Versantly

Privacy Policy

How Versantly handles your personal information, and the rights you have under Australian privacy law.

Issued by: Lycaon Media Pty Limited (ABN 22 671 975 983) trading as Versantly
Level 1, 1.01, 222 Pitt Street, Sydney NSW 2000 · hello@versantly.ai
Version 4 · Last updated 7 July 2026 · Reviewed by external Australian privacy counsel

1. About this policy

Lycaon Media Pty Limited (ABN 22 671 975 983) trading as Versantly ("Versantly", "we", "us", "our") operates the AI training, certification, and consulting platform at versantly.ai. This privacy policy explains how we handle your personal information.

We're committed to protecting your privacy and complying with Australian privacy law, including:

  • The Privacy Act 1988 (Cth), as amended by the Privacy and Other Legislation Amendment Act 2024
  • The Australian Privacy Principles (APPs)
  • The Spam Act 2003 (Cth)
  • The Notifiable Data Breaches (NDB) scheme

If anything in this policy is unclear, contact us at privacy@versantly.ai.

2. Information we collect

Assessment data

When you complete an AI Readiness Assessment, we collect: name, email address, job title; company name, company size, industry; your responses; and your assessment scores, dimension breakdowns and results summary.

Certification data

If you purchase a certification, we collect the above plus: payment information (processed via Stripe — see below); certification records and unique certification ID; verification lookups (when others verify your credential at versantly.ai/verify); certificate completion date and renewal status.

Course data

When you enrol in or complete a course we collect the above plus: enrolment information and progress tracking; attendance records; practical build artefacts and submissions; completion status and feedback responses.

Enterprise data

If your organisation sponsors assessments or consulting: organisational details; employee assessment data noted above (aggregated reports and, where authorised, individual results); artefacts and deliverables from consulting work; communications related to your engagement.

Marketing data

If you consent to marketing: your marketing preferences and frequency; records of your express consent; engagement metrics (email opens, link clicks, page visits); analytics about your interaction with our marketing content.

Technical data

We automatically collect: IP address and browser type; device information; cookies and similar technologies; page views, referral sources, interaction patterns; login timestamps and access logs. Some technical data may be personal information.

Sensitive information

We do not intentionally collect sensitive information (such as health information or biometric data). If any such information is provided to us, it will be handled in accordance with this policy and applicable law.

3. How we collect your information

Directly from you (assessments, enrolments, purchases, forms); from organisations (where an employer or sponsor submits assessment or employee data with appropriate authorisation); and automatically (cookies and analytics tools — Google Analytics 4 and, where enabled, the Meta Pixel — when you visit our site; see section 11).

4. Purpose of collection and its use

We collect, use and disclose personal information where it is reasonably necessary for our functions or activities, or with your consent. A summary of the categories of information and the purpose and use is set out below.

Information categoryPurpose and use
Assessment dataGenerate AI Readiness Assessment results; provide insights and recommendations; create certification eligibility records
Certification dataProcess payments; issue and manage certifications; maintain the public verification portal (versantly.ai/verify); manage renewals; support credential verification and our internal quality standards
Course dataDeliver course content; track progress; verify completion; issue certificates; gather feedback for course improvement
Enterprise dataDeliver consulting services; generate aggregated organisational reports; support team performance management (where authorised); fulfil service agreements
Marketing dataSend newsletters and promotional materials (only with your express consent); measure campaign effectiveness; improve marketing relevance
Technical dataImprove platform performance and user experience; diagnose issues; prevent fraud and misuse; analyse usage for product development
All categoriesComply with legal obligations (tax, regulatory, NDB scheme); respond to legal requests; enforce our terms; protect our rights and those of others

5. Automated decision-making

The AI Readiness Assessment uses automated scoring to generate your results.

How the assessment works

Your result is calculated by automated algorithms evaluating your responses across three dimensions — AI Thinking (40% weight), Prompt Engineering (35% weight), and AI Knowledge (25% weight). Your overall score and readiness tier (Novice, Developing, Proficient, or Advanced) are generated without human review.

The assessment is an informational, self-development tool. It does not make decisions that affect your legal rights, eligibility, or entitlements. It should not be relied on as professional, employment, or business advice.

The certification exam

The AI Proficiency Certification exam is also scored automatically against the same three weighted dimensions, and the pass/fail outcome is decided by automated algorithms without human review (a pass requires 70%). This is a more consequential automated decision: it determines whether a verifiable certificate is issued to you, so a failing score withholds the credential. We make this scoring basis transparent up front, and the commitments below apply equally to your exam result.

Commitments we make (as a matter of policy)

While Australian privacy law does not give you a general right to human review of automated decisions, we choose to offer the following:

  • You may request a human review of your assessment result if you believe it is inaccurate.
  • We provide plain-language explanations of each scoring dimension in your results report.
  • You may request disclosure of the main factors that influenced your score.

To request a review, email privacy@versantly.ai with your assessment or exam attempt ID. We'll arrange a conversation with a qualified assessor within 5 business days.

(If, from 10 December 2026, the automated decision-making transparency obligations under the amended Privacy Act apply to any of our processing, we will update this section to include the legally required disclosures.)

6. Disclosure and sharing

We disclose personal information only as set out below. We do not sell or rent your personal information.

Service providers (sub-processors). We use the following providers to operate our platform (and we may from time to time change our providers). Each is bound by contractual obligations to protect your information and to use it only for the purposes we specify.

ProviderPurposeInformation involvedLocation
SupabaseDatabase, authentication and file storage for our platform (assessments, enquiries, certification records, certificate files)Name, email, job title, company details, assessment responses and scores, enquiry messages, certification records, certificate PDFsAustralia (Sydney)
StripePayment processing for certification and course purchasesName, email, payment card details (entered on and held by Stripe — we do not store card details), transaction amount and product detailsUnited States
ResendSending transactional emails only (e.g. enquiry acknowledgements, certificate delivery). We do not send marketing through this provider.Name, email, certificate fileUnited States
GoHighLevel (LeadConnector)(a) Hosting our enterprise "Book a strategy call" booking page; (b) where you opt in to marketing, delivering our email updates and managing your unsubscribe preferencesBooking: the name, email and phone you enter on the booking page. Marketing (only if you opt in): email, your marketing preferences and engagement metricsUnited States
Google Analytics 4Website analytics, where enabledOnline identifiers, IP address, interactions with our siteUnited States
Meta PixelMarketing analytics, where you have consented and where enabledOnline identifiers, IP address, interactions with our siteUnited States
VercelHosting and delivering our websiteTechnical data processed to serve the site, including IP addressUnited States

Some analytics and marketing tools listed above operate only where they are enabled and, for marketing tools, only where you have consented (see section 11). When you book an enterprise strategy call, you are taken to a booking page hosted by GoHighLevel, and the details you enter there are collected and processed by GoHighLevel acting as our booking provider.

Our site may contain links to other sites. These linked sites are not under our control, and we are not responsible for the privacy practices of those third parties, or the performance or any content or software contained in such external websites.

Enterprise organisations. Where your employer or organisation sponsors your assessment or training, we share aggregated team data with them. Individual results are only shared where you have provided explicit authorisation or where your organisation has a lawful basis to provide that data to us and/or request reporting.

Professional advisers. We may disclose information to accountants, lawyers and auditors for legitimate business purposes.

Legal obligations. We may disclose personal information if required by law, court order, or government request.

7. Cross-border disclosure

Some of your personal information is disclosed to, or stored on systems operated by, service providers located in the United States — specifically Stripe, Resend, GoHighLevel, Google (Analytics), Meta, and Vercel. Accordingly, some of your personal information may be accessible from outside Australia by those service providers.

Our core platform data — your assessment data, enquiry details, certification records and certificate files — is stored in Australia (Supabase, Sydney region).

Under APP 8.1 we take reasonable steps to ensure these overseas recipients handle your information consistently with the Australian Privacy Principles, including through contractual data-protection obligations requiring:

  • compliance with recognised standards for data protection and security;
  • restrictions on use, disclosure and onward transfers;
  • implementation of appropriate technical and organisational safeguards.

We remain accountable for how these recipients handle your information; we do not ask you to consent to overseas disclosure on terms that remove that accountability.

Overseas recipients may be subject to foreign laws that differ from Australian privacy law. Those laws may permit authorities to access your personal information in circumstances that differ from Australian law, and you may not have equivalent rights or remedies. Where we are not reasonably able to ensure an overseas recipient complies with the Australian Privacy Principles, we will only disclose your personal information where an exception under APP 8.2 applies.

8. Data security

  • Encryption at rest: AES-256
  • Encryption in transit: TLS 1.3
  • Access controls: RBAC and MFA for staff
  • Regular audits: periodic security reviews and penetration testing
  • Incident response: documented plan aligned with the NDB scheme (see section 12)
  • Employee training: regular privacy and security training

No system is completely secure. If you believe your information has been compromised, contact us at privacy@versantly.ai.

9. Data retention

Data categoryRetention periodReason
Assessment data3 years from last interactionAccess to past results; dispute resolution
Certification dataWhile the credential is active and verifiableMaintains the public verification portal; de-identified on request or when no longer required
Course data3 years from completionCompletion verification; quality standards
Enterprise dataDuration of engagement + 7 yearsContractual and tax/audit compliance
Marketing dataUntil consent withdrawnWe action withdrawals within 5 business days (Spam Act 2003)
Technical data26 monthsBalances analytics value with data minimisation

Where a specific retention period is not set, we determine retention reasonably based on the nature of the information, legal obligations, and our operational needs.

Certification records and deletion

Certification records support the public verification portal at versantly.ai/verify. If you request deletion, we will de-identify your personal information from the public record (removing your name, email and identifying details) while retaining the certification ID and verification status so the credential can still be verified as having existed. We destroy or de-identify personal information when it is no longer required (APP 11.2).

10. Your privacy rights

Right of access (APP 12)

Request a copy of the personal information we hold about you. We'll respond within 30 days, free of charge (a reasonable fee may apply for complex or voluminous requests). We may need to verify your identity before processing your request. privacy@versantly.ai

Right to correction (APP 13)

If your information is inaccurate, incomplete or out of date, request correction. We'll respond within 30 days. privacy@versantly.ai

Requesting deletion / de-identification

You can ask us to delete or de-identify your personal information, subject to legal obligations and the certification-verification requirements in section 9. We cannot delete data subject to a legal dispute or regulatory investigation, and enterprise data may need to be retained for 7 years for tax/audit compliance.

Withdrawing marketing consent

Opt out at any time, free of charge, via the "Unsubscribe" link in any marketing email or by emailing privacy@versantly.ai. We action unsubscribe requests within 5 business days (Spam Act 2003 (Cth) s16). Completing an assessment, enrolling in a course, or purchasing a product does not constitute consent to marketing — we require your express, opt-in consent for all commercial electronic messages.

Human review of automated results

As a matter of policy, you may request a human review of your assessment result (see section 5).

Privacy complaints

See section 13.

11. Cookies and tracking

Essential cookies. Necessary for the platform to function (login sessions, security tokens). These are always active and cannot be switched off.

Analytics cookies. Where enabled, we use Google Analytics 4 (provided by Google, United States) to understand site usage — pages visited, time on page, links clicked, referral sources and conversion events. Some analytics data, such as your IP address, may be personal information; we handle it under this policy and seek to minimise and aggregate it where practicable.

Marketing cookies. Where you have consented, we may use the Meta Pixel (provided by Meta, United States) to measure and improve our marketing. You can withdraw your consent at any time. We obtain your consent to analytics and marketing cookies through our cookie banner or preference centre when you first visit our site.

Managing preferences. Most browsers let you delete or block cookies and enable "Do Not Track." Blocking essential cookies may prevent the platform from working.

12. Notifiable Data Breaches

We comply with the NDB scheme under Part IIIC of the Privacy Act 1988 (Cth).

If we suspect an eligible data breach, we will carry out an assessment within 30 days. If we have reasonable grounds to believe an eligible data breach has occurred (one likely to result in serious harm), we will:

  • Prepare a statement and notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable;
  • Notify affected individuals as soon as practicable, by email or other direct contact;
  • Provide details of the breach, likely impact, and steps you can take.

13. Privacy complaints

Step 1: complain to us

Privacy Officer: John Sukkar · Email: privacy@versantly.ai · Postal: Level 1, 1.01, 222 Pitt Street, Sydney NSW 2000 · Response time: 30 days. Please include your contact details, the details of the complaint, and the outcome you're seeking.

Step 2: complain to the OAIC

If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au · Phone: 1300 363 992 · Email: enquiries@oaic.gov.au. The OAIC investigates at no cost; it's best to complain within 12 months of the incident.

14. Contact us

Privacy Officer: John Sukkar · Email: privacy@versantly.ai · Postal: Level 1, 1.01, 222 Pitt Street, Sydney NSW 2000

15. Policy updates

We may update this policy. For material changes, we'll display the updated policy, update the "Last Updated" date, and email you if the changes significantly affect your rights. Your continued use after changes take effect means you accept the updated policy.

Effective from 7 July 2026; supersedes all previous privacy policies.