Register Your Interest

Privacy Policy

Welcome to TrustLoop, a Consent Management software tool. This Privacy Policy outlines how we collect, use, and protect your personal information when you visit our landing pages or submit information through them.

By using our landing pages, you agree to the terms of this Privacy Policy.

TrustLoop Privacy Policy

Last updated: 20th January, 2026

1. Introduction and Commitment to Privacy

Loop Systems Pty Ltd, ABN: 40 693 059 031 reading as TrustLoop ("TrustLoop", "we", "us" or "our") is an Australian-based company providing a secure digital platform (the "Services") to help organisations – particularly schools, educational institutions, community groups, youth organisations, and government entities – manage forms, consents, communications, records, workflows, and related data, including sensitive information such as health and child-related data.

We are committed to protecting the privacy of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). TrustLoop takes reasonable steps to implement practices, procedures, and systems (including documented policies, staff training, access controls, and regular reviews) to ensure compliance with the APPs and to handle personal information responsibly.

This Privacy Policy explains how we collect, hold, use, disclose, and protect personal information when individuals or organisations access or use the Services. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

This Policy is available on our website at https://trustloop.solutions/privacy-policy/ and within the platform.

This policy applies to the following domain names operated by TrustLoop:

  • trustloop.solutions
  • trustloop.au
  • trustloop.dev

2. Scope and Roles

TrustLoop primarily acts as a data processor (or service provider) on behalf of our organisational customers ("Customer Organisations"), who are typically the data controllers responsible for determining the purposes and means of processing personal information.

  • Customer Organisations instruct us on how to process personal information submitted through the Services.
  • We process personal information strictly in accordance with those instructions.

The privacy practices of Customer Organisations may differ from ours. TrustLoop is not responsible for the independent privacy practices of Customer Organisations, including how they collect, use, or disclose personal information outside the Services. We recommend reviewing their privacy policies directly.

In limited circumstances (e.g. for account management or support), TrustLoop may act as a data controller for personal information we collect directly.

3. Types of Personal Information We Collect and Hold

We collect and hold personal information only where necessary to provide the Services.

3.1 Information Provided Directly 

This may include:

  • Account and user information: name, email address, phone number, role, organisation, and login credentials.
  • Form and workflow data: information submitted via digital forms, consents, approvals, acknowledgements, excursion details, or incident reports.
  • Contact details: addresses, emergency contacts, parent/guardian details.
  • Sensitive information (where enabled and uploaded by Customer Organisations): health or medical information, wellbeing data, information about children or minors (e.g. student records, allergies, dietary requirements), racial or ethnic origin, or religious beliefs.

3.2 Automatically Collected Information

  • Device and usage data: IP address, device identifiers, browser type, operating system, access times, pages viewed, and diagnostic/performance logs. This is primarily used for security, analytics, and service improvement and is generally not used to identify individuals.

We collect personal information directly from users (e.g. during account creation or form submission) or from Customer Organisations who upload or input it on behalf of individuals.

Where practicable, individuals may interact with us anonymously or using a pseudonym (e.g. for general enquiries), but this may not be possible for most Service features.

4. Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to maintain sessions, remember preferences, enhance security, improve performance, and analyse usage. You can manage cookies via your browser settings, but disabling them may limit functionality.

5. How We Use Personal Information

We use personal information to:

  • Provide, operate, maintain, and improve the Services (primary purpose).
  • Authenticate users, manage accounts, and process forms/consents/workflows.
  • Communicate service updates, notices, or responses to enquiries/support requests.
  • Ensure security, detect fraud, and conduct analytics.
  • Comply with legal obligations.

Sensitive information is only processed where necessary for the Services and on Customer Organisation instructions. Customer Organisations are responsible for obtaining any required consents (including express consent for sensitive information) and for providing compliant privacy collection notices under APP 5.

TrustLoop does not generally provide privacy collection notices directly to individuals whose information is processed on behalf of Customer Organisations. Customer Organisations are responsible for providing compliant APP 5 notices at or before the time of collection.

We do not sell personal information or use it for marketing without consent.

6. Disclosure of Personal Information

We may disclose personal information:

  • To Customer Organisations, as required to deliver the Services.
  • To trusted service providers (sub-processors) for hosting, security, analytics, payment processing, or support – under strict confidentiality and data protection obligations. (A list of sub-processors is available on request.)
  • Where required or permitted by law (e.g. court orders, regulatory requests).
  • In business transfers (e.g. mergers), with safeguards.

Any third-party service providers engaged by TrustLoop in connection with the Services are contractually required to process data and under strict confidentiality and data protection obligations consistent with the Australian Privacy Principles.

7. Data Security and Breach Response

We implement industry-standard safeguards, including:

  • Encryption in transit and at rest.
  • Role-based access controls, audit logs, and monitoring.
  • Secure Australian-based infrastructure providers.

No system is entirely secure; Customer Organisations and users must protect their credentials.

In the event of an eligible data breach, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act, promptly notifying affected Customer Organisations, the Office of the Australian Information Commissioner (OAIC), and (where required) individuals.

8. Data Retention

We retain personal information only as long as necessary for the Services, account activity, legal compliance, dispute resolution, or agreement enforcement. Customer Organisations control retention settings for their data (subject to legal requirements).

When personal information is no longer required, TrustLoop takes reasonable steps to destroy or permanently de-identify it in accordance with APP 11.2, unless retention is required by law. De-identified or aggregated data may be retained longer for analytics.

9. Access, Correction, Deletion, and Complaints

Individuals may request access to, correction of, or deletion of their personal information (APP 12 & 13). Contact the relevant Customer Organisation first, as they control most data.

TrustLoop will assist Customer Organisations promptly with such requests. For information we hold directly (as controller), or privacy enquiries/complaints, contact our Privacy Officer (details in Section 11).

We will investigate complaints internally and attempt to resolve them promptly and fairly. We will respond to access/correction requests within a reasonable time and free of charge (unless complex). If dissatisfied with our response, you may complain to the OAIC (www.oaic.gov.au).

All retention, deletion, and de-identification activities occur within Australian-hosted systems.

10. Children’s Information

The Services may process information about children (a subset of sensitive information) where provided by parents/guardians or Customer Organisations (e.g. for school consents or medical forms). We do not collect children's information directly from children. Customer Organisations must ensure all child-related data processing complies with applicable privacy, child protection, and education laws.

11. Changes to This Policy

We may update this Policy. Material changes will be notified via the Services, email, or website. Continued use constitutes acceptance.

12. Contact Us

For privacy enquiries, access/correction requests, or complaints:

TrustLoop Privacy Officer

This Policy demonstrates our commitment to transparent and accountable privacy practices under the APPs.

Copyright © 2026 TrustLoop. All rights reserved
Register Your Interest

General Contact Form