Last updated: 17 May 2026
We collect only what the app needs to work. We never sell your data. Your family’s information is encrypted, stored in Australia, and under your control. You can delete everything at any time. Children’s data receives the highest level of privacy protection under Australian law.
Super Epic Goals
Operated by Super Epic Group
ACN: 689 548 383 | ABN: 81 689 548 383
Melbourne, Australia
Super Epic Group (“we,” “us,” or “our”) operates Super Epic Goals (www.superepicgoals.com), a family goal-setting and engagement platform that helps children and their families create goals, reward their efforts, and celebrate their achievements. The platform also includes a suite of engagement and motivational activities (“Epic Tools”) designed to support children's focus, coordination, and self-regulation in a fun, interactive way.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our service.
Important - Express Consent Required: Because we collect personal information about children, we require your active, express consent before creating an account. You will be asked to affirmatively agree to this Privacy Policy during the account registration process. Continued use of the platform constitutes ongoing consent to the practices described here.
We collect the following personal information when you create an account:
When you choose to sign in using Google through NextAuth, we may collect:
We collect information about:
When you use our Goal Wizard feature, we temporarily process:
This information is used solely to generate age-appropriate goal suggestions through our AI system.
Our platform includes a suite of engagement and motivational activities called “Epic Tools.” When you or your child use these tools, we may collect the following data:
Important: Epic Tools are engagement and motivational activities designed to be fun and interactive. They are not medical devices, clinical assessments, or health management tools. Data from Epic Tools is not used to diagnose, treat, or manage any medical or health condition. Where data is stored, it is retained solely so that the profile owner can view their own activity history.
Epic Tools data is never shared with third parties for commercial purposes.
We may collect technical information including:
When you create an account, submit a contact enquiry, or sign up for our newsletter, we collect your approximate location by looking up your IP address through a third-party geolocation service (ipapi.co). The data we collect includes:
We use this information for:
This location data is stored with your account record and retained for as long as your account remains active. It is not shared with third parties for commercial purposes. The geolocation lookup is performed server-side using your IP address only - we do not use browser-based geolocation or GPS.
When you enable push notifications on your device, we collect your device push token via Firebase Cloud Messaging (FCM). This token is used solely to send you notifications about your child's goals and activity. Push tokens are stored in our database and associated with your account. You can disable push notifications at any time through your device settings.
We use cookies to:
We use your personal information to:
We use goal and Epic Tools data in aggregated, de-identified form to:
Important: This aggregated data is de-identified before analysis and cannot be used to identify specific users, children, or families.
We may use your information to:
Our Goal Wizard feature uses artificial intelligence (currently Google's Gemini Flash 2.0, though this may change in the future) to generate personalized goal suggestions. This process:
The AI processing occurs in real-time through our third-party AI provider, and you retain full control over what information becomes part of your child's permanent goal record. We may change AI service providers in the future to improve our service.
Super Epic Goals allows parents and primary account holders to invite other individuals to access their child's profile. Invited users may include family members, friends, support workers, and healthcare professionals (such as occupational therapists, speech pathologists, or NDIS support coordinators).
We operate a four-level privacy control system. When you invite a user, you determine which data they can access. By default, invited users have limited visibility. You may grant broader access at your discretion. The levels are:
Where you invite a professional (such as a therapist, teacher, or support worker) to view your child's profile, you are providing consent for that person to view data within their assigned access level. Invited professionals remain bound by their own professional obligations. Super Epic Group is not responsible for how invited users use or store data they view through the platform.
You may revoke an invited user's access at any time through your account settings. Upon revocation, that user will immediately lose access to your child's data on the platform. We do not control any notes or information the invited user may have recorded independently.
We do not sell, trade, or otherwise transfer your personal information to third parties for their marketing or commercial purposes.
We may share your information with trusted service providers who assist us in operating our platform, including:
All service providers are contractually obligated to keep your information secure and use it only for the specific services they provide to us.
We may disclose your information if required by law or if we believe such action is necessary to:
All data is encrypted both at rest and in transit through our hosting providers (MongoDB and Vercel).
We implement role-based access controls so that users only access data relevant to their assigned permission level. Access events are logged to support security monitoring and audit purposes.
We regularly review our security practices and update them as necessary. We work toward alignment with the Australian Cyber Security Centre's Essential Eight mitigation strategies.
We retain your personal information:
Goal and activity data (including Epic Tools records) is retained for as long as your account is active. When you delete your account, all associated data is permanently removed unless retention is required by law.
When you request data deletion, we will remove your personal information while maintaining your user ID to preserve system functionality and prevent service disruptions.
You have the right to:
To exercise these rights, contact us at saiful.nasir@superepicgroup.com with the subject line “Privacy Request.” We will respond within 30 days.
You can request deletion of your personal data through your account settings. Please note:
You may withdraw your consent to our collection and use of your personal information at any time by contacting us or closing your account. Please note that withdrawing consent may limit or prevent us from providing some or all of our services to you.
You can control cookies through your browser settings, though this may affect your experience on our platform.
Super Epic Goals is designed for parents and families to use with their children. We take the privacy of children's data seriously, particularly given our platform's use with children who may have autism, ADHD, or related conditions.
Information collected about children (including name, birth month/year, goal data, and Epic Tools data) is:
Parents and guardians have full control over their child's information, including who can access it and at what permission level, and can request its deletion at any time.
We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of a data breach that is likely to result in serious harm to any individual whose data is involved, we will:
If you believe your data may have been compromised, please contact us immediately at saiful.nasir@superepicgroup.com with the subject line “Data Breach Report.”
Our primary database (MongoDB) is located in Australia. Your stored data (account information, goals, activity records) resides in Australia.
Our application is hosted on Vercel, which uses a global edge network. Your requests may be processed at the nearest Vercel edge location, which could be in Australia, the United States, Europe, or Asia-Pacific, depending on your geographic location. This processing is transient — your persistent data remains stored in our Australian database.
When you use our Goal Wizard feature, input data (child's gender, conditions/goals, time preferences, and age) is sent to Google's Gemini AI service, which is processed on servers located in the United States. We take the following steps to protect this data:
Before using the Goal Wizard, you will be notified that data is processed overseas and given the option to proceed or decline.
Push notification tokens are processed through Firebase Cloud Messaging (operated by Google) in the United States. This is limited to your device token and notification content. Subject to Google's Data Processing Addendum.
If you access our service from outside Australia, your information may be transferred to and processed in Australia (where our database resides) and may transit through other countries via our edge network and service providers. By using our service, you consent to these transfers.
We apply the same privacy protections to all users regardless of location. We do not currently claim compliance with GDPR (EU), CCPA (California), or other non-Australian privacy frameworks, but we handle all personal information in accordance with the Australian Privacy Principles, which provide robust privacy protections for all users.
We may update this Privacy Policy from time to time. When we do:
If you have a concern or complaint about how we have handled your personal information, we encourage you to contact us first so we can attempt to resolve the matter directly.
To make a privacy complaint:
If you are not satisfied with our response, or if you prefer to lodge a complaint directly with a regulatory body, you may contact:
For any other questions or requests regarding this Privacy Policy or our data practices:
Super Epic Group
Email: saiful.nasir@superepicgroup.com
Melbourne, Australia
For privacy-related inquiries, please include “Privacy Policy” in your email subject line.
This Privacy Policy is designed to comply with the following Australian privacy legislation and principles:
While our platform is used by families of children with various needs (including autism, ADHD, and related conditions), the data we collect through Epic Tools does not constitute health information under the Health Records Act 2001 (Vic). Epic Tools are engagement and motivational activities — not clinical assessments, diagnostic tools, or health management instruments. Data from these tools is not used to diagnose, treat, or manage any medical or health condition.
All personal information collected through our platform is handled in accordance with the Australian Privacy Principles with the highest standard of care appropriate for children's data.
Super Epic Goals includes an optional “$ (dollar) mode” feature that allows parents to represent a child's earned stickers as a dollar amount. This feature is purely a motivational and tracking tool designed to help older children engage with the concept of earning and saving.
Important: The dollar balance displayed in Super Epic Goals is not real money. It does not represent any actual funds held, managed, or owed by Super Epic Goals or Super Epic Group. The application is not a bank, financial institution, or payment service. No real currency is stored, transferred, or guaranteed by this feature.
Parents and guardians are solely responsible for determining whether and how any represented dollar amounts are honoured in the real world (for example, as pocket money). Super Epic Goals collects and displays the balance figure solely to support the motivational purpose of the feature, and this data is handled under the same privacy protections as all other profile data described in this policy.
This Privacy Policy is effective as of the date listed above and applies to all users of Super Epic Goals.