1. Who we are
GAMSAT Coach (“we”, “us”, “our”) is operated by APTAVIA PTY LTD (ABN 45 699 800 327), based in Australia. We are responsible for the personal information we hold about you. If you have any questions about this policy or your data, contact us at contact@aptavia.com.au.
2. What information we collect
We only collect what we need to run the service and personalise your preparation:
- Account information — your name, email address, and a securely hashed version of your password. We never store your password in plain text.
- Profile information — details you choose to give us, such as your degree, field of study, intended test date, target score, and the hours per week you plan to study, so we can tailor your study plan.
- Study activity — your practice sessions and answers, mock test results, essays you submit for marking, flashcards, score history, and generated study plans.
- Technical information — limited data needed to keep the service working and secure, such as basic log information and session cookies.
3. How we use your information
- To create and manage your account and provide the service.
- To personalise your study plan, practice and feedback.
- To generate practice questions and mark essays using AI (see section 4).
- To track your progress and show your score trajectory over time.
- To improve the platform, fix problems, and keep it secure.
- To communicate with you about your account or important service changes.
- To meet our legal obligations.
We do not sell your personal information, and we do not use your essays or answers to publicly identify you.
4. AI processing and third parties we share data with
To deliver core features we rely on trusted third-party providers, and some of your content is sent to them only to provide the feature you requested:
- AI providers — we use third-party AI services to generate practice questions, mark your essays, and power the AI tutor. Essay marking uses Anthropic (Claude) and Google(Gemini); the optional in-depth “deep marking” feature also sends your essay through OpenRouter to a panel of models from Anthropic, Google and OpenAI. When you use these features, the relevant content (such as an essay you submit, or your tutor messages) is sent to the provider to produce your result. Where a provider offers the option, we direct them not to retain your content or use it to train their models. We do not use AI providers based in China. We pay for this processing centrally — you never share your own API keys.
- Payment processing — payments for paid plans and credit packs are handled by Stripe. Your card details are entered directly with Stripe; we never collect or store your full card number on our servers — we only keep Stripe’s customer/subscription identifiers so we can manage your plan.
- Hosting and infrastructure — our application is hosted on Vercel, and our database is hosted on Neon in the Sydney, Australia region. Your account and study data are stored in Australia.
- Email — we use Resend to send account-related messages (such as verification, password-reset and billing emails).
- Analytics & anti-spam — we use PostHog for privacy-conscious product analytics (see section 8) and Cloudflare Turnstile to protect sign-up from bots.
These providers are only permitted to use your information to provide their service to us. We may also disclose information if required by law.
5. Storage and security
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include hashing passwords, restricting access, and using reputable infrastructure providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
6. How long we keep your data
We keep your personal information while your account is active. If you delete your account, we delete the personal information associated with it, except where we are required to retain certain records to comply with our legal obligations or to resolve disputes. You can delete your account at any time from your account settings.
7. Your rights and choices
Under Australian privacy law you can:
- Access your data— download a copy of your data at any time using the “Export my data” tool in your settings.
- Correct your data — update your profile details in settings, or contact us to correct other information.
- Delete your data— permanently delete your account and associated data using the “Delete my account” tool in settings.
- Make a complaint — if you have a concern about how we handle your information, contact us first. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
8. Cookies and analytics
We use essential cookies to keep you signed in and to operate the service securely. These are necessary for the site to function. You can control or delete cookies through your browser settings, but disabling essential cookies may stop you from being able to sign in.
We also use PostHog for product analytics to understand how the platform is used and improve it. We do not send your essays, answers, or other free-text study content to analytics. For visitors in Australia, analytics run by default and you can opt out at any time using the cookie banner. For visitors in the European Economic Area (EEA) and the United Kingdom, analytics are off until you give consent via the cookie banner, consistent with the GDPR/UK GDPR and ePrivacy rules.
9. Overseas disclosure
Your account and study data are stored in Australia (our database is hosted in the Sydney region). However, some processing happens overseas: our AI providers (Anthropic, Google, OpenRouter and OpenAI) and some infrastructure and analytics providers process data on servers located outside Australia, primarily in the United States. We do not use AI providers based in China. Where data is processed overseas, we take reasonable steps to ensure it is handled consistently with this policy and applicable privacy law. By using the service, you acknowledge that your information may be processed overseas as described.
10. EEA and UK users
If you are in the European Economic Area or the United Kingdom, the GDPR / UK GDPR applies to our handling of your personal data, and you have additional rights and protections:
- Lawful bases. We process your data to perform our contract with you (providing the service), on the basis of your consent (for analytics cookies), and for our legitimate interests in running and securing the platform.
- Your rights. In addition to the rights in section 7, you may request access, rectification, erasure, restriction of processing, data portability, and you may object to processing based on legitimate interests. You can withdraw consent (e.g. for analytics) at any time without affecting prior processing.
- International transfers.When your data is transferred outside the EEA/UK (for example to our US-based AI providers), we rely on appropriate safeguards such as the providers’ Standard Contractual Clauses.
- Complaints.You can lodge a complaint with your local data protection authority — in the UK, the Information Commissioner’s Office (ICO) at ico.org.uk.
11. Children
GAMSAT Coach is intended for graduate-medicine applicants and is not directed at children. We do not knowingly collect personal information from anyone under 16 without appropriate consent.
12. Changes to this policy
We may update this policy from time to time. When we do, we will change the “Last updated” date above, and for material changes we will take reasonable steps to notify you. Your continued use of the service after an update means you accept the revised policy.
13. Contact us
For any privacy questions or requests, contact APTAVIA PTY LTD (ABN 45 699 800 327) at contact@aptavia.com.au. We aim to respond to privacy requests within 30 days.