delivery of our platform. These providers assist with infrastructure, security, processing, and system functionality. All third-party services used by Looping:

  • Operate under strict data protection agreements

  • Are required to meet or exceed industry-standard privacy and security practices

  • Are contractually prohibited from using Looping data for analytics, profiling, or independent processing purposes

Looping does not, under any circumstances, sell, trade, or share personal data with third parties, with or without consent. We also do not permit data sharing for advertising, marketing, or model training.

Use of AI-Driven Processing & Third-Party AI Services

Looping uses adaptive artificial intelligence (AI) technologies to power voice recognition, speech processing, and real-time learner interaction. To support this, we securely engage trusted third-party AI services to process:

  • Voice inputs (e.g. for authentication or speech-to-text)

  • Learner responses or choices (e.g. AI-driven interactions)

  • System-level natural language processing tasks

Data Handling by AI Services

  • All AI services used by Looping process input in real-time only and do not retain personal data beyond the active session

  • No student data is used for model training, analytics, or behavioural profiling

  • All data is encrypted in transit using TLS 1.3 and anonymised wherever possible

Data Confidentiality & Consent

  • Only the minimum data necessary to deliver the experience is shared with AI services

  • Looping does not share names, contact information, or identifiers with any AI provider

 

Compliance

All interactions with third-party AI services are designed to meet global data protection laws and privacy expectations, including the Australian Privacy Principles (APPs), GDPR, and other applicable international standards.

Two-Factor Authentication & Access Security

Looping enforces strict access controls to protect sensitive system data and platform operations.

Internal Administrator Access (Looping System)

All administrator and privileged user accounts within Looping — such as system operators and technical staff — are protected using two-factor authentication (2FA). This ensures that only authorised individuals can access system logs, stored evidence, and backend functionality.

Access is granted on a need-to-know basis and is regularly reviewed to ensure compliance with internal security policies.

 

Student Access & Authentication

Students do not require usernames, passwords, or login credentials to access Looping. Instead, all student access is secured using biometric voice authentication, which is verified at the start of each immersive session.

This removes the need for password-based access while ensuring that only the authorised learner can begin or continue a session.

Role-Based Access Control (Within Looping)

Looping enforces internal role-based access control (RBAC) to ensure that only authorised personnel can access sensitive data and system functions.

  • Access to session records, system logs, storage environments, and platform infrastructure is restricted to approved technical and administrative staff

  • Permissions are assigned on a need-to-know basis

  • Access levels are regularly reviewed and updated to maintain security compliance

LMS Roles & Access Control

Looping does not manage or assign user roles such as “student,” “educator,” or “administrator” within learning management systems (LMSs) or training platforms. These roles, and their associated access permissions, are created, controlled, and maintained entirely by the education provider, school, training organisation, or institution the learner is enrolled with.

Because these role assignments fall outside the Looping platform, we do not control which users can access particular data within those external systems.

 

This structure is intentional and respects the governance and access policies set by each individual organisation.

Notifications of System Changes

If Looping makes significant changes to how or where data is stored, processed, or handled — including infrastructure or security system updates, we will notify users in advance.

Notifications may be provided via:

  • Our website

  • In-app messages

  • Email (if applicable through your training provider or institution)

User Rights & Data Requests

For Institutions and Organisations

Looping is used under licence by registered education and training organisations, including schools, RTOs, universities, and corporate learning providers. These institutions are responsible for enrolling learners, managing accounts, and determining the context in which Looping is used.

 

All data collected by Looping is handled in accordance with our published privacy policies and infrastructure standards. While we manage our own data protection protocols, we do not have a direct contractual relationship with learners, and we do not independently determine access rights or data entitlements for individual students, unless required to do so by applicable law.

 

Requests to access, correct, or delete learner data must be submitted through the authorised institutional contact. Looping will action all valid and approved data-related requests as part of our partnership with that organisation.

 

Requests From Individual Learners

 

If you are a student or learner using Looping as part of your enrolment in a course, training program, or educational institution, please contact your school, provider, or organisation directly for any requests related to your personal information.

Looping supports privacy and data access rights, but cannot process individual requests unless formally received through your education provider. This ensures that all data handling aligns with both the provider’s policies and Looping’s own data protection standards and legal obligations.

Cookies

The Looping website may use cookies to enhance your browsing experience and help us understand how visitors interact with our site. These cookies do not store personally identifiable information.

You have full control over cookie usage and can manage or disable them through your browser settings at any time.

Changes to This Policy

Looping may update this Privacy Policy from time to time to reflect changes in technology, legal requirements, or our services. When updates are made, the revised policy will be posted on our website along with the effective date.

We recommend reviewing this page periodically to stay informed about how your data is handled.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us directly.

bottom of page