Last updated: April 2026. We have written this to be readable, not to be hidden. If anything is unclear, contact us and we will explain it plainly.
GecckoProof is a compliance tracking platform that helps early childhood education and care services regulated under Australia's National Quality Framework track mandatory Geccko training completion among their staff. GecckoProof is operated by Purelayer and is not affiliated with the Australian Government, the Department of Education, or ACECQA.
When this policy says "we", "us", or "our", it means GecckoProof. When it says "you" or "your", it means the person or organisation using the platform.
We only collect information that is directly necessary to provide the compliance tracking service.
Service account information. When a director creates an account, we collect the service name, service type, state or territory, director email address, and a four-digit PIN (stored as a secure hash, not in readable form).
Staff records. Directors enter the names, email addresses (optional), roles, and start dates of their staff members. This information is used to populate the compliance dashboard and generate audit reports.
Geccko completion certificates. Staff members upload their Geccko completion certificates as PDF or image files. These files are stored in a private, encrypted storage bucket and are used to populate the dashboard and audit report.
Billing information. We use Stripe to handle payments. Your credit card details are entered directly into Stripe's secure system and are never stored on our servers.
Basic usage data. We collect anonymised usage data to help us understand how the platform is being used and improve it. This data cannot be traced back to an individual.
We do not collect health information, financial records, performance reviews, or any personal information beyond what is described above. We do not collect any information about the children at your service.
We use the information we collect solely to provide the GecckoProof service:
We do not use your information for advertising. We do not sell your information to any third party.
All GecckoProof data is stored on infrastructure hosted by Supabase, which runs on Amazon Web Services in the Sydney, Australia region (ap-southeast-2). Your data is physically stored in Australia and subject to Australian law.
We use a small number of third-party services to operate GecckoProof:
We do not share data with any other party. We do not sell data.
We keep your data for as long as your account is active. If you cancel your subscription, your data is retained for 90 days before it is deleted. If you want your data deleted before 90 days, contact us and we will action it promptly.
We take reasonable and practical steps to keep your data secure: encrypted connections (HTTPS) on all pages and API calls, row-level security on all database tables, hashed PIN storage, and private non-public storage for uploaded certificates. In the event of a data breach affecting your personal information, we will notify you as required under the Australian Privacy Act 1988.
Under the Privacy Act 1988 (Cth), you have the right to access, correct, and request deletion of your personal information, and to complain to the Office of the Australian Information Commissioner. Contact us at lee@purelayer.co.nz. We will respond within 30 days.
GecckoProof uses a single functional session cookie to keep you logged in to the director dashboard. We do not use tracking cookies or advertising cookies.
GecckoProof is a business tool for childcare service operators. We do not collect any information about children.
If we make material changes to this policy, we will notify registered directors by email before the changes take effect.
For any privacy-related question or concern: lee@purelayer.co.nz