Privacy Policy (AUS)

This Privacy Policy describes how togetherAI Pty Ltd ABN 71 642 255 570 (we, our, us) manages personal information about individuals whose data is collected and processed by the togetherAI App (the App, or togetherAI), whether or not such individuals are Users of togetherAI. togetherAI includes functionality that, among other things, identifies potential child wellbeing and mental health issues and provides suggestions to help parents and guardians communicate with their children about those issues. TogetherAI is downloadable from the Apple App Store and Google Play and is accessible via a smartphone or tablet. Click here to find out more about togetherAI!  

There are two types of togetherAI user accounts:  Child User Accounts; and Parent Caregiver User Accounts. A Child User Account must be connected to a Parent Caregiver User Account. 

togetherAI monitors information processed via third party applications (such as social media and messaging platforms) on a Child User’s smartphone or tablet device, as authorised by the Child User; information uploaded by the Child User; and data (including personal information) generated from a Child User and Parent Caregiver User relating to the Child User’s apparent mood and wellbeing. togetherAI is designed to identify signs of potential emotional distress, cyberbullying and other issues that may impact a Child User’s wellbeing and mental health, using togetherAI’s algorithms. togetherAI is not a crisis prevention or management service nor a medical service, and it may not detect all or any issues a Child User may be experiencing. We do not provide medical advice of any kind. Data collected is used to generate personalised wellbeing information to support Parent Caregiver Users and Child Users to promote meaningful communication between them about a potential wellbeing and/or mental health issue identified by togetherAI. 

WE DO NOT PROVIDE ANY MEDICAL ADVICE, RECOMMENDATIONS OR DIAGNOSES. WE RECOMMEND THAT YOU SEEK ALL NECESSARY MEDICAL ADVICE, RECOMMENDATIONS AND DIAGNOSES FROM YOUR HEALTHCARE PRACTITIONER. WE DO NOT PROVIDE OR REPRESENT THAT WE PROVIDE ANY MEDICAL SERVICE, AND WE ARE NOT A PARTY TO ANY CONTRACT FOR THE PROVISION OR RECEIPT OF ANY MEDICAL SERVICE. FURTHER, WE DO NOT REPRESENT OR WARRANT THAT TOGETHERAI WILL RESULT IN THE DIAGNOSIS, DETECTION, CURE OR PREVENTION OF ANY PSYCHOLOGICAL, WELLBEING, MENTAL OR OTHER MEDICAL DISORDER OR ILLNESS. PLEASE NOTE THAT WHILE WE MAY MONITOR PERSONAL INFORMATION ENTERED INTO OR GENERATED VIA TOGETHERAI FROM TIME TO TIME, WE DO NOT REVIEW ALL SUCH INFORMATION AND DO NOT REPRESENT THAT WE OR TOGETHERAI WILL DETECT ALL OR ANY SPECIFIC PSYCHOLOGICAL, MENTAL OR OTHER MEDICAL DISORDER OR ILLNESS OR ANY SPECIFIC WELLBEING ISSUES OR THAT WE WILL TAKE ANY SPECIFIC ACTION IF ANY SUCH MATTERS ARE DETECTED.

Users can access the following functionality in the App (the Services):

We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including, where applicable, the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (each, an APP), the EU General Data Protection Regulation 2016/679 (GDPR) and the Privacy Act 2020 (New Zealand). If we decide to change this Privacy Policy, we will post the updated version on this webpage. Our policy is to be open and transparent about our privacy practices.

Details about how we collect and process personal information collected from our New Zealand and EU Users, respectively, are set out at the end of this Privacy Policy.

1. Consents

When a User first accesses their user account on togetherAI, they are provided with our privacy collection notice. The privacy collection notice is made in accordance with Australian Privacy Principle (APP) 5, which notifies the User (among other things) of the circumstances under which we collect their personal information, the purpose for the collection and the likelihood that their personal information will be disclosed to overseas recipients. 

Users must provide the relevant privacy consents and authorisations required by law in order for the personal information that is entered into togetherAI to be collected, disclosed and otherwise processed by us for the purposes set out in this Privacy Policy. 

We rely on Users to ensure that all personal information collected from them and held by us is accurate, up to date, complete, relevant and not misleading. togetherAI also has functionality to enable Users to update, modify and correct personal information collected about them.

We encourage Users to ensure that they are familiar with this Privacy Policy to understand how we collect, use and otherwise process personal information about them via togetherAI or otherwise. 

2. Types of Personal Information We Collect and Hold about our Users

We collect and hold the following types of personal information:

Child Users
We collect the following types of personal information about Child Users: 

Parent Caregiver Users
The types of personal information collected about Parent Caregiver Users include:

Non-Users

Information required for the support, maintenance and security of togetherAI

3. How we collect personal information

Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. We only collect personal information that is necessary to provide the functionality of togetherAI, the Services and to otherwise operate our business.

We collect personal information, including health information, about Users when personal information is entered by the User into togetherAI, and when a User voluntarily discloses personal information to us (via the App, telephone, surveys, e-mail and online forms or elsewhere).

We also collect personal information from Child Users via other apps that are monitored by togetherAI on a Child User’s device. The Child User can configure the App so that it only collects and monitors data the is processed by specific third party apps.

Users are responsible for ensuring that all consents and authorisations have been obtained or provided by them as required by law for the lawful collection of personal information that we collect from them. 

4. How we use personal information

Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. We only collect personal information that is necessary to provide the functionality of togetherAI, the Services and to otherwise operate our business.

We collect personal information, including health information, about Users when personal information is entered by the User into togetherAI, and when a User voluntarily discloses personal information to us (via the App, telephone, surveys, e-mail and online forms or elsewhere).

We also collect personal information from Child Users via other apps that are monitored by togetherAI on a Child User’s device. The Child User can configure the App so that it only collects and monitors data the is processed by specific third party apps.

Users are responsible for ensuring that all consents and authorisations have been obtained or provided by them as required by law for the lawful collection of personal information that we collect from them. 

Personal information about users

How we use and process personal information that we collect

Why we collect personal information

Personal information about non-Users

How we use and process personal information that we collect

Why we collect personal information

5. Analytics data

We collect information about Users through their use of togetherAI, known as analytics data. 

Such analytics data is limited to information about devices accessing togetherAI, the amount of time a User spends on togetherAI and in which parts of it and the path navigated through it. 

All analytics data is de-identified and is not collected or held in a form that could reasonably be expected to identify an individual. 

In any event, we only use analytics data to help us review, enhance and improve togetherAI and the Services (for statistical or research purposes) and to develop case studies and marketing material without identifying any individual. 

6. How we hold and secure personal information

We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities.

We take reasonable steps to protect personal information that we hold using such security safeguards as are reasonable in the circumstances to protect against loss, unauthorised access, modification and disclosure and other misuse, and we implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.

We:

7. Disclosure of personal information

We do not disclose personal information of Child Users to Parent Caregiver Users, other than as set out in paragraphs 7.2 and 7.3, to provide the Services, including by providing information contained in instant messages sent between a Child User and their linked
Parent Caregiver Users to those Users in order for the Child User and Parent Caregiver user to communicate with each other via that instant messaging service.

We will disclose personal information to our employees, officers, advisors, suppliers, agents and related entities who assist us with the delivery of the Services. We take reasonable steps to ensure that they are aware of their information security responsibilities, are appropriately trained to meet those responsibilities and have entered into agreements which require them to comply with privacy and confidentiality obligations which apply to personal information that we provide to them.

We only disclose personal information that we collect to third parties as follows:

8. Third party websites

togetherAI may include links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third party website prior to sending personal information to them. All Users should contact us in the first instance, if they have any enquiries about any links on togetherAI.

You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on our websites or integrated into togetherAI. These widgets and tools may collect your IP address and other personal information. Your interaction with such widgets and tools, and any single sign-on services is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal information.

9. Interacting with us without disclosing personal information

If you do not provide us with your personal information, you cannot use the App or Services but you can browse our website without providing us with personal information, such as the pages that generally describe togetherAI that we make available and our Contact Us page. However, when you submit a form on our website or become a User of togetherAI we need to collect personal information from you in order to identify who you are, so that we can provide you with the Services, and for the other purposes described in this Privacy Policy.

You do not have the option of not identifying yourself or using a pseudonym when using togetherAI or contacting us to enquire about your User Account as it is not practical for us to provide you with access to the Services or to discuss your User Account if you refuse to provide us with your personal information.

10. Offshore disclosure

We may transfer your personal information to our contractors and service providers who assist us with the supply and provision of togetherAI to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will take reasonable steps to ensure that such recipients do not breach the APPs in relation to personal information or other relevant State and Territory laws (as applicable). At present we transfer your personal information to our interstate contractors and service providers within Australia. We do not currently use offshore contractors and service providers.

11. How to access and correct personal information held by us

Users who wish to access and correct the personal information held by us about them should contact us. Prior to contacting us or submitting a request for access to correct any personal information held about them, Users can update their personal information by logging into their account on togetherAI. Multi-factor authentication is required when you update your personal information.

Once an account is deleted, we may still be required to retain the data in accordance with our data retention obligations. It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person’s vital interests).

Unless we are required to retain personal information for a longer period in the circumstances described in clause 11.2, personal information will be stored for 7 years and any data that is no longer required for the maintenance of active Users will be deleted after this period. We will only keep personal information (including health information) for longer periods than specified above, where required under applicable law.

As an alternative to deleting personal information, we may elect to de-identify it where permissible by law. We may use personal information that we de-identify for the purpose of improving togetherAI and for provision to third parties for marketing and research purposes (such as to map usage trends to improve subsequent usage experiences, to understand User profiles and to develop more relevant and engaging experiences on togetherAI).

Where you require your personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter unless applicable law requires us to retain the personal information, in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.

We will handle all requests for access to personal information in accordance with our statutory obligations. You can request to receive a copy of your personal information by emailing dataprivacy@togetherai.co. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request. We will endeavour to provide a response to any request for access to personal information within 72 hours from the time a request is made. 

12. Our contact details

Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact us as follows:

Contact: Privacy Representative / Data Protection Officer 
Email: dataprivacy@togetherai.co

We endeavour to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.

If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the Australian Privacy Principles, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:

Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Address: GPO Box 5218, Sydney NSW 2001

New Zealand Customers & Data Subjects

Paragraphs 13 - 17 of our Privacy Policy applies to personal information of Users and other persons that may be collected by us that is governed by the Privacy Act 2020 (New Zealand).

13. Collection of personal information

We will only collect personal information for a lawful purpose which is connected to a function or activity of our businesses to the extent that it is necessary for such purpose.

Where possible, we will collect personal information from the individual concerned. Before we obtain information from a third party, we will obtain consent from the individual for such collection.

Before we collect personal information from an individual or as soon as it becomes practicable to do so, we will disclose to the individual: 

14. Provision of Personal Information to Third Parties

Where it is necessary for personal information to be given to a third party in connection with the provision of services that they provide to us, we will do everything reasonably within our power to prevent unauthorised use or unauthorised disclosure of the information by them.

The specific personal information that we collect, how we collect it, how we use it and who we disclose it to is set out above in this Privacy Policy.

15. Storage and security of personal information

If we hold personal information about you, we will ensure that the information is protected by such security safeguards as are reasonable in the circumstances to take against loss, access, use, modification, unauthorised disclosure and other misuse.

If it is necessary for the information to be given to a person in connection with the provision of a service to us, everything reasonably within our power is done to prevent unauthorised use or unauthorised disclosure of the information.

16. Requests for access to and correction of personal information

Individuals whose personal information is governed by the Privacy Act (New Zealand) are entitled to seek access to and correction of it in accordance with that legislation.

Any person who wishes to access personal information about them that we hold should contact us. You may request urgent access to your personal information in accordance with section 41 of the Privacy Act (New Zealand) and state why the request should be treated as urgent. We will on receipt of such request, consider the request and reasons, determine the priority given to it and ensure that we provide reasonable assistance to a person who makes such a request.

We will also take such steps as are reasonable in the circumstances to ensure that personal information that we hold are accurate, up to date, complete and not misleading.

In the event that a person wishes to access their personal information and it is readily retrievable by us, they can also request from us either of the following: (a) to obtain confirmation from us as to whether or not we hold such personal information; (b) access to the personal information; and (c) be advised if they can correct such personal information.

We will, as soon as possible and in any event no later than 20 working days from the date on which the request is made, decide to grant or refuse the request and provide the person who requested with, or post to them, our decision. We may in our discretion charge a reasonable fee for making information available in compliance with the request or for correcting any information in compliance with a request (in whole or in part) or for attaching a statement of any correction sought but not made, subject to our compliance with the New Zealand Information Privacy Principles.

If a person submits a request to access their personal information to us, we may refuse their request where permitted by the Privacy Act (New Zealand). 

Where we hold personal information governed by the Privacy Act (New Zealand) about an individual, they are entitled to request correction of the information and request that there be attached to the information a statement of the correction sought but not made. 

We will only hold personal information for as long as is required for the purposes for which the information may lawfully be used.

17. Complaints

If you are not satisfied with our response to any privacy-related concern you may have, you can contact the Privacy Commissioner:

Office of the Privacy Commissioner
PO Box 10-094, Wellington, New Zealand
Phone: 04 474 7590 / Fax: 04 474 7595
Enquiries Line (from Auckland): 302 8655
Enquiries Line (from outside Auckland): 0800 803 909
Email: enquiries@privacy.org.nz

European Customers & Data Subjects

Paragraphs 18 - 24 of our Privacy Policy apply to the personal data of Users and other persons that we may collect that is governed by the General Data Protection Regulation (EU) 2016/679 (GDPR). Article 4(1) of the GDPR defines ‘personal data’ as any information relating to an identified or identifiable natural person (data subject) and provides that an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

18. Collection of personal data

A User of togetherAI’s Services is the controller of the User’s personal data. We are the processor of the User and other person’s personal data that is processed by togetherAI.

If you have concerns about the way we are handling your personal data please let us know immediately. You may contact us for general data protection queries by email to our Data Protection Officer at dataprivacy@togetherai.co. Please advise us of as much detail as possible in order for us to comply with your request.

We require Users to consent to our Collection Notice in order for us to obtain the relevant consents and authorisations necessary for us to collect and process their personal data in accordance with this Privacy Policy. Please see above to understand how we collect data subject personal data and the sources that provide us with your personal data. We do not collect your personal data from any publicly available sources.

We collect all categories of personal data that are entered into togetherAI, or that is collected and entered into Child User authorised third party applications such as social media, messaging and gambling applications. Please see above for more information about the categories of personal data that we collect and the third party applications that togetherAI can be set up to monitor on Child User smartphone and tablet devices.

The table in paragraph 4.1 above sets out the legal bases under which we process data subject personal data pursuant to Article 6(1) of the GDPR.  Pursuant to the GDPR, we will process your data for the following purposes: 

We will not carry out any further processing activities on your personal data, other than as set out in this Privacy Policy or where permitted by law. 

19. Who we disclose personal data to

Detailed information about who we disclose personal information to is set out above. This applies equally to personal data governed by the GDPR.

20. International transfers

We do not transfer any personal data outside the European Economic Area. If we are obligated to do so, we will only transfer your personal data governed by the GDPR internationally in compliance with the GDPR and ensure that we have legally binding agreements in place to govern the receipt and processing of personal data offshore. Information about other appropriate or suitable safeguards is available from us on request.

21. Retention of customer and data subject personal data

It is our policy to retain personal data in a form which permits identification of any person only as long as is necessary for the purposes for which the personal data was collected, for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal data (except where we also need to retain the data in order to comply with our legal obligations or to retain the data to protect any other person’s vital interests).

22. The requirement to provide customer and data subject personal data to us

Please see Interacting with us Without Disclosing Personal Information above for information about the requirement to provide personal information to us and the limitations that apply where personal information is not provided.  Those requirements and limitations equally apply to personal data governed by the GDPR.

23. Automated decision making 

togetherAI may use automated decision making, including automated decision making, to process your personal information to provide the Services. togetherAI includes functionality that evaluates a Child User’s device usage and interactions by and from the Child User through their device and assesses the likelihood that such interactions and usage may impact the Child User’s wellbeing. This assessment impacts the creation and availability of personalised health wellbeing suggestions made available via the App to the applicable Parent Caregiver Users and Child User. We use automated decision making to provide this functionality with the consent that you provide when signing up as a User.

You can request a manual review of the accuracy of an automated decision if you are unhappy with it.

23. Automated decision making 

Under the GDPR, you have several rights, including:

You also have the right to lodge a complaint with any relevant supervisory authority. You are encouraged to contact us in the first instance at dataprivacy@togetherai.co, if you wish to exercise any of your applicable rights under the GDPR.