Privacy Policy

mySidekick — Website, App and Device

Last updated: April 2026

In Short

  • Who this policy is for: parents and guardians who create and manage a mySidekick account, and people who use our website or app.
  • What we collect: account details, billing records, device identifiers (IMEI only), service data, location data, and technical information needed to run the service.
  • What we do not collect about children: name, email address, date of birth, photograph, or any other personal information. The only device-level identifier we hold is the IMEI, linked to the parent’s account.
  • What we use information for: to provide the service, process payments, support the device and app, keep the service secure, and meet legal obligations.
  • Who we share with: carefully selected service providers, including our payment processor (Stripe), our mobile network or SIM provider, and our e-commerce platform provider.
  • Your choices: you can contact us to access, correct, or request deletion of your information, subject to legal limits and record-keeping obligations.

1. Who We Are and What This Policy Covers

This Privacy Policy explains how Open Rationale Pty Ltd trading as Technology for Families/mySidekick  (“Sidekick”, “mySidekick”, “we”, “us”, or “our”) collects, holds, uses, and discloses personal information in connection with:

  • the Sidekick website at mysidekick.com.au
  • the mySidekick mobile app
  • the Sidekick device and related services, including SIM, connectivity, location, and customer support services.

Sidekick is designed for children aged 8–12 to use under the supervision of a parent or guardian. Accounts are created and managed by a parent or guardian only. Children do not create Sidekick accounts themselves.

This policy is intended to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). A copy of the APPs is available at oaic.gov.au.

2. What Personal Information Means

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether it is recorded in a material form or not.

Some information that may look technical on its own — such as a device identifier or location history — can still be personal information when it can be linked to an account, a household, or a particular user.

Sensitive Information is a subset of Personal Information defined in the Privacy Act to include information about racial or ethnic origin, political opinions, religious beliefs, health information, and similar categories. We generally do not collect Sensitive Information. We treat location data with a high level of care because in practice it can be particularly sensitive, especially in the context of a child’s device.

Wherever practical, we minimise the exchange and storage of personal information such as email addresses, phone numbers, and other directly identifiable details. Instead, our systems are designed to transact using unique reference numbers and internal identifiers that reduce the need to expose personal identity data during routine operations. This privacy-by-design approach helps limit the value of any data to unauthorised parties in the unlikely event of a security incident, as reference data on its own cannot readily be used to identify or contact an individual.

If information does not identify you or enable your identity to be ascertained, it will generally not be classified as Personal Information and will not be subject to this policy.

3. The Information We Collect

Depending on how you interact with Sidekick, we may collect the following kinds of personal information:

  • Account and contact information: parent or guardian name, email address, phone number, billing address, and any details used to verify or manage the account.
  • Order, billing, and subscription information: purchase records, invoices, payment status, subscription plan, and transaction history. This information is stored on our own hosted infrastructure (including our e-commerce platform) and is separate from payment card data, which is handled entirely by Stripe.
  • Payment-related information: processed securely by Stripe (PCI Service Provider Level 1 certified, headquartered in the United States). Australian customer data processed by Stripe is stored in the United States. We do not store, access, or retain full payment card details on our own servers at any time. We retain only transaction records (amount, date, subscription plan) for billing and tax purposes.
  • Device and service information: device IMEI, SIM or service identifiers, activation status, data usage, connectivity status, battery or firmware status, and service events.
  • Location and event information: GPS coordinates, timestamps, check-ins, alerts, and other device-triggered events necessary to provide the service.
  • Approved contact details: where you choose to add approved contacts for the operation of the device or app.
  • Technical and usage information: IP address, browser type, device type, operating system, app version, pages or screens visited, timestamps, referral URLs, and diagnostic or crash information.
  • Log data: when you visit our website, our servers may automatically log your IP address, browser type and version, pages visited, time and date of visit, and time spent on each page. While this may not be personally identifying by itself, it may be possible to combine it with other data to identify individuals.
  • Communications and support records: emails, contact form enquiries, customer support requests, and feedback.

If you do not provide certain information, we may not be able to create your account, process payment, provision the device or SIM, provide location or connectivity services, or respond properly to support requests.

4. How We Collect Information

We collect personal information in the following ways:

  • Directly from you when you register an account, place an order, subscribe, contact us, or use the app.
  • Automatically when you use the website, app, or device, including through logs, cookies, digital identifiers, and service telemetry.
  • From third parties who help us provide the service, such as payment providers, mobile network or SIM providers, fraud or security providers, delivery providers, and hosting providers.

5. Children’s Privacy

Protecting children’s privacy is a core design principle of Sidekick, not an afterthought.

We do not collect any personal information about the child using the device. Specifically, we do not collect or store:

  • The child’s full name.
  • The child’s date of birth.
  • The child’s email address.
  • The child’s photo or image.
  • Any other personal information about the child.

The only device-level identifier we hold is the IMEI number of the Sidekick device, which is linked solely to the parent or guardian’s account. The IMEI is a technical identifier used to operate the SIM and location services — it contains no personal information about the child.

Additionally:

  • Children do not create accounts. All accounts are created and managed by a parent or guardian.
  • Location data is visible only to the account holder and is never shared with third parties for marketing, profiling, or any other purpose.
  • We do not use children’s information for advertising, profiling, or behavioural marketing.
  • We do not sell personal information associated with child users.

Because the Sidekick device provides location and service-related functionality, some information associated with the device may relate to a child user in context. This includes device identifiers, location history, check-ins, and device event data. We collect and use that information only to provide the Sidekick service to the parent or guardian account holder, to keep the service secure, and to meet our legal obligations. Location data associated with the device is treated as Sensitive Information and is used only for its primary purpose.

6. Why We Collect, Hold, Use, and Disclose Information

We collect, hold, use, and disclose personal information for purposes including:

  • Creating and managing accounts.
  • Processing orders, subscriptions, renewals, refunds, and billing.
  • Activating and operating the device, app, SIM, and related services.
  • Providing location visibility, check-in functions, and device-related notifications to the account holder.
  • Delivering customer support and responding to enquiries.
  • Maintaining, troubleshooting, securing, and improving the website, app, device, and service.
  • Detecting, preventing, and investigating fraud, misuse, security incidents, or unlawful activity.
  • Sending service messages such as account notices, subscription notices, product changes, technical alerts, and support communications.
  • Sending marketing communications where permitted by law and where you have not unsubscribed.
  • Meeting legal, regulatory, accounting, tax, insurance, and compliance requirements.

7. Direct Marketing

We may send account holders information about product updates, new features, service changes, or other offerings related to Sidekick. Where required by law, we will only send commercial electronic messages with your consent, in compliance with the Spam Act 2003 (Cth).

You can opt out of marketing emails at any time by using the unsubscribe link in the message or by contacting us using the details at the end of this policy.

We do not use children’s information for direct marketing. We do not use Sensitive Information for direct marketing.

8. Who We Share Information With

We only share personal information where it is reasonably necessary to operate, support, secure, or improve the Sidekick service, or where the law permits or requires it. This may include sharing information with:

  • Stripe payment processing: we use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include payment transaction data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics. Stripe is certified to PCI Service Provider Level 1. Australian customer data processed by Stripe is stored in the United States. You can learn more at stripe.com/au/privacy.
  • Mobile network and SIM provider: to provision and operate device connectivity. Only the device IMEI and data usage statistics are shared — no personal information about the child.
  • Hosting, infrastructure, cloud, and technical service providers: including providers that help us run the website, app, e-commerce platform, databases, backups, monitoring, and security controls.
  • Delivery, logistics, and fulfilment providers: where needed to deliver hardware or related items.
  • Professional advisers, insurers, and auditors: where reasonably necessary and subject to appropriate confidentiality protections.
  • Regulators, law enforcement agencies, courts, and government bodies: where required or authorised by law.

We require all service providers and third parties with access to personal information to maintain appropriate security measures and confidentiality obligations, and to use the information only for the purpose for which it was disclosed.

We do not sell personal information. We do not disclose personal information to third parties for their own independent marketing purposes.

9. Overseas Disclosure

Some of our service providers may store or process personal information outside Australia. This includes Stripe, which stores Australian customer data in the United States, and may include other providers or their sub-processors in other countries.

Where we disclose personal information to an overseas recipient, we take reasonable steps to require that recipient to handle the information in a manner consistent with Australian privacy law. The protections we use may include contractual commitments, data processing agreements, access controls, security requirements, and vendor due diligence.

By using Sidekick, you acknowledge that some personal information may be processed outside Australia as part of operating the service.

10. Cookies and Digital Identifiers

Our website uses cookies and similar technologies to support website functionality, security, performance, and analytics. These technologies may be used to:

  • Keep you signed in or maintain your session.
  • Remember website preferences.
  • Support shopping cart and checkout functions.
  • Understand website usage and improve performance (e.g. Google Analytics).
  • Support fraud prevention, payment processing, and website security.

Some cookies are essential to the operation of the website. Others may be optional. Where we use non-essential cookies, we will seek consent where required by law.

You can control cookies through your browser settings, although disabling essential cookies may affect website functionality.

11. Social Media Widgets

Our website may include social media features such as share buttons or embedded feeds from platforms including Meta (Facebook and Instagram). These features may collect your IP address and set cookies to enable them to function properly. Your interactions with these features are governed by the privacy policy of the relevant social media platform. We recommend reviewing the privacy policies of any social media platforms you use.

12. How We Hold and Secure Information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • Encryption in transit (HTTPS/TLS).
  • Access controls and authentication measures.
  • Role-based access to systems and data.
  • Logging and monitoring of system activity.
  • Secure development, maintenance, and patching practices.
  • Vendor and infrastructure security controls.
  • Payment processing handled entirely by Stripe — card details are never stored on our servers.

No method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we take reasonable steps appropriate to the nature of the information we hold. When personal information is no longer required, we will take reasonable steps to destroy or permanently de-identify it by permanently deleting electronic records from all systems and storage media.

13. How Long We Keep Information

We keep personal information only for as long as it is reasonably needed for the purposes described in this policy, and as required by law. Our retention approach is as follows:

  • Active account information: while your account remains active, and for a reasonable period afterwards to manage reactivation, support, disputes, and compliance.
  • Account deletion request: if you request deletion of your account, we will delete or de-identify your personal account data within 30 days. Transaction and financial records will be retained for 5 years as required by the Australian Taxation Office.
  • Lapsed subscription: if your subscription lapses and is not renewed, your account will enter an inactive state. Personal account data will be retained for 12 months to allow reactivation. After 12 months of inactivity, personal data will be deleted or de-identified. Transaction and financial records will be retained for up to 7 years as required by law.
  • Billing, tax, and transaction records: at least 5 years, or longer where required by law.
  • Customer support records: for as long as reasonably needed to manage support history, complaints, warranty, and service issues.
  • Location history and device event records: for the period needed to provide the service and associated support features, then deleted or de-identified.
  • Backups: retained according to our backup and disaster recovery settings and then overwritten or securely deleted in the ordinary course.

14. Access, Correction, and Deletion Requests

You may request access to the personal information we hold about you, and you may ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

You may also request deletion of personal information that we no longer need. We may keep some information where we are required or permitted to do so, including for tax, accounting, fraud prevention, dispute resolution, or legal compliance purposes.

To protect your privacy and security, we may require you to verify your identity before we act on a request. We will not charge a fee for access requests. We will respond within a reasonable time and, where required by law, give reasons if we refuse a request.

It is important that the personal information we hold is accurate and up to date. Please advise us promptly if your information changes so we can continue to provide quality service.

15. Anonymity and Pseudonyms

Where lawful and practicable, you may interact with us without identifying yourself or by using a pseudonym. In practice, this may be limited where we need your identity to create an account, process a payment, provide customer support, ship hardware, investigate a problem, or meet legal obligations.

16. Limits of This Policy

Our website, our app and service may contain links to external sites that are not operated by us. Please be aware that we have no control over the content or privacy practices of those sites and cannot accept responsibility for their privacy practices. We encourage you to review the privacy policy of any external site you visit.

If you are providing personal information to us about another person (for example, as a parent or guardian providing details in connection with use of the Sidekick device), you represent and warrant that you have that person’s knowledge and, where required, their consent to provide that information to us.

17. Data Breaches and Complaints

If you believe we have mishandled your personal information, please contact us using the details at the end of this policy. We will acknowledge your complaint promptly and aim to resolve it within 30 days, working with you in good faith to reach a fair resolution.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

If we experience an eligible data breach under the Privacy Act that is likely to result in serious harm, we will comply with our obligations under the Notifiable Data Breaches (NDB) scheme, including notifying affected individuals and the OAIC where required.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal obligations, or business practices. When we make a material change, we will take reasonable steps to notify account holders by email, through the app, or by posting a notice on the website. The latest version will always be available at mysidekick.com.au/privacy-policy.

19. Contact Us

If you have a privacy question, request, or complaint, please contact us:

  • Legal entity: Open Rationale Pty Ltd trading as TECHNOLOGY FOR FAMILIES
  • Privacy contact email: support@mysidekick.com.au
  • Postal address: PO Box 775, Toowong, QLD 4066
  • Phone: 0431 125 986
  • Website: mysidekick.com.au