Legal

Our privacy policy, our sub-processor register, and the terms for using this website. If you're a member, customer, or contact of one of our coaches, this isn't the right policy for you. Contact that coach directly and read their own privacy policy.


Privacy Policy

Version 1.0 · Effective date: 1 July 2026

1. Who we are

This Privacy Policy explains how Unity Versity Pty Ltd (ACN 699 109 567) trading as Unityversity, of 2/290 Boundary Street, Spring Hill QLD 4000 ("Unityversity", "we", "us", "our") handles personal information.

We are an owned-platform studio: we provision and operate isolated platform instances ("Vessels") for coaches and run their CRM, email, SMS, courses, community, and Stripe-Connect payments. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy covers the personal information we control: the information of the coaches who are our customers, of people who enquire about or contact us, and of visitors to our marketing website. It does not cover the audience data inside a coach's Vessel. See §2.

2. Two roles, please read this first

We handle personal information in two different roles. Which role applies decides who you should contact.

(We use "controller" and "processor" as plain-English shorthand for who decides how personal information is handled. Under the Privacy Act 1988 (Cth) each of us remains responsible, as an APP entity, for the information we actually handle.)

(a) A coach's audience ("End-User Data"): the coach is the controller; we are only the processor. When a coach uses a Vessel to run their own contacts, members, customers, and event attendees, that coach is the controller of that audience data; they decide how and why it is used. We are only their processor: we host and process it on the coach's instructions, to provide the platform. We do not use it for our own commercial purposes and do not sell it; we process it only to provide and secure the platform on the coach's instructions and as permitted by our Data Processing Agreement, which includes generating aggregated, de-identified operational and security insights. This policy does not govern that data. If you are a member, customer, or contact of a coach who uses our platform and you want to access, correct, or delete your information, or ask how it is used, please contact that coach directly and read that coach's privacy policy. They are the right point of contact, not us. Our handling of End-User Data as a processor is governed by our Data Processing Agreement with each coach (01-DPA.md).

(b) Coaches, enquirers, and website visitors: we are the controller. When you are a coach who is our direct customer, a person who enquires about or contacts us, or a visitor to our marketing website, we are the controller of your personal information; we decide how and why it is used. The rest of this policy is about that information.

3. What we collect

As controller (role (b) above), we collect:

  • Coach account & contact details: name, business name, ABN, email, phone, role, and login credentials for coaches and their authorised staff.
  • Billing & transaction details: subscription plan, invoices, payment status, and the payment-account identifiers we need to bill you. We do not store full card numbers. Card payments are handled by our payment provider (see §7).
  • Support & communications: the content of your messages to us, support tickets, and our correspondence with you.
  • Prospect & marketing data: details you give us when you enquire, book a call, subscribe to updates, or fill in a form on our website.
  • Website usage & device data: pages viewed, referrer, approximate location, device and browser information, and cookie identifiers, collected through analytics and cookies (see §8).
  • Google Calendar data (coaches only, where you connect it): if you are a coach and you choose to connect your own Google Calendar to our platform, we access your calendar events and free/busy availability through the Google Calendar API, using only the minimum scopes needed for that feature.

We do not seek to collect sensitive information about you, and ask that you don't send it to us unless we specifically request it. If you send us sensitive or other personal information we did not request and are not permitted to collect, we may destroy or de-identify it as soon as practicable, as permitted by APP 4.

4. Why we use it

We use the personal information we control to:

  • provide, bill, and support our services to coaches, and manage our customer relationship with you;
  • run and secure our marketing website, and respond to your enquiries;
  • send you service messages (account, billing, security, and important platform notices);
  • send you marketing about Unityversity where you have consented or where we are otherwise permitted to (see §5);
  • measure and improve our website and services;
  • where you are a coach who has connected your Google Calendar, sync appointments and generate video-meeting links (such as a Google Meet link) between our platform and your calendar, at your direction; and
  • meet our legal, accounting, and regulatory obligations.

We collect and use this information because it is reasonably necessary for our business functions and activities, namely providing and supporting the platform, managing our agreement with you (the MSA), running and securing our website, and meeting our legal obligations, and, for marketing, on the basis of your consent or as otherwise permitted by law.

5. Marketing & your choices

We only send you marketing about Unityversity where you have consented, or where we are otherwise permitted to under the Spam Act 2003 (Cth) (for example, where you are an existing customer and the message relates to similar services). Every marketing email and SMS has an easy, no-cost unsubscribe (for SMS, reply STOP) that does not require you to log in. We honour every unsubscribe within 5 business days, and an unsubscribe facility stays functional for at least 30 days after a message is sent, as required by the Spam Act 2003 (Cth). Every marketing message we send identifies Unityversity as the sender and tells you how to contact us.

Unsubscribing stops marketing; we may still send you essential service messages (for example, a billing, account, or security notice). You can also update your preferences or ask us to stop marketing at any time by contacting legal@unityversity.com.

6. Who we share it with

We share the personal information we control only as needed to run our business:

  • with our sub-processors and service providers, who process it on our behalf and on our instructions. Our current list, with their purposes and locations, is published in our Sub-processor Register (06-sub-processor-register.md);
  • with professional advisers (accountants, lawyers, auditors) under confidentiality;
  • where required or authorised by law, or to a regulator, court, or law-enforcement body; and
  • in connection with a business sale or restructure, where the recipient agrees to handle your personal information in a manner consistent with the Australian Privacy Principles. We may also disclose personal information to a prospective purchaser and their advisers, under confidentiality, to evaluate such a transaction.

We do not sell your personal information.

Google Calendar integration. If you are a coach and you connect your Google Calendar, we access it through the Google Calendar API solely to power the scheduling and video-meeting features you request, such as checking your availability and creating a Google Meet link for a booked session. We do not use this data for advertising, and we do not share it beyond what is needed to provide that feature. You can disconnect your Google account at any time from your dashboard, or from your Google Account's own third-party access settings. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Note: the tools we use to log our own staff in handle staff identities only, never a coach's audience (End-User) data.

7. Overseas disclosure (APP 8)

We store and process the personal information we control primarily in Australia (Sydney). However, some of our providers are global, so we are likely to disclose personal information to overseas recipients, for example to the United States for global content delivery, website security, and payment processing. The countries in which our providers are likely to be located are listed in our Sub-processor Register (06-sub-processor-register.md), which we keep current.

Before such a disclosure, we take reasonable steps to ensure the overseas recipient handles your personal information consistently with the APPs, including by binding it to APP-equivalent contractual obligations. We acknowledge that, under section 16C of the Privacy Act 1988 (Cth), we remain accountable for an overseas recipient's handling of personal information we disclose to it, except to the extent an exception in APP 8.2 applies.

8. Cookies & analytics

Our website uses cookies and similar technologies to keep the site working, remember your preferences, and understand how the site is used so we can improve it. You can control non-essential cookies through your browser settings or any consent control we provide on the site; if you decline non-essential cookies, we fall back to anonymous, aggregate measurement and you can still use the site.

9. How long we keep it

We keep the personal information we control for as long as you are a customer or in contact with us, and afterwards only as long as we need it for legitimate business, accounting, or legal reasons, after which we delete or de-identify it. For example, we keep billing and transaction records for at least the period required by Australian tax and corporations law (currently a minimum of five and seven years respectively) even after you stop being a customer.

10. Security

We take reasonable technical and organisational steps to protect the personal information we control from misuse, interference, loss, and unauthorised access, modification, or disclosure, as required by APP 11. No system can be guaranteed perfectly secure. (The security measures protecting coach audience data inside a Vessel are set out in our Data Processing Agreement, 01-DPA.md, Annexure A.)

11. Data breaches

If we experience a data breach involving personal information we control, we will assess it expeditiously and, where we believe the breach is likely to result in serious harm, notify the Office of the Australian Information Commissioner (OAIC) and the affected individuals as soon as practicable, as required by the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth). Any notification we make to affected individuals will describe the breach, the kinds of information involved, and the steps you can take in response.

Where a breach involves coach audience data that we hold only as a processor, our obligations are owed to the coach (the controller) and are governed by our Data Processing Agreement (01-DPA.md), not by this policy.

12. Your rights & how to complain

You can ask us to access the personal information we hold about you, correct it, ask us to delete it (where we are not legally required to keep it), or stop using it for marketing. To make a request, contact us at legal@unityversity.com; we will respond within a reasonable time.

Before we action an access, correction, or deletion request, we will take reasonable steps to verify your identity, and we may decline or defer a request where we cannot reasonably do so, or where an exception under the Privacy Act 1988 (Cth) applies (for example, where access would unreasonably affect another person, or we are required by law to keep the information).

We handle your personal information on a consent-first basis and take care to avoid any serious interference with your privacy.

If you are not satisfied with how we have handled your personal information or a privacy request, you can complain to us first, and then to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

If your request relates to data held inside a coach's Vessel (the coach's audience), please direct it to that coach; they are the controller (see §2).

14. Children

Our services and website are for coaches and their businesses, not children. We do not knowingly collect children's personal information.

15. Changes

We may update this policy; the "Version" and "Effective date" above show the current one. Where a change is material, we will take reasonable steps to notify you. Changes take effect when we post the updated policy with a new Effective date; your continued use of our website or services after that date means you accept the updated policy.

16. Contact

Unity Versity Pty Ltd (ACN 699 109 567) trading as Unityversity, 2/290 Boundary Street, Spring Hill QLD 4000

Privacy contact: legal@unityversity.com · Support: legal@unityversity.com


Sub-processor Register

Version 1.0 · Effective date: 1 July 2026 · Last updated: 1 July 2026

This is the live, authoritative list of the sub-processors Unity Versity Pty Ltd (ACN 699 109 567) trading as Unityversity uses to provide its services. Capitalised terms have the meaning given in our Data Processing Agreement.

A sub-processor is a third-party provider we engage to process personal information on our behalf to run the platform, for example to host databases, send email and SMS, process payments, or deliver content. We bind each sub-processor to data-protection obligations no less protective than those in our Data Processing Agreement, except where a provider (such as Stripe) acts as an independent controller for the data it handles as part of its own regulated service. We remain accountable under the Privacy Act 1988 (Cth). Our contractual liability to coaches in respect of any sub-processor is governed by, and limited as set out in, the Master Services Agreement and the Data Processing Agreement, subject to the non-excludable rights preserved under the Australian Consumer Law.

This register is the single source of truth that our Data Processing Agreement ([Schedule 2]()) and our privacy policies, the end-user privacy policy and our own privacy policy, point to.

Current sub-processors

Sub-processorPurposeLocation / countryProcesses End-User Data?
SupabaseDatabase hosting + end-user authenticationAustralia (Sydney)Yes: identity, engagement, transactional
VercelApplication hosting / deliveryAustralia; global (incl. United States)Yes: in transit
Amazon Web Services (email)Transactional + marketing emailAustraliaYes: email address + message content
Amazon Web Services (secret store)Credential vaultAustraliaNo, credentials only
StripePayment processing (Connect Standard; coach is merchant of record)Australia; global (incl. United States)Yes: payment + transaction data
BunnyVideo storage, streaming, content deliveryAustralia; global edgeYes: content, IP address
CloudflareDNS, content delivery, securityGlobal edgeYes: IP address, in transit
SMS/voice carrier (when the SMS lane is enabled)SMS/voice delivery to end-usersAustralia where availableYes: phone number + message content

Scope of this table. This register lists the sub-processors that process End-User Data on our behalf, with their primary processing locations. Some providers may access data from, or store resilient copies in, other countries for support, administration, or resilience, bound by their own data-protection terms. It does not separately list each provider's own infrastructure sub-vendors, nor internal tooling that does not process End-User Data. For all end-user communications (including SMS and email), the coach is the legal sender of record. See the Acceptable Use Policy and the Master Services Agreement; we provide the delivery infrastructure as processor only.

Clerk (agency-staff authentication) authenticates Unityversity's own staff identities so our team can log in to internal tools (hosted in the United States). It does not itself store or process coach audience (End-User) data and is therefore not listed as a sub-processor of that data. It is shown here for transparency.

Countries of overseas disclosure

Personal information is hosted and processed primarily in Australia (Sydney). Because some providers operate globally, personal information may also be disclosed to, or accessed from, recipients in:

  • Australia: primary location of storage and processing.
  • The United States: for certain global providers and functions, including application hosting / delivery, payment processing, and content delivery / edge security.

Some providers run global edge networks, so content-delivery and security functions may pass through edge locations in other countries. Before such a disclosure, and in accordance with APP 8.1, we take such steps as are reasonable in the circumstances to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to that information, including, where reasonably practicable, by binding the recipient to contractual obligations substantially equivalent to the APPs, except where an exception in APP 8.2 applies. Where section 16C of the Privacy Act 1988 (Cth) applies, we remain accountable for acts and practices of the overseas recipient as if they were our own.

Changes to this list

We will give our coaches at least 14 days' notice before adding or replacing a sub-processor that processes End-User Data, in line with our Data Processing Agreement (§3.3). Enabling the SMS/voice lane introduces the SMS/voice carrier as an End-User-Data sub-processor and is subject to the same 14 days' notice.

A coach who reasonably objects on bona fide data-protection grounds may notify us within the 14-day notice period. We will work in good faith to resolve the objection (for example, by offering a functionally equivalent alternative or additional safeguards). If we cannot reasonably resolve it, the coach may terminate the affected service for the future on written notice, without early-termination penalty; fees already accrued or for services already provided remain payable, and we will refund any fees prepaid for that service for the period after termination on a pro-rata basis. This right is subject to, and operates within, the termination provisions of the Master Services Agreement.

Each version of this register carries a version number and an effective date. We retain prior versions and the date each change took effect, and we notify coaches of changes by the notice method set out in the Master Services Agreement and Data Processing Agreement.

Status of this register

This register is provided for transparency and to satisfy our notice obligations under the Data Processing Agreement. It is informational and does not itself create, vary, or expand any right, warranty, indemnity, or liability. The Master Services Agreement and the Data Processing Agreement govern; in the event of any inconsistency, those agreements prevail over this register.

Contact

Questions about this register: legal@unityversity.com

Unity Versity Pty Ltd (ACN 699 109 567) trading as Unityversity, 2/290 Boundary Street, Spring Hill QLD 4000


Website Terms of Use

Version 1.0 · Effective date: 1 July 2026

These Terms of Use govern your use of the public Unityversity marketing website (the "Site"), operated by Unity Versity Pty Ltd (ACN 699 109 567) trading as Unityversity, of 2/290 Boundary Street, Spring Hill QLD 4000 ("Unityversity", "we", "us", "our").

1. Acceptance and scope

By accessing or using the Site, you agree to these Terms. If you don't agree, please don't use the Site.

These Terms cover browsing and using the Site only. They are not the agreement for our paid services to coaches; that is governed by our Master Services Agreement (the "MSA") and its Schedules (its Data Processing Agreement ("DPA") and Acceptable Use Policy ("AUP")). If you are a coach customer, the MSA governs those services and prevails over these Terms if the two ever conflict.

2. Permitted use and prohibited conduct

You may use the Site for lawful personal or business purposes: to learn about Unityversity, contact us, and use the features we make available.

You must not:

  • use the Site unlawfully, or in breach of these Terms;
  • attempt to gain unauthorised access to, interfere with, or disrupt the Site, its security, or its underlying systems;
  • introduce malware or use any automated means (scraping, harvesting, bots) to extract data from the Site except as we expressly permit;
  • copy, reproduce, or republish Site content beyond what these Terms or the law allow; or
  • use the Site for any misleading, deceptive, unlawful, or unsolicited-commercial purpose, or to infringe anyone's rights.

If you breach these Terms, we may, acting reasonably and proportionately, restrict or withdraw your access to the Site. This does not affect any rights we have at law.

3. Our intellectual property

We and our licensors own the Site and its content, including text, graphics, logos, branding, layout, and software. We grant you a limited, revocable, non-exclusive licence to view and use the Site for the purposes in §2. Nothing transfers ownership of any of our intellectual property to you. The "Unityversity" name and brand are ours; please don't use them without our permission.

3.1 Your submissions. If you submit content to us through the Site (for example, feedback, enquiries, or testimonials), you grant us a worldwide, royalty-free, non-exclusive licence to use it for the purposes for which you submitted it. You warrant that you have the right to submit it and that it does not infringe any third party's rights or any law, and we may remove any submission at our discretion.

4. Third-party links

The Site may link to third-party websites or resources we don't control. We provide those links for convenience only; we don't endorse and aren't responsible for third-party content, products, or practices. Your use of a linked site is governed by that site's own terms and privacy policy. Nothing in this clause limits any liability we have under the Australian Consumer Law that cannot lawfully be excluded.

5. Information only, no advice

The Site is informational. Nothing on it is professional advice (financial, legal, business, medical, or otherwise), and nothing on it is a binding offer; we provide paid services only under the MSA (which takes effect when you accept it). Get your own advice before acting on anything you read here. We may modify, suspend, or discontinue the Site or any feature at any time without liability, subject to clause 5's non-excludable-rights paragraph below and to clause 6.1.

Your non-excludable rights come first. Nothing in these Terms excludes, restricts, or modifies any guarantee, right, or remedy you have under the Australian Consumer Law or any other law that cannot lawfully be excluded, restricted, or modified. Subject to those rights, and to the maximum extent the law permits, the Site and its free content are provided on an "as is" and "as available" basis: we do not promise the Site will be uninterrupted, timely, secure, or error-free, or that the information on it is current or complete.

6. Limitation of liability

6.1 Your non-excludable rights come first. Nothing in this clause excludes, restricts, or modifies any guarantee, right, or remedy you have under the Australian Consumer Law or any other law that cannot lawfully be excluded, restricted, or modified.

6.2 Subject to clause 6.1, and to the maximum extent permitted by law:

(a) where liability arises under a consumer guarantee that the law permits us to limit, our liability is limited, at our option, to resupplying the relevant content or service or paying the cost of having it resupplied;

(b) we are not liable for any loss of profit, revenue, goodwill, or data, or for any indirect or consequential loss, arising out of your use of (or inability to use) the Site; and

(c) subject to (a), our total aggregate liability to you in connection with the Site, for all claims that can lawfully be limited, is limited to AUD 100.

6.3 This clause applies to your use of the Site. If you are a coach customer, the MSA governs our liability for the paid services (including its ACL savings clause and liability provisions), not this clause.

7. Privacy

We handle personal information collected through the Site in accordance with our Privacy Policy, available on the Site, which forms part of these Terms. Personal information we collect through the Site is controlled by us. Personal information inside a coach's own platform (a coach's audience) is not collected through this Site; the coach is the entity responsible for that information under the Privacy Act 1988 (Cth) and we handle it on the coach's behalf; see our Privacy Policy (05-agency-privacy-policy.md), §2, for the role distinction.

Any marketing communications we send you following your contact through the Site are sent on the basis described in our Privacy Policy, and each includes an unsubscribe facility you can use at any time at no more than nominal cost.

8. Changes to these Terms

We may update these Terms from time to time, for example to reflect changes to the Site, our business, or the law. We will post the updated Terms here with a new "Version" and "Effective date", and where a change is material we will take reasonable steps to bring it to your attention before the new effective date. Changes apply only to your use of the Site from the effective date onwards; they do not retrospectively bind you, and if you don't accept a change, you can stop using the Site. Changes to these Terms do not alter the MSA, which has its own change process.

9. Your responsibility for misuse

You agree to reimburse us for reasonable, direct losses, third-party claims, and costs we actually incur to the extent they arise from your breach of §2 or your unlawful or infringing use of the Site. This does not apply to the extent the loss is caused by our own act or omission, and it reduces proportionately to the extent we (or anyone acting for us) contributed to the loss. Nothing in this clause requires you to indemnify us against our own negligence, and nothing in it limits any right or remedy you have under the Australian Consumer Law that cannot lawfully be limited.

10. General

(a) Severability: if any provision of these Terms is found unenforceable, it is read down to the minimum extent necessary or, if that is not possible, severed, and the rest of these Terms continue in force.

(b) No waiver: our failure to enforce a provision is not a waiver of it.

(c) Assignment: we may assign or novate these Terms to a successor of our business on notice to you; you may not assign your rights under these Terms without our consent.

11. Governing law

These Terms are governed by the laws of New South Wales, Australia, and you submit to the non-exclusive jurisdiction of its courts. There is no mandatory arbitration or class-action waiver.

12. Contact

Unity Versity Pty Ltd (ACN 699 109 567) trading as Unityversity, 2/290 Boundary Street, Spring Hill QLD 4000

General: legal@unityversity.com · Privacy: legal@unityversity.com

Powered byUnityversity