Skip to Content Skip to Navigation

Data Protection

At My Mind Check, we prioritise the security and privacy of student information above all else. We’ve built our system with strong protections from the ground up and have undergone extensive independent assessments to verify our approach. 

Key security features protecting you:

Australian data storage only – All information stays within certified Australian data centres
Independently assessed – Regular security evaluations by government-approved assessors
Strict access controls – Only authorised personnel can access specific information
Minimal data collection – We only collect what’s necessary for the check-in process
No data linking – Information is not combined with other datasets
Government certified – Our data hosting meets Department of Home Affairs certification

Protect_1272x1272

Secure-by-design

We have created a comprehensive system that protects information at multiple levels. Our approach uses overlapping layers of security that work together to safeguard data. We’ve carefully limited the number of ways the system can be accessed, making it harder for unauthorised users to get in.

For extra protection, we’ve isolated the most critical parts of our system from one another. Additionally, all sensitive information is encrypted both when it’s stored in our databases and when it’s being transferred between systems, ensuring it remains secure at all times.

We maintain comprehensive protections against cyber threats in accordance with the Australian Signals Directorate’s Information Security Manual (ISM). This framework includes over 900 specific security measures and best practices that organisations should implement to protect against cyber threats.

My Mind Check’s systems were most recently assessed and verified as compliant in 2024. To maintain our security certification, we must go through this rigorous independent evaluation process every two years.

In_Depth_1272x1272_2

Privacy Compliance

My Mind Check respects and protects personal information according to Australia’s privacy laws, and everything we do is governed by our Privacy Collection Notice.

We’ve undergone an independent Privacy Impact Assessment (PIA) registered with the Department of Education, all our data handling complies with the Privacy Act 1988 (Cth) and relevant state legislation with data only retained as long as legally required.

Schools maintain separate privacy policies governing their use of collected information.

There is no visibility of individual answers given by students, rather a summary of outcomes is provided to schools.

You can find a record of our PIA on The Commonwealth Department of Education website https://www.education.gov.au/using-site/privacy

Security_Tiles_1272x1272_1

Certifications and Standards

My Mind Check has achieved several independent assessments and certifications which demonstrates our commitment to security. We have achieved IRAP Assessment at the OFFICIAL-Sensitive level, which is a government security standard. Our privacy practices have been independently verified through a Privacy Impact Assessment.

All data is stored onshore with Australian hosting providers that meet the strict Department of Home Affairs standards, ensuring proper data sovereignty. Additionally, our system is built following internationally recognised ISO standards including:

  • ISO 27001 for Information Security Management
  • ISO 14001 for Environmental Management
  • ISO 9001 for Quality Management

We also maintain compliance with ISO 20000 (Information Technology Service Management) and ISO 31000 (Risk Management) standards. These certifications reflect our comprehensive approach to protecting your information through globally recognised best practices.

Security_Tiles_1272x1272_3

Security & Privacy FAQs

At My Mind Check, we prioritise the security and privacy of student information above all else.

For more information, visit our FAQs page.

My Mind Check employs robust security built from the ground up with “security-by-design” principles. All information is stored exclusively in certified Australian data centres, meeting stringent government standards. Our security has been independently verified through Information Security Registered Assessors Program (IRAP) assessment against the Australian Signals Directorate’s Information Security Manual, with our most recent certification completed in 2024. We use multiple protection layers including limited access points, strong encryption, network segmentation, and continuous monitoring. 

For more information, view our Security and Privacy Page and Privacy Collection Notice

My Mind Check collects only minimum necessary information: basic student details required for administration, responses to wellbeing questions, and essential session management data. We do not link this information to other datasets, providing additional privacy protection. Schools maintain separate privacy policies governing their use of collected information, including consent procedures. Data is retained only as legally required and then securely destroyed.

For more information, view our Security and Privacy page.

My Mind Check uses collected information specifically to support schools to proactively understand student mental health and wellbeing. Our recent research shows these check-ins lead to 20% fewer students experiencing emotional difficulties and 30% higher attendance after just one year. The information helps identify students needing additional support, provides schools with wellbeing insights, tracks mental health indicators over time, and supports school-caregiver communication. All usage complies with our Privacy Collection Notice and applicable privacy laws.

For more information, view our Security and Privacy page, Privacy Collection Notice and Beacon Research Study.

Need urgent help?

Triple Zero (000)

Emergency assistance

Call 13 11 14

Lifeline 24/7 crisis support

Need support now?

More information