Skip to main content

AI & Ethics

How Taughtful uses AI, what it doesn't do, and how we protect children's data. Last updated: May 2026.

We use AI for a narrow purpose: to format human observations into the compliance documents Australian regulatory frameworks already require. The AI does not observe children. It does not diagnose. It does not predict. It does not make decisions. Every output is a draft that requires human review and explicit approval before it can be used.

This page is the plain-language version. The full policies — written for assessors, procurement officers, and regulators — are linked at the bottom.

What Taughtful's AI does

  • Drafts compliance documents from observation chips a human has tapped — NCCD evidence, SSG minutes, ILPs, KIS evidence, NDIS progress notes, case notes, CRT handover briefs.
  • Transcribes voluntary parent voice journals and structures the transcript for the parent's own subsequent review.
  • Synthesises pre-meeting inputs from care team members into draft Student Support Group (SSG) minutes for the meeting chair's review.
  • Suggests additional observation prompts based on what a user has already selected. The user accepts or rejects every suggestion.

What Taughtful's AI does not do

  • Does not observe children. Observations originate from humans.
  • Does not diagnose disability, learning difficulty, or developmental delay.
  • Does not assess developmental status, social-emotional state, or behavioural risk.
  • Does not determine NCCD adjustment level or NDIS goal category. These are produced by deterministic rules in code, not by the AI.
  • Does not predict future behaviour, future support needs, or future outcomes.
  • Does not profile children. Records exist to support a single, explicit purpose: documenting the support each child receives.
  • Does not monitor children in real time. There is no continuous surveillance pipeline.
  • Does not commit any document to any external system. Commitment requires an explicit human action.
  • Does not use biometric data for identification, emotion recognition, or attribute prediction.
  • Does not train AI models on your data. Our subprocessor agreements contractually exclude submitted content from training.

How we protect children's data

Privacy is structural in Taughtful, not promised. Three layers protect every child's information:

  1. Children are de-identified at the database. No surname. No date of birth. Children are stored as initials (chosen by the parent) or an auto-generated code, plus an age bracket. There is no field for a full name even if a user attempted to enter one.
  2. A two-pass PII filter runs before every AI call. The first pass replaces emails, phone numbers, Medicare and NDIS numbers, and dates with neutral placeholders. The second pass replaces names — child, care team members, schools, clinics — with tokens like [CHILD] and [PERSON_1]. The AI receives only the filtered text. Real identifiers are restored locally after the model responds.
  3. Row-level security is enforced at the database, not just the application. Every observation, document, and team membership has a security policy that runs even if application code is bypassed.

Who handles what

Taughtful uses a small set of trusted subprocessors. Each is named, each has a specific role, and none receive content beyond what they need.

ProviderPurposeRegionData they receive
SupabaseDatabase, authenticationSydney, AustraliaDe-identified observation and account data
Anthropic (Claude)Document draftingUnited StatesDe-identified text only. No training on submitted content.
OpenAI (Whisper)Voice-to-text for parent journals (optional)United StatesDe-identified audio only. No training on submitted content.
ResendTransactional emailUnited States / EUEmail addresses (invites, notifications)
VercelApplication hostingSydney, AustraliaNone at rest. Stateless application code only.

Cultural safety

Taughtful retains an embedded Aboriginal Cultural Advisor who reviews observation prompts, document templates, and AI features that touch Aboriginal and Torres Strait Islander children, families, or pedagogy. Review happens before any change reaches production, not after.

We align with the CARE Principles for Indigenous Data Governance and Maiam nayri Wingara's data sovereignty work. Information about Aboriginal and Torres Strait Islander children is treated as held in trust on behalf of the child, the family, and the community. Material changes affecting Aboriginal and Torres Strait Islander children trigger consultation with the relevant Aboriginal Community Controlled Organisations.

Accountability and incidents

When something goes wrong, we want it to go wrong well. Our commitments:

  • A designated AI Safety Officer with structural authority to pause, roll back, or remove any AI feature at any time.
  • Quarterly sample review of AI outputs for bias, omission, and cultural appropriateness.
  • Notification of material changes — AI provider, hosting jurisdiction, AI role — before they happen.
  • For significant incidents, a redacted public post-mortem published within 30 days for the most serious category, 60 days for the next tier. We commit to telling you what happened, what we did, what we learned, and what changed.
  • Voluntary near-miss disclosure: account holders are notified within five business days of a serious near-miss, even when no user was affected. Schools must be able to defend their use of Taughtful to their communities; they cannot defend it if they only hear about incidents through third parties.

Frameworks we work to

Taughtful is built against the published Australian and international AI governance frameworks:

  • Australia's 8 AI Ethics Principles (Department of Industry, Science and Resources)
  • NSW AI Assurance Framework
  • OECD AI Principles
  • EU AI Act — we self-assess as Limited Risk, with transparency obligations
  • OWASP Machine Learning Security Top 10 and OWASP AI Security and Privacy Guide
  • ST4S 2025.1 (Safer Technologies for Schools), including the AI Module — Tier 1 controls
  • Victorian Department of Education Gen AI in Schools policy
  • Victorian Child Safe Standard 11 (online and digital environments)

Read more

The full policies — written for assessors, procurement officers, and regulators:

  • AI Ethics Policy — governance, design, testing, communication, accountability, cultural safety. Available on request from hello@taughtful.com.au.
  • AI Incident Management Plan — severity classification, response phases, external disclosure obligations, public post-mortem cadence. Available on request.
  • Privacy Policy
  • Security
  • Compliance frameworks — child welfare, family violence, and trauma-informed practice frameworks Taughtful aligns with.
  • Terms of Service

Questions

Questions about how we use AI, what it does and doesn't do, or how to dispute an output, can be sent to the AI Safety Officer at hello@taughtful.com.au. We commit to acknowledging within five business days and a substantive response within twenty.