1. Introduction and purpose of this policy
TogetherAI Pty Limited and its related entities TogetherAI USA, Inc and TogetherAI UK Limited (“us”, “we”, “our”) are committed to respecting your privacy. We will collect information about you through our website https://www.togetherai.com/ (the “Website”), the togetherAI App (the “App”, or “togetherAI”) and any communications with you in relation the Website or App or our services.
When you use the App, you will be either a Child User or Parent Caregiver User (each a “User”). A Child User Account must be connected to a Parent Caregiver User Account.
This Policy applies to you as follows:
- For users based in the UK or European Economic Area (“EEA”), TogetherAI UK Limited (registered office is Squire Patton Boggs (Uk) Llp (Ref: Csu) Rutland House, 148 Edmund Street, Birmingham, United Kingdom, B3 2JR) is the data controller of any information collected about you through the Website, App and any communications with us relating to the Website or App;
- For users based in North America, TogetherAI USA, Inc (registered office is Corporation Trust Center, 1209 Orange Street, in the City of Willmington, Count of New Castle in Delaware 19801) is the data controller of any information collected about you through the Website, App and any communications with us relating to the Website or App; and
- For users based in Australia and New Zealand, TogetherAI Pty Ltd (registered off is Level 2, 20 Hutchison Street, Surry Hills NSW, Australia 2010) is the data controller of any information collected about you through the Website, App and any communications with us relating to the Website or App.
We may update this Policy from time to time. Please check it regularly for updates. If you are not happy with any of the changes, you should stop using the Website and App. When required by law, we will tell you about any changes to this Policy either directly or by posting the changes on the Website/App.
Part 1 - General
2. Children's privacy practices
Our Website and App collect and use personal information relating to children including disclosing that data to their Parent/Caregiver in order to provide our services, subject to parental consent where required by applicable law as set out in this Policy, and more specifically as follows:
- When a child registers, they provide personal and demographic information;
- We monitor the child’s use of our Website, App and any third party services that the child or Parent/Caregiver link to our services;
- Children can respond to questions through the App (including open text response) and input information, including about how they feel and what they are thinking;
- We use this information to make inferences about the wellbeing of the child, including through the use of artificial intelligence, and may share that information with the child’s Parent/Caregiver, for example to provide tips and suggestions to the Parent/Caregiver about how to effectively communicate about the child’s wellbeing
- If you are the Parent/Caregiver you may contact us as set out in Section 11 below and ask to review or delete your child’s personal information at any time.
3. How we collect information about you
Information you provide to us directly. We will collect information from you when you register for an account, use the Website or App or communicate with us.
Information we collect from third parties. Where you are a Child User, we may collect information about you from your parent or caregiver when they register for an account. When you allow the App to monitor the third party apps you have on your devices (such as your mobile phone), such as social media and messaging apps, we may collect information about you those platforms. We do not control the privacy practices of those third parties.
Information collected automatically or inferred. We may collect technical information about your use of the App, such as details of your computer or other device, your IP address and network usage details.
We may combine information that we receive from these sources and use it for the purposes described below. We only use your personal information to provide you with our services through the App and as otherwise required by law.
4. The types of information we may collect
The types of information we may collect about you include:
- Identifiers such as your name and date of birth, your contact details, such as postal address, email address, phone number, account information, such as account number, account name, username and password, account creation date, and social media identifiers (e.g., Instagram name etc.) any unique personal identifier, online identifier and IP address.
- Health data: Where you are a Child User, we may collect information relating to your mental or physical health or wellbeing.
- Proof of legal guardianship or parentship for a Parent Caregiver User to register an account and confirm that the Child User is the child of a Parent Caregiver User.
- IT, internet or other electronic network activity information, such as the devices accessing togetherAI, the amount of time you spend on togetherAI and how you use it.
- Communications data such as:
(a) communications through the “companion” chatbot on the App, completing forms or surveys on the App and in-App conversations between Child Users and Parent Caregiver Users;
(b) data collected from external/third party apps that are linked to togetherAI such as data from devices (e.g. sleep and exercise data), music accounts, social media and messaging apps; and
(c) communications with us, including our support team.
- Inferences drawn about you using our algorithms and artificial intelligence to build profiles of individuals and families and understand differences in a child’s behaviour or feelings which may have resulted from positive or negative experiences.
You do not have to provide us with your personal information, but, if you do not provide it, you cannot use the App. However, you can browse our Website, such as the pages that generally describe our services and our Contact Us page. When you submit a form on our Website or become a user of togetherAI we will need to collect personal information in order to identify you and so that we can provide you with the App and our services
5. Why we use information about you
We will only use information about you for the purposes of providing our Website, App and our services, or as required by applicable laws. More specifically, we may process information about you:
- To provide the Website and App and maintain your account, including to communicate with you in the context of your use of our Website and App. Where you are a Child User, we will use the information you provide when you use the App, and data we collect about you, for example, from your parent or caregiver and from the social media platforms you use, to help us to understand what you are thinking and feeling. We will use that information to alert your parent/caregiver to any wellbeing issues that they may want to help you with and to provide them with guidance about how to approach this.
- For our own internal business purposes, such as debugging to identify and repair errors that impair the functionality of our systems and improve the quality of your interactions with us (including obtaining feedback you provide) and maintain proper business records and other relevant records. We also use anonymized data (that does not identify you) to perform internal research, quality assurance, conduct data analysis and testing, to evaluate or audit the usage and performance of our Website and App and to improve, operate and maintain them. We may also use this de-identified data to develop case studies and marketing materials.
- For security of togetherAI, our users, employees, or others, by detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity.
- For legal and compliance purposes, such as compliance training, investigating and responding to claims against us, due diligence purposes and tax requirements.
- In connection with a transaction, such as if we, or some of our assets, are acquired by another company, including through a sale or in connection with a bankruptcy, we may share your information with that company.
6. Disclosure of your personal information
We may share your information with the third parties described below. We do not sell your information to any third party.
Parents and Caregivers
Where you are a Child User, we will use the information we collect about you when you use the App and Website to provide your parent or caregiver with tailored wellbeing suggestions and materials and to notify them about any potential issues you might be experiencing. Your parent or caregiver will also receive communications you send to them through in-App conversations.
We share your information with our service providers where it is necessary for them to assist us to provide the App and Website or support our relationship with you, such as cloud hosting providers, data modelling tools, email hosting providers, online CRM providers and error monitoring providers. We share anonymous data with analytics providers.
For Legal, Security or Safety Purposes
In Connection with Corporate Transactions
We may disclose your information to buyers, their lawyers or advisors, where needed to affect the sale or transfer of business assets.
7. Automated functionality
togetherAI includes automated functionality that evaluates a Child User’s device usage and interactions by and from the Child User through their device and assesses the likelihood that such interactions and usage may impact the Child User’s wellbeing. This assessment impacts the creation and availability of personalised health wellbeing suggestions made available via the App to the applicable Parent Caregiver Users and Child User. However, this automated functionality is not used to make decisions that have legal or similarly significant effects.
We will only keep your information for as long as necessary to fulfill the purposes for which the information was collected, primarily to provide the App and our services. We will keep information about Child Users and Parent Caregiver Users for the duration of their account with us. We may keep your information for longer where we are required by law to do so. For more information on how long your information may be kept, please contact us at email@example.com.
9. Cookies and other tracking tools
10. Contact details
Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, to exercise their data protection rights or make a privacy complaint, may contact our Data Protection Officer at firstname.lastname@example.org.
We are committed to making the Website accessible to all people. That includes making the Website accessible to users who have disabilities. The Website has been designed to ensure that it meets or exceeds the requirements of World Wide Web Consortium (W3C) Web Content Accessibility Guidelines (WCAG) 2.0. It is our goal to ensure that content is posted in a format that conforms to WCAG for web content and that the Website is accessible with software designed for use by persons with disabilities. If you have comments or suggestions for the improvement of the Website, or to making it more accessible for all users, or if you encounter difficulty accessing the information on the Website, please contact us at email@example.com.
Part 2 - Specific information for EU, UK, NZ & Australian users
12. Additional information for individuals residing in the UK or EEA
The following paragraphs 22 – 30 of this Policy apply to Users and other persons residing in the UK or EEA pursuant to the General Data Protection Regulation (EU) 2016/679 (GDPR).
Data Protection Rights
If you are based in the UK or EEA, you have the following rights under the GDPR in relation to the personal information we hold about you, to request:
- Access to the personal data we hold about you (commonly known as a "data subject access request") including a copy of it;
- The correction of the personal information that we hold about you if it is incomplete or inaccurate, although if you hold an account with us, you may be able to do this in certain cases yourself by updating your account information on our Website or App;
- The deletion or removal of personal data we hold about you where there is no good reason for us continuing to process it or where you have exercised your right to object to processing (see below);
- For our processing of your personal information to be restricted in certain circumstances, for example if you want to establish its accuracy or the reason for processing it; and
- To obtain a copy of the personal information you’ve provided us with and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.
We may ask you for proof of your identity before dealing with your request, as a security measure to protect your data.
Right to Object
Where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop processing it and we must do so unless we believe we have an overriding legitimate reason to continue processing your personal data or if we need to process it for the establishment, exercise or defence of legal claims.
Right to Complain
If you are not happy with how we have handled your personal data, you have the right to make a complaint to your data protection regulator. In the UK, this is the Information Commissioner's Office (ICO). You can make a complaint to the ICO by calling their helpline on 0303 123 1113 or on their website at www.ico.org.uk/concerns.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO or, (if you’re based outside of the UK, your data protection regulator), so please do contact us in the first instance.
If you are based in the UK or EEA, we will only use your information where we have a lawful basis to use it. We will only use your data:
- where it is necessary for us to perform our contract with you. For example, where you are a Parent Caregiver User, to provide our services, to comply with our End-User Licence Agreement and set up and maintain your account on the App;
- in a way which might reasonably be expected as part of running our business and which does not materially impact your interests, rights or freedoms. For example, for safety and security reasons, such as the processing of personal information to verify accounts and activity, to monitor suspicious or fraudulent activity, and to identify violations of our policies and to provide users with the wellbeing services contemplated by the App. Please get in touch with us using the contact details provided above if you would like further information about this;
- where it is required to comply with our legal obligations. For example, to pass on details related to fraud or safeguarding concerns;
- where it is necessary to protect your or another individual’s vital interests. For example, where you are a Child User, we may share information about you (including health data, which is categorized as ‘special category data’ under data protection laws) with your parent/caregiver, the police or another agency if it is necessary to protect your vital interests; or
- where you have consented to our use of your information. For example, where you are a Child User, we will only process information about you (including health data) where you have explicitly consented or where your parent/caregiver has done so on your behalf.
International transfer of Personal Information
As we are a global business, it may be necessary for the personal data that we collect from you to be transferred to, or accessed from outside the UK or the EEA in order for us to provide the Website and App. For example, it may be accessed by our Australian group company, togetherAI Pty Ltd, in limited circumstances, for example, for internal administrative purposes, or to our service providers who are located or access personal data from outside the UK/EEA. Since togetherAI Pty Ltd is not established in theEU, it has appointed The DPO Centre Europe Ltd (Alexandra House, 3 Ballsbridge Park, Dublin, DO4c 7H2), as its EU representative for data protection in accordance with Article 27 of the GDPR.
If we do this, we have measures in place to ensure your data is protected in accordance with UK data protection laws. Where we transfer your personal information to countries deemed to provide an adequate level of data protection by the UK Government, we rely on that decision to transfer your personal information. For transfers to group companies and service providers outside the UK or the EEA where no adequacy decision applies, we use standard contractual clauses or other transfer tools provided for in the applicable data protection legislation to protect your personal information. Any transfer of your personal data will follow applicable laws and we will treat the information according to the principles set out in this Policy.
If you would like further information or a copy of the standard contractual clauses we use, please get in touch with us using the contact details provided above.
13. Additional information for individuals residing in Australia
The following paragraphs 31 – 45 of this Policy apply to Users and other persons residing in Australia pursuant to the Privacy Act 1988 (Australia).
When a User first accesses their user account on togetherAI, they are provided with our privacy collection notice. The privacy collection notice is made in accordance with Australian Privacy Principle (APP) 5, which notifies the User (among other things) of the circumstances under which we collect their personal information, the purpose for the collection and the likelihood that their personal information will be disclosed to overseas recipients.
How we collect personal information
Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. We only collect personal information (as described in Part 1 above) that is necessary to provide the functionality of the App, the services and to otherwise operate our business.
How we hold and secure personal information
We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities. We take reasonable steps to protect personal information that we hold using such security safeguards as are reasonable in the circumstances to protect against loss, unauthorised access, modification and disclosure and other misuse, and we implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
- only use reputable cloud hosting providers to host personal information;
- implement passwords and access control procedures, anti-virus, firewall and security controls for email and other applicable computer software and systems;
- maintain files, in both hardcopy and electronic form, at our offices and other access-controlled premises;
- operate online records managements systems on secure networks;
- regularly perform security testing;
- regularly carry out security audits of our systems which seek to find and eliminate any potential security risks in our electronic and physical infrastructure as soon as possible;
- maintain physical security measures in our buildings and offices such as visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);
- require our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment and subcontractor agreements that we enter into with them;
- use SSL encryption on our systems;
- have data backup archiving and disaster recovery processes in place;
- if appropriate in the circumstances (taking into account the state of the art, the costs of implementation and the nature, scope, content and purpose of the processing), we will encrypt personal information; and
- with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely destroyed.
We may transfer your personal information to our contractors and service providers offshore who assist us with the supply and provision of togetherAI to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will take reasonable steps to ensure that such recipients do not breach the APPs in relation to personal information or other relevant State and Territory laws (as applicable)..
How to access and correct personal information held by Us
Users who wish to access and correct the personal information held by us about them should contact us. Prior to contacting us or submitting a request for access to correct any personal information held about them, Users can update their personal information by logging into their account on togetherAI. Multi-factor authentication is required when you update your personal information.
Once an account is deleted, we may still be required to retain the data in accordance with our data retention obligations. It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person’s vital interests).
Unless we are required to retain personal information for a longer period in the circumstances described in paragraph 39, personal information will be stored for 7 years and any data that is no longer required for the maintenance of active Users will be deleted after this period. We will only keep personal information (including health information) for longer periods than specified above, where required under applicable law.
As an alternative to deleting personal information, we may elect to de-identify it where permissible by law. We may use personal information that we de-identify for the purpose of improving togetherAI and for provision to third parties for marketing and research purposes (such as to map usage trends to improve subsequent usage experiences, to understand User profiles and to develop more relevant and engaging experiences on togetherAI).
Where you require your personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter unless applicable law requires us to retain the personal information, in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.
We will handle all requests for access to personal information in accordance with our statutory obligations. You can request to receive a copy of your personal information by emailing firstname.lastname@example.org. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request. We will endeavour to provide a response to any request for access to personal information within 72 hours from the time a request is made.
Complaints to Australian Information Commissioner
We endeavour to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.
If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the APPs, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
Australian Information Commissioner
Telephone: 1300 363 992
Address: GPO Box 5218, Sydney NSW 2001
14. Additional information for individuals residing in New Zealand
The following paragraphs 47 – 60 of this Policy apply to Users and other persons residing in New Zealand that may be collected by us that is governed by the Privacy Act 2020 (New Zealand).
Collection of personal information
We will only collect personal information for a lawful purpose which is connected to a function or activity of our businesses to the extent that it is necessary for such purpose. Where possible, we will collect personal information from the individual concerned. Before we obtain information from a third party, we will obtain consent from the individual for such collection.
Before we collect personal information from an individual or as soon as it becomes practicable to do so, we will disclose to the individual:
- The fact that the information is being collected;
- The purpose for which the information is being collected;
- The intended recipient of the information;
- The consequences for that individual if all or part of the requested information is not provided; and
The rights of access to and correction of information provided by the Information Privacy Principles (IPPs)
Provision of Personal Information to Third Parties
Where it is necessary for personal information to be given to a third party in connection with the provision of services that they provide to us, we will do everything reasonably within our power to prevent unauthorised use or unauthorised disclosure of the information by them. The specific personal information that we collect, how we collect it, how we use it and who we disclose it to is set out above in this Policy
Storage and security of personal information
If we hold personal information about you, we will ensure that the information is protected by such security safeguards as are reasonable in the circumstances to take against loss, access, use, modification, unauthorised disclosure and other misuse. If it is necessary for the information to be given to a person in connection with the provision of a service to us, everything reasonably within our power is done to prevent unauthorised use or unauthorised disclosure of the information.
Requests for access to and correction of personal information
Individuals whose personal information is governed by the Privacy Act (New Zealand) are entitled to seek access to and correction of it in accordance with that legislation.
Any person who wishes to access personal information about them that we hold should contact us. You may request urgent access to your personal information in accordance with section 41 of the Privacy Act (New Zealand) and state why the request should be treated as urgent. We will on receipt of such request, consider the request and reasons, determine the priority given to it and ensure that we provide reasonable assistance to a person who makes such a request.
We will also take such steps as are reasonable in the circumstances to ensure that personal information that we hold are accurate, up to date, complete and not misleading.
In the event that a person wishes to access their personal information and it is readily retrievable by us, they can also request from us either of the following: (a) to obtain confirmation from us as to whether or not we hold such personal information; (b) access to the personal information; and (c) be advised if they can correct such personal information.
We will, as soon as possible and in any event no later than 20 working days from the date on which the request is made, decide to grant or refuse the request and provide the person who requested with, or post to them, our decision. We may in our discretion charge a reasonable fee for making information available in compliance with the request or for correcting any information in compliance with a request (in whole or in part) or for attaching a statement of any correction sought but not made, subject to our compliance with the New Zealand Information Privacy Principles.
If a person submits a request to access their personal information to us, we may refuse their request where permitted by the Privacy Act (New Zealand).
Where we hold personal information governed by the Privacy Act (New Zealand) about an individual, they are entitled to request correction of the information and request that there be attached to the information a statement of the correction sought but not made.
We will only hold personal information for as long as is required for the purposes for which the information may lawfully be used.
If you are not satisfied with our response to any privacy-related concern you may have, you can contact theNZ Privacy Commissioner:
Office of the Privacy Commissioner
PO Box 10-094, Wellington, New Zealand
Phone: 04 474 7590
Fax: 04 474 7595
Enquiries Line (from Auckland): 302 8655
Enquiries Line (from outside Auckland): 0800 803 909