Privacy Policy
Effective date: 1/June/2026
Policy version: 2026-01
Applies to: rox.mollymar.co and related services operated by Fan Zhang (ABN 26 310 391 402).
A quick summary (the plain-English version)
We built this product for families and climbers, and a lot of the people it serves are children. We take that seriously. Here is the short version — the full policy below has the detail.
- We collect as little as possible: names, dates of birth, and your climbing records. No home addresses. Gender is optional.
- A parent or guardian holds the account and gives consent for each child. Children do not create their own accounts.
- Consent is per purpose, and you can withdraw it at any time. Saying yes to one thing (say, letting a coach see a child's logs) is not saying yes to everything.
- We do not sell personal information, and we do not let our AI provider train on it.
- Our AI suggests; a person confirms; nothing is saved without that confirmation.
- Your data is stored in Australia (Sydney). Some text you enter may be processed overseas to power AI features — explained below. Voice audio never leaves your device.
- You can export or delete your household's data whenever you want.
1. Who we are
This service is operated by Fan Zhang ("we", "us", "our"), ABN 26 310 391 402. You can reach our privacy contact at fzhan@oroit.com. See section 18 for how to raise a concern or make a complaint.
This policy explains how we handle personal information in line with the Privacy Act 1988 (Cth) — including the reforms introduced by the Privacy and Other Legislation Amendment Act 2024 — and the Australian Privacy Principles (APPs), and how we approach the safety and privacy of children specifically.
2. Our commitment to child safety
A large part of our community is children, so child safety is a core design principle, not an afterthought. We treat the best interests of the childas the primary consideration when we design features and decide how children's information is handled.
- We have zero tolerance for child abuse, exploitation, or harm, and we are committed to acting in the best interests of every child who uses the service.
- The product is built safety-by-design: a parent or guardian holds the account, children's data is tightly scoped, and access by anyone other than the guardian (for example a coach) requires explicit, separate consent and verification.
- Adults who are given access to a child's information in a coaching capacity must hold a current Working with Children Check (WWCC) (or the equivalent in their state or territory), verified by us before access is granted. See section 9.
- The product is not designed for children to use unsupervised, and we do not knowingly create features that isolate a child from their parent or guardian, that enable private adult-to-child contact, or that solicit unnecessary personal information from a child.
- We do not track the location of children, and we do not profile children or use their information for advertising.
- A coach's comments about a child are reviewed by a guardian before the child sees them, and coaches cannot privately message a child — all such communication is mediated by the guardian.
- When a child takes part in any community feature, their contributions are reviewed before publication and shown without identifying information (no real name, photo, gym, or location).
- Concerns about a child's safety are handled through the reporting channel above — never through public reviews or community posts.
- We offer notices and coach comments in the child's preferred language so they can understand information that concerns them.
- If you ever have a concern about the safety of a child in connection with this service, contact us immediately at fzhan@oroit.com. If a child is in immediate danger, call 000. Concerns can also be reported to the relevant child protection authority in your state or territory, and to the eSafety Commissioner (esafety.gov.au).
3. What information we collect
We follow the principle of minimal collection (APP 3) — we ask for the least we need to run the features you use.
Account and identity
- The account holder's name and login details (and, when social login is available, the connected provider's identifier and verified email).
- For each person tracked in a household (including children): full name and date of birth. Date of birth is used to derive the relevant age/stage category for climbing — we do not use it for anything else. Gender is optional. We do not collect home addresses.
Climbing and training records
- Climb logs, grades, disciplines, results, notes, skills, and goals that you enter.
Consent and governance records
- Records of the consents you give and withdraw, including which version of this policy you agreed to and when, and (for coaches) verification status. These exist so we — and you — can prove what was agreed.
Technical information
- Information needed to keep you securely logged in (session cookies), and limited diagnostic and security logs (for example, error reports and AI usage metrics such as timing — not the content you typed).
We do not collect more than this for the features described here. If we add features that need more, we will update this policy and, where required, ask for your consent first.
4. Children's information and parental consent
- A parent or legal guardian creates and controls the account and provides consent on behalf of each child in the household.
- Consent is captured separately for each purpose (for example: holding an account, enabling voice capture, granting a coach access). Agreeing to one purpose does not imply the others.
- A guardian can view, correct, export, and delete a child's information at any time (section 12), and can withdraw any consent at any time (section 6).
- We do not knowingly let a child set up an independent account or share their information with third parties without guardian consent.
5. How we use your information
We use personal information only for the purposes we collected it for, or directly related purposes you would reasonably expect (APP 6):
- to provide the climbing tracker and the features you choose to use;
- to derive the correct age/stage category from a date of birth;
- to enable, where you have consented, coach access to a specific child's records;
- to keep the service secure, diagnose problems, and meet our legal obligations.
Different areas of the product are kept separate by design so that information collected for one purpose cannot be queried from another. For example, parties such as sponsors (in future phases) cannot access training data.
We do not sell personal information, and we do not use it for advertising or profiling.
6. Consent — and how to withdraw it
Consent in this service is per purpose, versioned, and revocable:
- Per purpose: each sensitive activity (account, voice capture, coach access, and — in future phases — competition entry, photo/media, and taking part in or publishing community content) has its own consent.
- Versioned: we record which version of this policy you agreed to, so it's clear what you were told at the time.
- Revocable: you can withdraw a consent at any time from your account settings. Withdrawing a consent stops the related processing and removes the related access. For example, revoking coach access immediately removes that coach's ability to see the child's records.
Withdrawing consent doesn't undo processing that already lawfully happened, and some records (such as audit and consent history) are retained where we are required to keep them.
7. Artificial intelligence features
Some features use AI to make data entry easier (for example, turning a free-text description or a voice note into structured climbing-log fields).
- The AI is provided by Anthropic, PBC and runs through their API.
- AI proposes; a person confirms; the system writes. The AI only ever suggests structured data — nothing is saved to your records until you review and confirm it. There is no automated decision-making that has a legal or similarly significant effect on you or a child.
- We send the AI only the text needed for the task, and only information the person using the feature could already see. We do not allow the AI provider to use this information to train their models, and we do not log the content of AI requests containing children's personal information.
- We also use AI to translate content into a reader's language (labelled machine-translated, original retained) and to screen submitted community content for tone and safety. Screening only flags and routes — it never decides on its own to publish anything; a person makes that decision.
8. Voice capture
Where you enable it (it requires a standing voice consent for the relevant person first):
- Speech is converted to text on your own device using your browser's speech feature. The audio recording itself never leaves your device and is not uploaded or stored by us.
- Only the resulting structured record (after you confirm it) is saved, marked as voice-sourced for accountability.
9. Coaches and working with children
Before a coach can see any information about a child, all of the following must be true, and all are checked by our systems before access is allowed:
- the guardian has granted that specific coach a role for that child;
- the guardian's coach-access consent is in place and not withdrawn; and
- the coach has a current Working with Children Check (or state/territory equivalent) on file with us.
If any one of these lapses or is withdrawn, access ends.
10. Who we share information with
We share personal information only with service providers who help us run the product, under contracts that require them to protect it, and only as needed:
- Supabase — database, authentication, and hosting of your data, in the Sydney, Australia region.
- Anthropic, PBC — the AI provider described in section 7.
- Vercel — application hosting and delivery.
- When social login is enabled in a later release: Google, Apple, Microsoft, and/or Meta (Facebook) as identity providers you choose to connect.
We may also disclose information where required by law, or to protect the safety of a child or any person.
We do not sell personal information.
11. Sending information overseas (cross-border)
Your records are stored in Australia. However, the AI features in section 7 are operated by a provider located overseas (the United States), so the text processed by those features may be handled outside Australia. We take reasonable steps to ensure overseas recipients handle your information consistently with the APPs (APP 8). As noted above, voice audio is never sent overseas — it stays on your device.
Where you use community or coach-comment features, the text of those items (and any machine translation of it) may also be processed by the overseas AI provider in the same way.
12. Accessing, correcting, exporting, and deleting your information
Consistent with APP 12 and APP 13, from your account you can:
- Access and correct the information held about your household;
- Export a copy of your household's data; and
- Delete your account and household, which removes the associated personal information. A child's record held only through your guardianship is deleted together with your account (unless a second guardian also holds it). Some governance records (for example, audit and breach records) may be retained where we are legally required to keep them.
To make a request you can't complete in-app, contact us at fzhan@oroit.com.
13. How long we keep information
- Active household and climbing data is kept while your account is active.
- When you delete your account, personal information is removed, subject to the limited retained governance records noted above.
- Voice audio is not retained at all (section 8).
- Security and audit logs are kept for 12 months for safety and accountability, then deleted.
14. How we keep information secure
We take reasonable steps to protect personal information from misuse, loss, and unauthorised access (APP 11), including: access controls that scope each household's data to its owner; verified, consent-gated access for coaches; restricted administrative access; an append-only audit trail for sensitive actions; and regular security reviews. No system is perfectly secure, but child safety and data security are central to how this product is built and operated.
Encryption of your data. Your information is encrypted both while it travels and while it is stored:
- In transit — all data exchanged between your device and the service travels over encrypted connections (TLS/HTTPS), so it cannot be read as it crosses the internet.
- At rest — data held in our database is encrypted on disk by our hosting provider, Supabase, using industry-standard AES-256 encryption. Database backups are encrypted as well.
Beyond encryption, the main safeguard for your information is strict access control: each household's data is locked to its owner, and access by anyone else (such as a coach) is separately consented and verified, as described above.
15. Data breaches
If a data breach occurs that is likely to result in serious harm, we will respond under our incident process and comply with the Notifiable Data Breaches scheme, including notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals (and, for children, their guardians) as required.
16. Cookies and sessions
We use a small number of cookies that are strictly necessary to keep you securely signed in. We do not use advertising or cross-site tracking cookies.
17. Changes to this policy
We may update this policy from time to time. When we make a material change, we will update the version number and effective date above and, where the change affects something you consented to, ask for your consent again. The version you agreed to is recorded with your consent records.
If we provide this policy in languages other than English, those translations are for convenience only; the English version is the authoritative one if there is any difference in meaning.
18. Contact us and complaints
For privacy questions or requests, contact our privacy contact at fzhan@oroit.com.
If you have a complaint about how we have handled your personal information, please contact us first so we can try to resolve it. If you are not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.
For concerns about the safety of a child, see section 2. If a child is in immediate danger, call 000.