TENSH Privacy Policy

1. Introduction and Scope
TENSH Digital Health Pty Ltd (ABN 88 681 025 918), located at 61 Lower Fort Street, Dawes Point, NSW 2000, Australia (referred to as "TENSH", "we", "us", or "our"), operates the website available at www.tensh.au and the mobile application available on the Apple App Store and Google Play Store.

This Privacy Policy explains how we collect, use, disclose, and protect your personal and sensitive information, including health information. Given the nature of our digital health application, we recognise the heightened sensitivity of the information we collect and process. We are committed to safeguarding your privacy in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and other applicable laws and regulations.

Our app does not connect with the My Health Record system and operates independently of Australian government health record systems.

2. Definitions
For clarity, this Privacy Policy uses the following definitions aligned with Australian privacy law:
- Personal information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not.
- Sensitive information: A subset of personal information that includes health information, and information about an individual's racial or ethnic origin, political opinions, membership of political, professional or trade associations or unions, religious beliefs, sexual orientation, or criminal record.
- Health information: Information or an opinion about an individual's health, including physical, mental or psychological health, disability, or expressed wishes about future health services.

3. Personal and Sensitive Information We Collect
We collect the following types of information:

3.1 Account Information
- Username
- Email address

3.2 Health and Wellbeing Information
- Physical activity data
- Nutrition information
- Mindfulness practice data
- Sleep routine data
- Wellbeing assessment information
- Other user-generated health data related to behavioural change

3.3 Technical Information
- Device information
- IP address
- App usage statistics
- Log information

The provision of your personal and health information is voluntary. However, if you choose not to provide certain information, we may be unable to provide you with full access to our services or properly tailor them to your individual needs.

4. How We Collect Your Information
We collect your information through:
- Direct provision when you create an account and use our app
- Your interactions with our services
- Automated technologies such as cookies and similar technologies
- Integration with third-party fitness devices and apps (only with your explicit consent)

We collect information in accordance with APP 3, and we only collect information by lawful and fair means.

5. Purposes for Collection and Use
We collect, hold, use, and disclose your personal information for the following primary purposes:
- To create and manage your account
- To provide and personalise our digital health services
- To support personalised behavioural change strategies
- To enhance your overall wellbeing and health outcomes
- To improve our services and develop new features
- To communicate with you about your account and our services
- To ensure the technical functionality and security of our service
- To comply with legal obligations

We will not use your information for purposes other than those for which it was collected without your consent, unless such use is required or authorised by law.

6. Consent Mechanisms

6.1 Collection of Sensitive Information
We recognise that health information is sensitive information under the Privacy Act. As required by APP 3.3, we will only collect sensitive information (including health information) where:
- You have given explicit consent for its collection; and
- The information is reasonably necessary for one or more of our functions or activities.

6.2 Consent Withdrawal
You may withdraw your consent at any time for the collection and processing of your sensitive information. To do so, please contact us at contact@tensh.au. Please note that withdrawing consent may impact our ability to provide certain services.

7. Disclosure to Third Parties

7.1 Service Providers
We may disclose your information to third-party service providers who perform services on our behalf, such as:
- Cloud hosting services (primarily AWS, with servers located in Australia)
- Analytics providers
- Customer support services
- Payment processors

All third-party service providers are bound by contractual obligations to keep personal information confidential and secure, and to use it only for the purposes for which we disclose it to them.

7.2 Business Transfers
If TENSH is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

7.3 Legal Requirements
We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

7.4 Overseas Disclosure
While we primarily store and process your data in Australia, some of our service providers may access your data overseas. In such cases, we take reasonable steps to ensure these overseas recipients do not breach the APPs, including through contractual arrangements such as data processing agreements incorporating standard contractual clauses.

Countries where data may be accessed include the United States and countries within the European Economic Area. We will not disclose your personal information to overseas recipients without taking reasonable steps to ensure the overseas recipient does not breach the APPs in relation to the information.

8. Data Security Measures
We implement appropriate technical and organisational measures to protect your personal information from misuse, interference, loss, unauthori  sed access, modification, or disclosure. These measures include:
- Encryption of data in transit and at rest
- Access controls and authentication procedures
- Regular security assessments
- Staff training on privacy and security
- Physical security measures for our premises

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

9. Data Retention and Deletion Procedures
We retain your personal information for as long as your account is active or as needed to provide you services. Personal data is retained for the duration of your active account.

Upon account termination, we will delete your data within 28 days, following procedures monitored internally. We may retain certain information as required by law or for legitimate business purposes, such as to resolve disputes or enforce our agreements.

Where we retain information after account termination, we take reasonable steps to anonymise the information or maintain it in a form that does not permit identification of the individual.

10. Your Rights and How to Exercise Them
Under Australian privacy law, you have the right to:

10.1 Access and Correction
You have the right to access personal information we hold about you and to request correction of any information that is inaccurate, incomplete, or out of date.

10.2 Deletion
You may request deletion of your account and personal information at any time. Some information may be retained for legal, security, or business record purposes.

10.3 Complaints
If you believe we have breached the APPs or any other obligation under the Privacy Act in relation to your personal information, you can lodge a complaint with us using the contact details provided below.

10.4 How to Exercise These Rights
To exercise any of these rights, please contact us at contact@tensh.au. We commit to responding to your request within 14 days.

11. Handling of Health Information
As a digital health application, we recognise the sensitivity of health information and apply additional safeguards:
- Health information is accessed only by authorised personnel with a need-to-know basis
- Health information is encrypted both in transit and at rest
- We do not use health information for purposes other than those specified in this policy without consent
- We comply with applicable health records legislation in different Australian states, where relevant

12. Children's Privacy Protections
Our service is not directed to children under the age of 16. If we learn that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.

If our services are used by children with parental consent, we apply the same stringent security protocols for children's data as we do for adults, ensuring uniform data protection.

13. Data Breach Response
In the event of a data breach involving personal information, we will:
- 1. Conduct a prompt assessment to determine whether the breach is likely to result in serious harm
- 2. If the breach is likely to result in serious harm to affected individuals, notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme
- 3. Take remedial action to prevent future breaches

We will notify affected individuals as soon as practicable and provide recommendations on steps they can take to protect themselves.

14. Anonymity and Pseudonymity
Where it is lawful and practicable, you have the option of not identifying yourself or using a pseudonym when dealing with us. However, this may limit our ability to provide personalised health services.

15. Cookies and Technologies
We use cookies and similar tracking technologies to enhance your user experience on our platform. These technologies are not used for cross-site tracking or unnecessary data collection.

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our service.

16. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and sending you an email notification.

We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

17. Contact InformationIf you have any questions about this Privacy Policy or our privacy practices, please contact us at:
TENSH Digital Health Pty Ltd
61 Lower Fort StreetDawes Point, NSW 2000 Australia
Email: contact@tensh.au
Website: www.tensh.au/contact

This Privacy Policy was last updated on 10 March 2025