TogetherAI assists parents or guardians and their children to deal with a range of mental health issues that may be impacting on their child using psychological best practice. There are two types of togetherAI user accounts, children (Child User(s)) through child user accounts (Child User Account(s)) and parent or guardians (Parent Guardian User(s)) using parent guardian user accounts (Parent Guardian User Account(s)) (together, User(s), you, your). A Child User Account operated using the togetherAI Child App must operate together with a Parent Guardian User Account operated using the togetherAI Parent App and vice versa.
TogetherAI monitors information collected from third party applications such as social media platforms and messaging platforms on a Child User’s device and information uploaded by the Child User and data (including personal information) generated from a Child User and/or Parent Guardian User relating to the Child User’s wellbeing on a daily basis. It is designed to identify signs of emotional distress, cyber bullying or other issues that may be impacting on a Child User’s mental health and wellbeing but does not detect all issues using togetherAI’s algorithms. Data collected are then used to generate personalised wellbeing information, guidance and tools to support both Users to communicate and have a meaningful resolution to the potential issues identified by TogetherAI.
For the avoidance of doubt, we do not disclose personal information of Child Users to Parent Guardian Users other than information generated by the togetherAI algorithm.
TogetherAI provides Users with functionality that can be used by them to collect, process and disclose personal information for the purposes of providing the following services (together, the Services):
Parent Guardian Accounts provide the following functionality to Parent Guardian Users:
- Ability to connect with any nominated Child User account(s) and receive insights into the behaviour and wellbeing of any linked Child User;
- Ability to receive personalised custom and tailored wellbeing information, tools and guidance from wellbeing experts to assist in conversations that may be required between the Parent Guardian User and any linked Child Users to resolve mental health and wellbeing issues that may be facing the Child User;
- Notification of potential issues with their nominated Child User’s life based on analysis of gathered data; and
- Ability to enter personal information related to their perceptions of the Child User’s wellbeing state.
Child User Accounts provide the following functionality to Child Users:
- A “guardian angel” avatar in the form of a cartoon figure that the Child User can create through their Child User Account that asks the Child User daily wellbeing questions and provides personalised wellbeing information, support and assistance for issues or incidents that may impact on the Child Users’ mental health and wellbeing.
Details about how we manage personal information about our New Zealand customers and their data subjects and information about how we manage personal information about customers and their data subjects that is governed by the GDPR are set out below.
Unless you have agreed when registering for a user account to enter into an End User Licence Agreement with us at www.togetherai.co you cannot access any part, or use any functionality made available through togetherAI.
You are required to comply with all applicable privacy laws.
When a User first accesses their user account on togetherAI, they are provided with our privacy collection notice. The privacy collection notice is made in accordance with APP 5, which notifies the User (among other things) the circumstances under which we collect their personal information, the purpose for the collection and the likeliness their personal information will be disclosed to overseas recipients.
Users must provide the relevant privacy consents and authorisations required by law in order for the personal information that is entered into togetherAI to be collected, disclosed and otherwise processed by us. We provide our Users with a template collection notice made under APP 5 prior to User registering an account on togetherAI. You can access the Collection notice at www.togetherai.co.
We rely on Users to ensure that all personal information collected from them and held by us are accurate, up to date, complete, relevant and not misleading. togetherAI also has functionality to enable Users to update, modify and correct personal information collected from them at any time.
The types of personal information we collect and hold about Users
We collect and hold the following types of personal information:
Child Users: We collect the following types of personal information about Child Users:
- communication data (i.e. messages and/or media received and/or communicated by Child Users via other apps that are monitored by the App on the Child User’s device that may include health and other sensitive information);
- information provided by the Parent Guardian User to us via the App about linked Child Users;
- the Child Users’ device and network usage details (IP addresses) collected via the Child Users’ smartphone and/or tablet;
- survey responses and feedback;
- personal information about the Child User generated by the App’s algorithms such as information about the Child Users’ apparent mood, mental health and wellbeing as determined by those algorithms;
- personal information about the Child User that is obtained by togetherAI from a third party service or affiliate that is approved by the Parent Guardian User and/or Child User; and
- names, dates of birth, contact information, birth certificates and/or proof of legal guardianship or parentship in order to register an account on the App and verify that the Child User is the child of a Parent Guardian User.
Parent Guardian Users: The types of personal information collected about Parent Guardian Users include proof of relationship to the applicable Child Users and/or proof of legal guardianship over the Child User(s), device and network details, survey responses and feedback, information received from Parent Guardian Users via togetherAI and the Services.
Non-Users: All information, including personal information, that is entered into or collected from third party applications by togetherAI, are stored in systems managed by us. The types of personal information collected about non-Users may include any communication data (i.e. messages and/or media received and/or communicated by you and other third parties to the Child User) via social media, gaming and/or messaging applications on your smartphone and/or tablet approved by you and as required for us to provide togetherAI.
Information required for the support, maintenance and security of togetherAI: In order to support and maintain togetherAI and each part thereof, we collect and process user information including IP addresses, email addresses, user access logs, usernames, passwords, statistical data and information included by Users in error messages, technical support tickets and telephone calls to our support team.
How we collect personal information
Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. We only collect personal information that is necessary to provide the functionality of togetherAI and to otherwise operate our business.
We collect personal information about Users when personal information is entered by the User into togetherAI, when it is transmitted to us from third party applications via User authorised integrations in accordance with our obligations to do so pursuant to a contract with a User and when a User voluntarily discloses personal information to us (via telephone, surveys, e-mail and online forms).
Users are responsible for the lawful collection of personal information.
How we use personal information
Information about how we use personal information about Users is set out in the following:
How we use and process that personal information of users:
- To manage, provide and support a User’s use of togetherAI and the Services.
- In order to store personal information in databases and systems in our hosting environments at third party data centres.
- To provide technical support services to Users that require us to view and/or update personal information held in togetherAI.
- When backing up and restoring data
- When conducting site traffic analysis
- When conducting research and development of togetherAI and the Services
- When carrying out marketing calls and sending newsletters and other promotional materials to identify and inform Users about products, functionality and/or services that may be of interest to them
- To improve and develop togetherAI or for general product and business development
- To carry out security audits, investigate security incidents and implement security processes and procedures that require access to personal information
- Backing up and restoring data that includes User’s personal information
- To handle complaints
Our reasons for collecting the personal information of users:
- Required to identify persons who use togetherAI and to identify persons who request technical support or wish to exercise their rights under privacy law to access, correct their personal information or to exercise their other rights with respect to their personal information
- Necessary for our legitimate interests (in order to operate and grow our business in order to administer and allow Users to operate togetherAI, and to enable us to operate our IT systems and networks, manage our hosting environments and ensure the successful delivery of togetherAI and the Services)
- For our accounting, billing and other internal administrative purposes.
- To comply with our legal and statutory obligations
- Required in order to determine which privacy law applies to the individual
How we use and process that personal information of non-users:
- As required to provide a User with togetherAI and the Services
Our reasons for collecting the personal information of non-users:
- Necessary for our legitimate interest (in order to operate our business and provide the Services)
- To comply with our obligations under our End User Licence Agreements
- As required to comply with our legal and statutory obligations
We also collect information about Users through their use of togetherAI, known as analytics data. Such analytics data includes information about devices accessing and/or paired with togetherAI, the amount of time a User spends on the togetherAI and in which parts of it, and the path navigated through it. However, all such information is de-identified data and is not collected in a form that could reasonably be expected to identify an individual. In any event, we only use analytics data to help us review, enhance and improve togetherAI and the Services (for statistical or research purposes) and to develop case studies and marketing material without identifying any individual.
How we hold and secure personal information
We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities.
We take reasonable steps to protect personal information that we hold using such security safeguards as are reasonable in the circumstances to take against loss, unauthorised access, modification and disclosure and other misuse and to implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
- only use reputable cloud hosting providers to host personal information;
- implement passwords and access control procedures and anti-virus and security controls for email and other applicable computer software and systems;
- maintain files in both hardcopy and electronic form at our offices and other access-controlled premises;
- operate online records managements system on secure networks;
- perform security testing and maintain other electronic (e-security) measures for the purposes of securing personal information, such as passwords, anti-virus management and firewalls;
- carry out security audits of our systems which seek to find and eliminate any potential security risks in our electronic and physical infrastructure as soon as possible
- maintain physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);
- require our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment and subcontractor agreements that we enter into with them;
- use SSL encryption on our systems;
- have data backup archiving and disaster recovery processes in place;
- if appropriate in the circumstances, taking into account the state of the art, the costs of implementation and the nature, scope, content and purpose of the processing, we will encrypt personal information;
- have anti-virus and security control for email and applicable software and systems; and
- with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely destroyed.
Disclosure of personal information
We do not disclose personal information of Child Users to Parent Guardian Users other than information generated by the togetherAI algorithm.
We only disclose personal information that we collect to third parties as follows:
- to Parent Guardian Users (but only to the extent that such personal information is information generated from the togetherAI algorithm);
- our employees, officers, advisors, suppliers, agents and/or related entities who assist us in the performance of the Services;
- professional agencies or other organisations authorised by Users;
- data storage and software providers who host togetherAI databases and information (e.g. email hosting providers and online CRM providers) on our behalf;
- third party contractors for statistical, design and/or operational purposes;
- when performing contracts, we may outsource certain obligations to third party contractors in accordance with our contractual rights (such as hosting, software development and other professional services). Professional services carried out by them may require access to an individual’s personal information. We ensure that all staff and contractors are aware of their information security responsibilities, are appropriately trained to meet those responsibilities and have entered into agreements which require them to comply with privacy and confidentiality obligations that apply to personal information that we provide to them;
- SEO and marketing providers when carrying out direct marketing calls and emails by our personnel or those engaged on our behalf or to discuss their experience with togetherAI and the Services. All individuals will be given the opportunity to ‘opt out’ of any direct marketing calls or emails;
- when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
- where a person provides written consent to the disclosure of their personal information;
- where it is brought to our attention that specific personal information needs to be disclosed to protect the safety or vital interests of any person;
- if we are contacted by any person who represents to us that they are a User, for security purposes, we will only discuss the personal information that we hold about them with them if they identify themselves accurately and truthfully;
- to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences;
- for the enforcement of a law imposing a pecuniary penalty;
- for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation);
- police and other governmental bodies or regulatory authorities where required by law.
Third party websites
togetherAI may include links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third party website prior to sending personal information to them. All Users should contact us in the first instance, if they have any enquiries about any links on togetherAI.
You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on our websites or integrated via notifications via togetherAI. These widgets and tools may collect your IP address and other personal information. Your interaction with such widgets and tools, and any single sign-on services is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal information.
Interacting with us without disclosing personal information
You do not have the option of not identifying yourself or using a pseudonym when contacting us to enquire about togetherAI and/or when you use togetherAI of any part of it as it is not practical for us to provide you with access and/or use of togetherAI if you refuse to provide us with your personal information.
We may transfer your personal information to our contractors and service providers who assist us with the supply and provision of togetherAI to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will take reasonable steps to ensure that such recipients do not breach the APPs in relation to personal information or other relevant State and Territory laws (as applicable). At present we transfer your personal information to our interstate contractors and service providers within Australia. We do not currently use offshore contractors and service providers.
How to access and correct personal information held by us
Users who wish to access and correct the personal information held by us about them should contact us. Prior to contacting us or submitting a request for access to correct any personal information held about them, Users can update their personal information by logging into their account on togetherAI, where such functionality is available. Multi-factor authentication would be required when you update your personal information. We will leverage a range of tools to attempt to ensure that personal information is up to date and accurate at all times. However, we encourage you to contact us in any event and we would be happy to assist you.
Once an account is deleted, we may still be required to retain the data in accordance with our data retention obligations. It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person's vital interests).
In addition, personal information will be stored for 7 years. Any data that is no longer required for the maintenance of active Users will be deleted after this period. We will keep personal information (including health information) for longer periods than specified above, where required under applicable law.
As an alternative to deleting personal information, we may elect to de-identify it where permissible by law. We will de-identify certain types of personal information for the purpose of improving togetherAI and for provision to third parties for marketing and research purposes (such as to map usage trends to improve subsequent usage experiences, to understand User profiles, to develop more relevant and engaging experiences and for marketing purposes).
Where you require personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter, unless applicable law requires us to retain the personal information in which case, we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.
We will handle all requests for access to personal information in accordance with our statutory obligations. You can request to receive a copy of your personal information by email to Dane Sharp at email@example.com. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request. We will endeavour to provide a response to any request for access to personal information within 72 hours from the time a request is made.
Our contact details
Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact us as follows:
Privacy Representative/ Data Protection Officer:
Dane Sharp at firstname.lastname@example.org
We will use our best endeavours to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.
If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the Australian Privacy Principles, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
Telephone: 1300 363 992
Address: GPO Box 5218, Sydney NSW 2001
New Zealand Customers and Data Subjects
Collection of personal information
We will only collect personal information for a lawful purpose which is connected to a function or activity of our businesses to the extent that it is necessary for such purpose.
Provision of personal information to third parties
Requests for access to and correction of personal information
Individuals whose personal information is governed by the Privacy Act (New Zealand) are entitled to seek access to and correction of it in accordance with that legislation.
As set out above, any person who wishes to access personal information about them held in any of our platforms should contact us. You may request urgent access to your personal information in accordance with section 41 of the Privacy Act (New Zealand) and state why the request should be treated as urgent. We will on receipt of such request, consider the request and reasons and determine the priority given to it and ensure that we provide reasonable assistance to a person who makes such a request.
We will also take such steps as are reasonable in the circumstances to ensure that personal information that we hold are accurate, up to date, complete and not misleading.
In the event that a person wishes to access their personal information and it is readily retrievable by us, they can also request from us either of the following: (a) to obtain confirmation from us as to whether or not we hold such personal information; and (b) access to the personal information and be advised if they are able to correct such personal information.
We will as soon as possible and in any event no later than 20 working days from the date on which the request is made, decide to grant or refuse the request and provide the person who made the request with or post to them, our decision. We may in our discretion charge a reasonable fee for making information available in compliance with the request or for correcting any information in compliance with a request (in whole or in part) or for attaching a statement of any correction sought but not made, subject to our compliance with the IPPs.
If a person submits a request to access their personal information to us, we may refuse their request on one or more of the grounds set out in section 30 of the Privacy Act (New Zealand). If we refuse to comply with a request to access their personal information, we will provide the individual who made the request with our reasons for our denial and an opportunity to file a complaint with the Commissioner, to seek an investigation and a review of the refusal.
Where we hold personal information governed by the Privacy Act (New Zealand) about an individual, they are entitled to request correction of the information and request that there be attached to the information a statement of the correction sought but not made.
If you are not satisfied with our response to any privacy-related concern you may have, you can contact the Privacy Commissioner:
Office of the Privacy Commissioner:
PO Box 10-094, Wellington, New Zealand
Phone: 04 474 7590 / Fax: 04 474 7595
Enquiries Line (from Auckland): 302 8655 / Enquiries Line (from outside Auckland): 0800 803 909
European Customers and Data Subjects
Collection of personal data
We collect all categories of personal data that is entered into togetherAI or that is collected and/or entered into user authorised third party applications such as social media, messaging and gambling applications. Please see above for more information about the categories of personal data that we collect about.
Purpose and legal basis for processing customer and data subject personal data
Who will we disclose personal data to
Detailed information about who we disclose personal information to is set out above. This applies equally to personal data governed by the GDPR.
We do not transfer any personal data overseas. If we are obligated to do so, we will only transfer your personal data governed by the GDPR internationally in compliance with the GDPR and ensure that we have legally binding agreements in place to govern the receipt and processing of personal data offshore. Information about other appropriate or suitable safeguards is available from us on request.
Retention of customer and data subject personal data
It is our policy to retain personal data in a form which permits identification of any person only as long as is necessary for the purposes for which the personal data was collected for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal data (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect any other person's vital interests).
Requirement to provide customer and data subject personal data to us
Please see above for information about the requirement to provide personal information to us and the limitations that apply where personal information is not provided. Those requirements and limitations apply equivalently to personal data governed by the GDPR.
togetherAI does not use automated decision making however it does include automated deduction. togetherAI includes functionality that evaluates a Child User’s smartphone and/or tablet device usage and/or interactions by and from the Child User through the smartphone and/or tablet device and diagnoses the likelihood that such interactions and usage will impact upon the Child User’s wellbeing and mental health. This diagnosis impacts upon the creation and availability of personalised wellbeing information, materials and/or tools made available to the applicable Parent Guardian Users and Child User.
Rights under the GDPR
Under the GDPR, you have a number of rights, including:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to processing
You also have the right to lodge a complaint with any relevant supervisory authority. You are encouraged to contact us in the first instance, if you wish to exercise any of your applicable rights under the GDPR.