Product
Platform
Weekly briefings
Wellbeing check-ins
Help inbox
Cohort insights
Student workspace & timetable
Branding & white-label
Writing assistant
Before & after the six weeks
Rolling & staggered intakes
Trust Centre
Security
Privacy
Data residency
Compliance
Accessibility
Reliability
Legal
Subprocessors
HECVAT
Solutions
Why students leave
Student success & retention
Orientation & transition
Wellbeing & counselling
IT, security & procurement
First-year retention
Belonging & engagement
Early intervention
Support for Students obligation
Leading indicators
Join the waitlistView preview

Trust Centre

Compliance

Where we are on HECVAT, SOC 2, ISO 27001 and the AU Privacy Act, set out clearly.

Join the waitlist
 
View the preview
 

We tell you where we are today and don't claim a badge we haven't earned.

We don't claim certifications we haven't earned. This is the current picture of where we are.

HECVAT

Responses available

SOC 2

On the roadmap

ISO 27001

On the roadmap

Privacy Act

Aligned today

What is in place today

Where we stand today: what you can rely on now, and what's coming.

01

Privacy Act alignment

The product is built to align with the Australian Privacy Act and its APPs, with data minimisation and student rights designed in.

02

HECVAT responses

We maintain HECVAT-Lite self-assessment responses and will complete your institution's own security questionnaire alongside them, under NDA.

03

SOC 2: on the roadmap

We operate the controls SOC 2 looks for — access control, logging, and a documented change-management process where changes are tested in a separate non-production environment before release — and a formal audit is on the roadmap, not something we claim today.

04

ISO 27001: on the roadmap

An information-security management system aligned to ISO 27001 is planned. We're clear about that gap and don't imply a certificate we haven't earned.

What you can ask for

The documents and answers we can put in front of a vendor-assessment team.

HECVAT responses

A completed HECVAT-Lite self-assessment covering our security and privacy posture, available under NDA for procurement.

Architecture summary

A plain description of how tenants are isolated, where data lives, and how access is controlled.

Subprocessor list

A current, dated list of every subprocessor, its purpose, and its region.

DPA

A Data Processing Agreement covering roles, security, subprocessors, and breach notification. Current draft in counsel review.

Questionnaire support

We'll complete your institution's own security questionnaire alongside the standard documents.

Running a vendor assessment?

Ask for our HECVAT responses and compliance document set.

Join the waitlist
 
View the preview
 

What we never do

Support means seeing the pattern, not the person. These limits are built into the product, not just promised in a policy.

We never sell or share student data

Student data is used to run First Six for your institution — never sold, rented, or handed to advertisers or data brokers. Full stop.

We never build watchlists

Individual wellbeing answers stay private to the student. Staff see aggregate trends with small groups suppressed — never a named list of who to watch.

We never train external AI on student data

Student records are not used to train third-party models. AI features process only what staff submit, and that content is not retained for training.

We never hide where data lives

The system of record stays in Australia, and every subprocessor and region is listed openly here in the Trust Centre. No surprises.

Frequently asked questions

What security, privacy, and procurement teams ask us most.

Are you SOC 2 or ISO 27001 certified?

Not yet, and we won't imply otherwise. Both are on our roadmap. Today we operate the controls those frameworks look for and can walk you through them, but the formal certifications are still ahead of us.

Can you complete our HECVAT or security questionnaire?

Yes. We maintain HECVAT responses and will complete your institution's own questionnaire as part of the assessment, under NDA.

Do you align with the Australian Privacy Act?

Yes. Data minimisation, disclosure of overseas subprocessors, and student data rights are built in to align with the Privacy Act and the Australian Privacy Principles.

What about GDPR?

Our privacy posture (minimisation, purpose limitation, data rights, and a DPA) aligns closely with GDPR principles. For institutions with EU obligations we're happy to walk through the specifics.

Do you have a DPA we can sign?

A Data Processing Agreement is part of our legal pack. It covers processing roles, security measures, subprocessors, and breach notification. The current draft is in counsel review; we share the working version under NDA on request.

See it for your next cohort.

Join the waitlist
 
View the preview
 

Currently meeting with universities.

Product

Platform
Weekly briefings
Wellbeing check-ins
Help inbox
Cohort insights
Student workspace & timetable
Branding & white-label
Writing assistant
Before & after the six weeks
Rolling & staggered intakes

Trust centre

Knowledge Base
Security
Privacy
Data residency
Compliance
Accessibility
Reliability
Legal
Subprocessors
HECVAT
Status

resources

GuidesKnowledge Base

Solutions

Why students leave
Student success & retention
Orientation & transition
Wellbeing & counselling
IT, security & procurement
First-year retention
Belonging & engagement
Early intervention
Support for Students obligation
Leading indicators

Leading Indicators

DVC & PVC Students
Director of Student Experience
Wellbeing & Counselling
IT, Procurement & Privacy
Equity & Inclusion

Company

AboutCareersPress & Media Kit

Contact Us

Join the waitlistContact usReport a bugView preview

Platform Entry

Student platformStaff console
Privacy PolicyTerms of ServiceData Processing AgreementCookie Policy
© 2026 First Six. ACN: 699938817 All rights reserved.

See it for yourself

Walk through First Six the way a commencing student would, then see what their team sees. No sales call, no pitch. Just the real thing.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Book a demo

A short conversation where we walk through First Six against your kind of cohort. Bring your student experience team if it helps.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

See it for yourself

Walk through First Six the way a commencing student would, then see what their team sees. No sales call, no pitch. Just the real thing.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Book a demo

A short conversation where we walk through First Six against your kind of cohort. Bring your student experience team if it helps.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.