There are two types of togetherAI user accounts: children (Child User(s)) through child user accounts (Child User Account(s)) and parent or guardians (Parent Guardian User(s)) using parent guardian user accounts (Parent Guardian User Account(s)) (together, User(s), you, your). A Child User Account operated using the togetherAI Child App must be connected with a Parent Guardian User Account operated using the togetherAI Parent App and vice versa.
togetherAI monitors information processed via third party applications such as social media and messaging platforms on a Child User’s device, as authorised by the Child User, information uploaded by the Child User and data (including personal information) generated from a Child User and/or Parent Guardian User relating to the Child User’s apparent mood and wellbeing. It is designed to identify signs of potential emotional distress, cyber bullying and certain other issues that may impact on a Child User’s wellbeing, using togetherAI’s algorithms. togetherAI is not a crisis prevention or management service nor a medical service, and it may not detect all issues a Child User may be experiencing. We do not provide medical advice of any mind. Data collected is used to generate personalised wellbeing information to support Parent Guardian Users and Child Users to promote meaningful communication about a potential issue identified by togetherAI. For the avoidance of doubt, we do not disclose personal information of Child Users to Parent Guardian Users other than to provide chat functionality (that allows Parent Guardian Users to communicate with their linked Child Users) and information generated by the togetherAI algorithm about the Child User(s) potential wellbeing.
WE DO NOT PROVIDE ANY MEDICAL ADVICE, RECOMMENDATIONS OR DIAGNOSES. WE RECOMMEND THAT YOU SEEK ALL NECESSARY MEDICAL ADVICE, RECOMMENDATIONS OR DIAGNOSES FROM YOUR HEALTHCARE PRACTITIONER. WE DO NOT PROVIDE, OR REPRESENT THAT WE PROVIDE, ANY MEDICAL SERVICE AND WE ARE NOT A PARTY TO ANY CONTRACT FOR THE PROVISION OR RECEIPT OF ANY MEDICAL SERVICE. FURTHER, WE DO NOT REPRESENT OR WARRANT THAT TOGETHERAI WILL RESULT IN THE DIAGNOSIS, DETECTION, CURE OR PREVENTION OF ANY PSYCHOLOGICAL, MENTAL OR OTHER MEDICAL DISORDER OR ILLNESS.
togetherAI provides Users with the following functionality (together, the Services):
Parent Guardian User Accounts provide the following functionality to Parent Guardian Users:
- Ability to connect with any linked Child User account(s) and receive insights into the apparent wellbeing of any linked Child User;
- Ability to receive personalised, custom and tailored wellbeing suggestions that may assist in conversations that may be required between the Parent Guardian User and any linked Child Users to resolve wellbeing issues that the Child User may be facing;
- Ability to enter personal information related to their perceptions of the Child User’s wellbeing and emotional state; and
- Notification of potential issues with their nominated Child User’s life based on analysis of gathered data;
- Ability to communicate with any linked Child User account(s) via instant messaging.
Child User Accounts provide the following functionality to Child Users:
- A “companion” avatar in the form of a cartoon figure that the Child User can create through their Child User Account that asks the Child User daily wellbeing questions and provides personalised wellbeing suggestions regarding issues or incidents that may impact on the Child Users’ wellbeing;
- Notification to any linked Parent Guardian User account(s) of the apparent wellbeing of the Child User; and
- Ability to communicate with any linked Parent Guardian User account(s) via instant messaging.
Unless you have agreed when registering for a user account to enter into an End User Licence Agreement with us at [insert URL] you cannot access any part, or use any functionality made available through togetherAI.
You are required to comply with all applicable privacy laws.
When a User first accesses their user account on togetherAI, they are provided with our privacy collection notice. The privacy collection notice is made in accordance with APP 5, which notifies the User (among other things) the circumstances under which we collect their personal information, the purpose for the collection and the likelihood that their personal information will be disclosed to overseas recipients.
Users must provide the relevant privacy consents and authorisations required by law in order for the personal information that is entered into togetherAI to be collected, disclosed and otherwise processed by us. We provide our Users with a collection notice made under APP 5 prior to the User registering an account on togetherAI. You can access the Collection notices at [insert URL].
We rely on Users to ensure that all personal information collected from them and held by us is accurate, up to date, complete, relevant and not misleading. togetherAI also has functionality to enable Users to update, modify and correct personal information collected from them.
The types of personal information we collect and hold about Users
We collect and hold the following types of personal information:
Child Users: We collect the following types of personal information about Child Users:
- communication data (i.e. messages and/or media received and/or communicated by Child Users via third party apps that are monitored by togetherAI on the Child User’s device that may include health and other sensitive information);
- personal information, including health information, provided by the Parent Guardian User to us via togetherAI about linked Child Users;
- the Child Users’ device and network usage details (IP addresses) collected via the Child Users’ smartphone and/or tablet;
- survey responses and feedback;
- personal information, including health information, about the Child User generated by togetherAI’s algorithms such as information about the Child Users’ apparent wellbeing as determined by those algorithms;
- names, dates of birth, contact information, birth certificates and/or proof of legal guardianship or parentship in order to register an account on togetherAI and verify that the Child User is the child of a Parent Guardian User.
Parent Guardian Users: The types of personal information collected about Parent Guardian Users include proof of relationship to the applicable Child Users and/or proof of legal guardianship over the Child User(s), device and network details, survey responses and feedback and information received from Parent Guardian Users via togetherAI and the Services.
Non-Users: All information, including personal information, that is entered into or collected from third party applications by togetherAI, are stored in systems managed by us. The types of personal information collected about non-Users may include any communication data (i.e. messages and/or media received and/or communicated to the Child User) via social media, gaming and/or messaging applications on your smartphone and/or tablet approved by you and as required for us to provide togetherAI.
Information required for the support, maintenance and security of togetherAI: In order to support and maintain togetherAI and each part thereof, we collect and process user information including IP addresses, email addresses, user access logs, usernames, passwords, statistical data and information included by Users in error messages, technical support tickets and telephone calls to our support team.
How we collect personal information
Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. We only collect personal information that is necessary to provide the functionality of togetherAI, the Services and to otherwise operate our business.
We collect personal information, including health information, about Users when personal information is entered by the User into togetherAI, and when a User voluntarily discloses personal information to us (via the App, telephone, surveys, e-mail and online forms or elsewhere).
Users are responsible for ensuring that all consents and authorisations have been obtained or provided by them as required by law for the lawful collection of personal information that we collect from them.
How we use personal information
Information about how we use personal information about Users is set out in the following:
How we use and process that personal information of users:
- To manage, provide and support a User’s use of togetherAI and the Services
- In order to store personal information in databases and systems in our hosting environments at third party data centres.
- To provide technical support services to Users that require us to view and/or update personal information held in togetherAI
- When backing up and restoring data
- When conducting site traffic analysis
- When conducting research and development of togetherAI and the Services
- When carrying out marketing calls and sending newsletters and other promotional materials to identify and inform Users about products, functionality and/or services that may be of interest to them
- To improve and develop togetherAI or for general product and business development
- To carry out security audits, investigate security incidents and implement security processes and procedures that require access to personal information
- Backing up and restoring data that includes User’s personal information
- To handle complaints
Our reasons for collecting the personal information of users:
- Required to identify persons who use togetherAI and to identify persons who request technical support or wish to exercise their rights under privacy law to access, correct their personal information or to exercise their other rights with respect to their personal information
- Necessary for our legitimate interests (in order to operate and grow our business in order to administer and allow Users to operate togetherAI, and to enable us to operate our IT systems and networks, manage our hosting environments and ensure the successful delivery of togetherAI and the Services)
- For our accounting, billing and other internal administrative purposes.
- To comply with our legal and statutory obligations
- Required in order to determine which privacy law applies to the individual
How we use and process that personal information of non-users:
- As required to provide a User with togetherAI and the Services
Our reasons for collecting the personal information of non-users:
- Necessary for our legitimate interest (in order to operate our business and provide the Services)
- To comply with our obligations under our End User Licence Agreements
- As required to comply with our legal and statutory obligations
We also collect information about Users through their use of togetherAI, known as analytics data. Such analytics data includes information about devices accessing and/or paired with togetherAI, the amount of time a User spends on the togetherAI and in which parts of it, and the path navigated through it. However, all such information is de-identified data and is not collected in a form that could reasonably be expected to identify an individual. In any event, we only use analytics data to help us review, enhance and improve togetherAI and the Services (for statistical or research purposes) and to develop case studies and marketing material without identifying any individual.
How we hold and secure personal information
We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities.
We take reasonable steps to protect personal information that we hold using such security safeguards as are reasonable in the circumstances to take against loss, unauthorised access, modification and disclosure and other misuse and to implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
- only use reputable cloud hosting providers to host personal information;
- implement passwords and access control procedures and anti-virus and security controls for email and other applicable computer software and systems;
- maintain files in both hardcopy and electronic form at our offices and other access-controlled premises;
- operate online records managements system on secure networks;
- regularly perform security testing;
- regularly carry out security audits of our systems which seek to find and eliminate any potential security risks in our electronic and physical infrastructure as soon as possible;
- maintain physical security measures in our buildings and offices such as visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);
- require our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment and subcontractor agreements that we enter into with them;
- use SSL encryption on our systems;
- have data backup archiving and disaster recovery processes in place;
- if appropriate in the circumstances taking into account the state of the art, the costs of implementation and the nature, scope, content and purpose of the processing, we will encrypt personal information; and
- with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely destroyed.
Disclosure of personal information
We do not disclose personal information of Child Users to Parent Guardian Users other than information generated by the togetherAI algorithm and information contained in instant messages sent between a Child User and their linked Parent Guardian Users.
We will disclose personal information to our employees, officers, advisors, suppliers, agents and/or related entities who assist us in the performance of the Services. We ensure that they are aware of their information security responsibilities, are appropriately trained to meet those responsibilities and have entered into agreements which require them to comply with privacy and confidentiality obligations which apply to personal information that we provide to them.
We only disclose personal information that we collect to third parties as follows:
- professional agencies or other organisations authorised by Users;
- data storage and software providers who host togetherAI databases and information (e.g. email hosting providers and online CRM providers) on our behalf;
- when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
- where a person provides written consent to the disclosure of their personal information;
- where we become aware that specific personal information needs to be disclosed to protect the safety or vital interests of any person. Please note that while we may monitor personal information entered into, or generated via togetherAI from time to time, we do not review all such information and do not represent that we will monitor any person’s use of togetherAI or their wellbeing;
- if we are contacted by any person who represents to us that they are a User, for security purposes, we will only discuss the personal information that we hold about them with them if they correctly identify themselves as such according to our security measures;
- to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences;
- for the enforcement of a law imposing a pecuniary penalty;
- for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); and
- to police and other governmental bodies or regulatory authorities where required by law.
Third party websites
togetherAI may include links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third party website prior to sending personal information to them. All Users should contact us in the first instance, if they have any enquiries about any links on togetherAI.
You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on our websites or integrated via notifications via togetherAI. These widgets and tools may collect your IP address and other personal information. Your interaction with such widgets and tools, and any single sign-on services is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal information.
Interacting with us without disclosing personal information
You do not have the option of not identifying yourself or using a pseudonym when contacting us to enquire about togetherAI and/or when you use togetherAI or any part of it as it is not practical for us to provide you with access and/or use of togetherAI if you refuse to provide us with your personal information.
We may transfer your personal information to our contractors and service providers who assist us with the supply and provision of togetherAI to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will take reasonable steps to ensure that such recipients do not breach the APPs in relation to personal information or other relevant State and Territory laws (as applicable). At present we transfer your personal information to our interstate contractors and service providers within Australia. We do not currently use offshore contractors and service providers.
How to access and correct personal information held by us
Users who wish to access and correct the personal information held by us about them should contact us. Prior to contacting us or submitting a request for access to correct any personal information held about them, Users can update their personal information by logging into their account on togetherAI. Multi-factor authentication is required when you update your personal information. We will leverage a range of tools to attempt to ensure that personal information is up to date and accurate at all times. However, we encourage you to contact us in any event and we would be happy to assist you.
Once an account is deleted, we may still be required to retain the data in accordance with our data retention obligations. It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person's vital interests).
In addition to clause 10.3, personal information will be stored for 7 years. Any data that is no longer required for the maintenance of active Users will be deleted after this period. We will only keep personal information (including health information) for longer periods than specified above, where required under applicable law.
As an alternative to deleting personal information, we may elect to de-identify it where permissible by law. We will de-identify certain types of personal information for the purpose of improving togetherAI and for provision to third parties for marketing and research purposes (such as to map usage trends to improve subsequent usage experiences, to understand User profiles, to develop more relevant and engaging experiences and for marketing purposes).
Where you require personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter, unless applicable law requires us to retain the personal information in which case, we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.
We will handle all requests for access to personal information in accordance with our statutory obligations. You can request to receive a copy of your personal information by emailing firstname.lastname@example.org. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request. We will endeavour to provide a response to any request for access to personal information within 72 hours from the time a request is made.
Our contact details
Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact us as follows:
Privacy Representative/ Data Protection Officer:
We will use our best endeavours to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.
If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the Australian Privacy Principles, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
Telephone: 1300 363 992
Address: GPO Box 5218, Sydney NSW 2001
New Zealand Customers and Data Subjects
Collection of personal information
We will only collect personal information for a lawful purpose which is connected to a function or activity of our businesses to the extent that it is necessary for such purpose.
Where possible, we will collect personal information from the individual concerned. Before we obtain information from a third party, we will obtain consent from the individual for such collection.
Before we collect personal information from an individual or as soon as it becomes practicable to do so, we will disclose to the individual:
- The fact that the information is being collected;
- The purpose for which the information is being collected;
- The intended recipient of the information, being togetherAI Pty Ltd;
- The consequences for that individual if all or part of the requested information is not provided; and
- The rights of access to, and correction of information provided by the IPPs.
Provision of personal information to third parties
Where it is necessary for personal information to be given to a third party in connection with the provision of services that they provide to us, we will do everything reasonably within our power to prevent unauthorised use or unauthorised disclosure of the information by them.
Storage and security of personal information
If we hold personal information about you, we will ensure that the information is protected by such security safeguards as are reasonable in the circumstances to take against loss, access, use, modification, unauthorised disclosure and other misuse.
If it is necessary for the information to be given to a person in connection with the provision of a service to us, everything reasonably within our power is done to prevent unauthorised use or unauthorised disclosure of the information.
Requests for access to and correction of personal information
Individuals whose personal information is governed by the Privacy Act (New Zealand) are entitled to seek access to and correction of it in accordance with that legislation.
Any person who wishes to access personal information about them that we hold should contact us. You may request urgent access to your personal information in accordance with section 41 of the Privacy Act (New Zealand) and state why the request should be treated as urgent. We will on receipt of such request, consider the request and reasons, determine the priority given to it and ensure that we provide reasonable assistance to a person who makes such a request.
We will also take such steps as are reasonable in the circumstances to ensure that personal information that we hold are accurate, up to date, complete and not misleading.
In the event that a person wishes to access their personal information and it is readily retrievable by us, they can also request from us either of the following: (a) to obtain confirmation from us as to whether or not we hold such personal information; and (b) access to the personal information; and (c) be advised if they are able to correct such personal information.
We will as soon as possible and in any event no later than 20 working days from the date on which the request is made, decide to grant or refuse the request and provide the person who made the request with or post to them, our decision. We may in our discretion charge a reasonable fee for making information available in compliance with the request or for correcting any information in compliance with a request (in whole or in part) or for attaching a statement of any correction sought but not made, subject to our compliance with the New Zealand Information Privacy Principles.
If a person submits a request to access their personal information to us, we may refuse their request on one or more of the grounds set out in section 30 of the Privacy Act (New Zealand). If we refuse to comply with a request to access their personal information, we will provide the individual who made the request with our reasons for our denial and an opportunity to file a complaint with the Commissioner, to seek an investigation and a review of the refusal.
Where we hold personal information governed by the Privacy Act (New Zealand) about an individual, they are entitled to request correction of the information and request that there be attached to the information a statement of the correction sought but not made.
We will only hold personal information for as long as is required for the purposes for which the information may lawfully be used.
If you are not satisfied with our response to any privacy-related concern you may have, you can contact the Privacy Commissioner:
Office of the Privacy Commissioner:
PO Box 10-094, Wellington, New Zealand
Phone: 04 474 7590 / Fax: 04 474 7595
Enquiries Line (from Auckland): 302 8655 / Enquiries Line (from outside Auckland): 0800 803 909
European Customers and Data Subjects
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. The User of togetherAI’s Services is the controller of the User’s personal data. We are the processor of the User and other person’s personal data that is processed by togetherAI.
If you have concerns about the way we are handling your personal data please let us know immediately. You may contact us for general data protection queries by email to our Data Protection Officer at email@example.com. Please advise us of as much detail as possible in order for us to comply with your request.
Collection of personal data
We collect all categories of personal data that are entered into togetherAI or that is collected and/or entered into user authorised third party applications such as social media, messaging and gambling applications. Please see above for more information about the categories of personal data that we collect and the third party applications that togetherAI can be setup to monitor on Child User smartphone and tablet devices.
Purpose and legal basis for processing customer and data subject personal data
he table at 4.1 above sets out the legal bases under which we process data subject personal data pursuant to Article 6(1) of the GDPR. Pursuant to the GDPR, we will process your data for the following purposes:
- With your consent: where you have given consent to the processing;
- For contractual performance: where it is necessary for the performance of the contract between us;
- For safety and security: where your personal information is required to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of our policies; and
- To protect our legitimate business interests and legal rights.
Who will we disclose personal data to
Detailed information about who we disclose personal information to is set out above. This applies equally to personal data governed by the GDPR.
We do not transfer any personal data overseas. If we are obligated to do so, we will only transfer your personal data governed by the GDPR internationally in compliance with the GDPR and ensure that we have legally binding agreements in place to govern the receipt and processing of personal data offshore. Information about other appropriate or suitable safeguards is available from us on request.
Retention of customer and data subject personal data
It is our policy to retain personal data in a form which permits identification of any person only as long as is necessary for the purposes for which the personal data was collected, for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal data (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect any other person's vital interests).
Requirement to provide customer and data subject personal data to us
Please see Interacting with us without disclosing personal information above for information about the requirement to provide personal information to us and the limitations that apply where personal information is not provided. Those requirements and limitations equally apply to personal data governed by the GDPR.
togetherAI may use automated decision making, including automated decision making to process your personal information for the purpose of providing the Services. togetherAI includes functionality that evaluates a Child User’s device usage and interactions by and from the Child User through the device and assesses the likelihood that such interactions and usage may impact upon the Child User’s wellbeing. This assessment impacts upon the creation and availability of personalised health wellbeing suggestions made available to the applicable Parent Guardian Users and Child User. We use automated decision making with the consent that you provide when signing up as a User.
You can request a manual review of the accuracy of an automated decision if you are unhappy with it.
Rights under the GDPR
Under the GDPR, you have a number of rights, including:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to processing
You also have the right to lodge a complaint with any relevant supervisory authority. You are encouraged to contact us in the first instance at firstname.lastname@example.org, if you wish to exercise any of your applicable rights under the GDPR.