Privacy Policy
How Positive Thinkers Pty Ltd (operating as ANZSCO Master) collects, uses, stores and discloses personal information when you use the ANZSCO Master platform at anzscomaster.com.au.
1. Who we are
ANZSCO Master is a business-to-business migration intelligence platform that gives MARA-registered migration agents, education agents and individual applicants tools to research Australian skilled migration pathways — occupation eligibility, points calculation, state nomination strategy, document checklists, DAMA agreements and current invitation data.
The platform is operated by Positive Thinkers Pty Ltd (operating as ANZSCO Master) (ABN: 90 668 517 119), based in Australia. In this Policy, "we", "us" and "our" mean ANZSCO Master.
We are bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and handle personal information accordingly.
2. What we collect
We collect information in three ways: (a) information you give us directly, (b) information generated as you use the platform, (c) information we receive from third parties (such as Google) when you authorise it.
2.1 Account information
| Field | Source | Required? |
|---|---|---|
| Email address | You, or your Google account if you sign in with Google | Yes |
| Full name | You, or your Google account | Yes |
| Password (hashed) | You, only if you sign up with email | Optional (not stored for Google sign-in users) |
| Mobile phone | You | Optional — used only for SMS verification if you opt in |
| Plan tier | System (free / silver / gold) | Yes |
2.2 Billing information (paid plans only)
If you subscribe to Silver or Gold, payment is processed by Stripe. We do not see, store or have access to your card number, CVV or bank account number — Stripe handles those directly. We store your Stripe customer ID, subscription status, plan tier, billing period dates and payment status.
2.3 Usage data
To make the platform useful and reliable we record:
- Occupation searches, points-calculator inputs, audit snapshots and saved tool configurations
- Login events, page views, feature usage and download history (in our activity log)
- Question text submitted to AI-assisted features (so we can improve answers and detect abuse)
2.4 Technical data
- IP address, browser user-agent and timestamps for each request
- Session cookie (essential for keeping you signed in)
- Failed login attempts (for rate-limiting / fraud prevention)
2.5 Google sign-in data
If you choose "Continue with Google", we receive the following from Google's OpenID Connect endpoint only:
- Your Google account ID (the
subclaim) - Your verified email address
- Your name and profile-picture URL (we store the name; we do not download or store the picture)
We never receive your Google password and we never request access to Gmail, Drive, Calendar, contacts or any other Google service. You can revoke our access at any time at myaccount.google.com/permissions.
2.6 What we do not collect
We do not collect or process: visa application files, passport numbers, health records, biometric data, criminal-record information, full address details, or sensitive personal information as defined in the Privacy Act, unless you voluntarily paste such information into a free-form field (please don't — none of our tools require it).
Users should not upload passport scans, visa grant letters, health records, police clearances or other highly sensitive documents unless explicitly requested by a feature designed for that purpose.
3. How we use your information
We use personal information for these purposes only:
- Service delivery — to authenticate you, run the tools you request and remember your settings
- Billing — to charge subscription fees, issue receipts and prevent payment fraud
- Support — to respond to your questions and diagnose problems
- Improvement — to understand which tools are useful (in aggregate; we do not sell or share usage data)
- Security — to detect and prevent abuse, brute-force attempts and unauthorised access
- Legal compliance — to comply with Australian law, including responses to lawful subpoenas or regulator requests
We do not use your data for behavioural advertising, build advertising profiles, or sell personal information to anyone.
4. AI-assisted features
Some tools on ANZSCO Master (for example, the Migration Pathway Advisor and AI Visa Insights) use large language models from third-party AI providers to generate suggestions or analysis based on the text you submit.
AI-assisted features may involve temporary processing of submitted text by third-party AI providers located outside Australia.
Users are responsible for ensuring they have obtained any necessary client consents before submitting client information into AI-assisted features.
AI-generated output is informational only and is not migration, legal or financial advice. Always verify against the official source and consult a MARA-registered agent before acting on it.
5. Sharing & third parties
We share personal information only with the third-party processors we need to run the service. Each is bound by their own privacy obligations and processes data on our behalf:
| Provider | Purpose | Data shared | Region |
|---|---|---|---|
| Stripe | Subscription billing | Email, name, Stripe customer ID, payment metadata | USA / global |
| Google LLC | OAuth sign-in (only if you use it) | OAuth state token; we receive your email + name | USA / global |
| Twilio | SMS verification (only if you opt in) | Phone number, OTP code | USA / global |
| SendGrid (or equivalent SMTP) | Transactional email | Email address, message content | USA / global |
| Anthropic / OpenRouter | AI-assisted features (e.g. Migration Pathway Advisor, Migration Tracker) | Your AI prompt text only — no stored account data | USA |
| Hosting provider | Server infrastructure | All operational data | European Union |
We may also disclose information when legally required (court order, regulator request, fraud investigation), or in the event of a corporate sale or merger — in which case successors will be bound by no less protective terms.
6. International data transfers
Some of our processors operate outside Australia (see the table above). When we transfer personal information overseas, we take reasonable steps to ensure the recipient handles it consistently with the APPs — typically by relying on the recipient's certifications (e.g. SOC 2, ISO 27001) and contractual data-processing terms.
By using ANZSCO Master you acknowledge that your information may be processed in the United States, European Union and other jurisdictions outside Australia.
7. Storage & security
We use commercially reasonable technical and organisational measures to protect personal information:
- TLS 1.2+ encryption for all data in transit
- Bcrypt password hashing (cost factor 12) — we never store plaintext passwords
- Session cookies marked HttpOnly, Secure and SameSite=Strict
- Rate-limiting on authentication endpoints to deter brute-force attempts
- CSRF tokens on all state-changing forms; OAuth state parameter on Google sign-in
- Principle of least privilege for staff access to the database
- Administrative access is restricted to authorised personnel and protected using multi-factor authentication where applicable
No internet-facing system is perfectly secure. If we discover a data breach that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.
8. Retention
- Active accounts — for as long as your account exists.
- Closed accounts — most personal information is deleted within 30 days of account closure. Billing records and tax invoices are retained for 7 years to comply with Australian taxation law.
- Server logs — typically 90 days, then automatically rotated and deleted.
- Activity log — 12 months, after which entries older than that are purged.
9. Your rights under the Privacy Act
The Australian Privacy Principles give you the right to:
- Access the personal information we hold about you
- Correct any information that is inaccurate, incomplete or out of date
- Request deletion of your account and associated personal information
- Object to specific uses of your information
- Withdraw consent for any processing that depends on your consent (e.g. SMS verification)
- Receive a copy of your personal information in a structured, machine-readable format
To exercise any of these rights, email admin@anzscomaster.com.au from the email address registered with your account. We will respond within 30 calendar days.
10. Cookies
We use the minimum cookies required to operate the service:
aus_session— keeps you signed in (session-only, HttpOnly, Secure)PHPSESSID— temporary form/CSRF state during a single visit
We do not set advertising cookies. We do not use Google Analytics, Facebook Pixel, or any third-party tracking script. Some embedded help links to YouTube videos may set their own cookies if you click them.
11. Children
ANZSCO Master is intended for migration professionals and adult applicants only. We do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has registered, please contact us and we will remove their information promptly.
12. Professional use
Migration agents and education agents using the platform remain responsible for complying with applicable professional obligations, confidentiality duties and Australian privacy laws in relation to their clients.
If you collect, store or transmit personal information about your clients through ANZSCO Master (for example, by entering it into the points calculator, document checklist or AI-assisted tools), you remain the controller of that personal information. You are responsible for obtaining your clients' consent, applying your own privacy notice, and meeting the standards set by your regulator (MARA, the Office of the Migration Agents Registration Authority, or the equivalent body for legal practitioners and education agents).
13. Changes to this policy
We may update this Privacy Policy from time to time as the platform evolves. Material changes — for example, adding a new third-party processor or expanding the data we collect — will be notified by email at least 14 days before they take effect, with a clear summary of what is changing.
Non-material edits (typo fixes, clarifications) will be made silently. The Last updated date at the top of this page always reflects the most recent change.
14. Contact us & complaints
For privacy questions, access requests, deletion requests or any other concern, contact:
Positive Thinkers Pty Ltd (operating as ANZSCO Master)
Email: admin@anzscomaster.com.au
Address: Australia
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
Website: oaic.gov.au/privacy/privacy-complaints
Phone: 1300 363 992
© 2026 ANZSCO Master · This Policy does not create migration advice — see our Terms for details.