Skip to main content

FAQs: Inquisitive Student Data Privacy and Security

Updated this week

Inquisitive is committed to robust data privacy and security practices following Australian and International guidelines.

The following are some common questions about our Student Data Privacy and Security policies practices. These are more fully

outlined in our Privacy Policy.

Please contact us if you have any questions about Student Data Privacy and Security.

Is Inquisitive ST4S Accredited?

Yes. Inquisitive has been accredited in 2025 under Safer Technologies 4 School’s most recent framework (2023.2)

The ST4S Product Badge Program* was developed to make it easier for schools and educators to identify suppliers who meet robust privacy and security standards. Accreditation provides assurance that Inquisitive:

  1. Meets the required Australian standards for participation in the program.

  2. Offers comprehensive privacy and security information to support its use in schools

Note: Local State/Territory or Non-Government sectors may have additional requirements.

What student data is collected by Inquisitive?

The following student data is collected by Inquisitive:

  • Name

  • Email address

  • School

  • Classes

  • Classwork, assessments and assignments

In addition, the following information may be inferred from the above data:

  • Year group

  • School location

We do not collect any data on:

  • Student date of birth or age

  • Gender

Where is the student data that is collected housed?

All student data that is collected by Inquisitive is housed onshore in Australia.

What is student data used for?

Personally identifiable student information is used to support student learning through the secure and effective operation of our educational tools.

We do not use or share Student Data to engage in targeted advertising to students.

We do not sell Student Data to third parties.

What Does Inquisitive Do to Protect Personal Data at Rest with Encryption?

Our platform is hosted in Amazon Web Services (AWS), and we also utilise Salesforce for selected internal business operations.

Both environments are configured to ensure that all customer data - including any personally identifiable information (PII)- is encrypted using industry-standard encryption algorithms (such as AES-256) while at rest.


This aligns with our internal Information Security Policy, which mandates encryption both in transit (via HTTPS/TLS 1.2 or higher) and at rest.

How Does Inquisitive Ensure Business Continuity and Geo-Redundancy?

Inquisitive maintains a Business Continuity and Disaster Recovery Plan to mitigate risks of service interruption or data loss.


Our cloud infrastructure is designed with high availability in mind, and we leverage AWS services deployed across multiple availability zones within the AWS Sydney Region.

These zones are geographically isolated but interconnected, which provides geo-redundancy and resilience against localised failures.


In the event of a significant service disruption, our business continuity plan includes:
Regular backups with tested recovery procedures:
- Redundant storage and failover configurations
- Incident response protocols

Did this answer your question?