TENSH Digital Health Privacy Policy

1. Introduction

TENSH Digital Health PTY LTD (ABN: 88 681 025 918) ("TENSH", "we", "us", "our") is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Commonwealth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, store and protect your personal information when you use the TENSH platform (the "Service"). We are committed to a privacy-first approach that protects individual privacy while enabling organisations to support their workers' health and wellbeing.

Our Privacy Commitment:

  • We collect only the minimum personal information necessary to provide our Service
  • We never sell your personal information to third parties
  • We maintain strict data security measures and Australian data sovereignty
  • We provide you with complete control over your personal information
  • We operate with transparency about our data practices

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

Account Information:

  • Name and email address
  • Team affiliation (if you opt in to join a team)
  • Account preferences and settings

Health and Wellbeing Information:

  • Daily check-in responses regarding your habits in four areas:
    • Physical activity habits
    • Healthy eating habits
    • Mindfulness habits
    • Sleep habits
  • WHO-5 Wellbeing Index scores
  • TENSH Score (calculated based on habit performance)
  • Platform engagement data

Technical Information:

  • Device information and browser type
  • IP address location (general location only)
  • Usage patterns and interaction data
  • Log files and analytics data

2.2 Sensitive Information

Under Australian privacy law, your wellbeing scores and health habit information constitute sensitive information. We handle this information with the highest level of protection and only process it with your explicit consent.

2.3 Information We Do Not Collect

We do not collect:

  • Biometric data
  • Medical history or health records
  • Fitness tracking or any other wearable data 
  • Financial information

3. How We Use Your Information

3.1 Primary Purposes

We use your personal information to:

  • Provide and maintain the TENSH Service
  • Calculate your personalised TENSH score
  • Deliver personalised health habit recommendations
  • Generate Traffic Light Report performance indicators
  • Provide microlearning content based on your habit patterns
  • Improve our Service and develop new features
  • Communicate with you about your account and our Service

3.2 Secondary Purposes

With appropriate consent or legal basis, we may use your information to:

  • Create de-identified aggregate reports for your organisation (a minimum of five users required for reports to be generated)
  • Generate anonymised statistical data for research and product development
  • Comply with legal obligations

3.3 Organisational Reporting

If you opt in to sharing with your organisation, we provide de-identified, aggregate reports containing:

  • Average TENSH scores for your organisation
  • Average habit performance scores
  • Average WHO-5 wellbeing scores
  • Trend analysis over time

Important: Individual data is never shared with organisations. All reports require a minimum of five participating users to maintain anonymity.

4. Information Sharing and Disclosure

4.1 Service Providers

We share limited personal information with trusted service providers who assist in delivering our Service:

Cogniss Platform:

  • Our technology platform provider
  • May use anonymised and aggregated data for internal research and product development
  • Bound by comprehensive data processing agreements
  • Cannot use data for purposes beyond those specified in our agreement

Amazon Web Services (AWS):

  • Cloud infrastructure provider (Australia regions only)
  • Provides secure data storage and processing
  • Subject to strict data processing agreements
  • All data remains within Australian AWS regions

4.2 Team Sharing

If you choose to participate in team sharing:

  • Your organisation receives only aggregate, de-identified data
  • Minimum 5 users required for any report generation
  • You can withdraw from team sharing at any time
  • Individual identifying information is never shared

4.3 Legal Requirements

We may disclose personal information if required by law, including:

  • Court orders or subpoenas
  • Law enforcement requests with appropriate authority
  • Compliance with Australian regulatory requirements

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you and ensure equivalent privacy protection continues.

We Never:

  • Sell your personal information to third parties
  • Share individual health data with employers
  • Use your information for advertising purposes
  • Transfer data outside Australia without appropriate safeguards

5. Data Security and Protection

5.1 Security Measures

We implement comprehensive security measures to protect your personal information:

Technical Safeguards:

  • End-to-end encryption for data transmission
  • Encryption of data at rest
  • Regular security assessments and updates
  • Access controls and authentication protocols
  • Secure Australian-based cloud infrastructure

Administrative Safeguards:

  • Staff training on privacy and security
  • Access controls based on role requirements
  • Regular privacy impact assessments
  • Incident response procedures
  • Contractor and vendor security requirements

Physical Safeguards:

  • Secure data centre facilities (AWS Australia)
  • Environmental controls and monitoring
  • Restricted physical access controls

5.2 Data Breach Response

In the event of a data breach:

  • We will assess and contain the breach immediately
  • We will notify affected individuals within three business days
  • We will notify the Office of the Australian Information Commissioner if required
  • We will provide clear information about the nature of the breach and steps being taken
  • We will implement additional safeguards to prevent similar incidents

6. Your Rights and Choices

6.1 Access and Correction

You have the right to:

  • Access your personal information held by us
  • Request correction of inaccurate or incomplete information
  • Receive information about how your data is being used
  • Request a copy of your personal information in a portable format

6.2 Consent and Withdrawal

You can:

  • Withdraw consent for data processing at any time
  • Opt out of team sharing without affecting individual service
  • Choose which communications you receive from us
  • Delete your account and all associated data

6.3 Account Deletion

You can delete your account at any time:

  • All personal information will be permanently deleted within 30 days
  • You will receive confirmation of deletion
  • Some anonymised and aggregated data may be retained for research purposes
  • Deletion cannot be reversed once completed

6.4 Data Portability

Upon request, we will provide your personal information in a structured, commonly used format that allows you to transfer it to another service.

7. Data Retention

7.1 Retention Periods

  • Active Accounts: Personal information is retained while your account remains active
  • Deleted Accounts: All personal information is permanently deleted within 30 days of account deletion
  • Legal Requirements: Some information may be retained longer if required by law
  • Anonymised Data: Anonymised and aggregated data may be retained indefinitely for research and product development

7.2 Automatic Deletion

We automatically review and delete:

  • Inactive accounts after two years of no activity (with prior notice)
  • Temporary files and logs according to retention schedules
  • Backup data according to our data lifecycle policies

8. International Transfers

8.1 Australian Data Sovereignty

  • All personal information is stored and processed within Australia
  • We use AWS Australia regions exclusively
  • No personal information is transferred outside Australia without explicit consent and appropriate safeguards

8.2 Future International Expansion

If we expand internationally in the future:

  • We will update this privacy policy with a clear notification
  • We will implement appropriate cross-border data transfer safeguards
  • We will comply with applicable international privacy laws
  • Australian users' data will remain in Australia unless you explicitly consent otherwise

9. Children's Privacy

The TENSH Service is designed for use in the workplace by adults aged 18 and over. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected information from a child under 18, we will delete it immediately.

10. Third-Party Links and Services

Our Service may contain links to third-party websites or services. This privacy policy does not apply to those third-party services. We encourage you to read the privacy policies of any third-party services you access through our platform.

11. Changes to This Privacy Policy

11.1 Updates and Notifications

We may update this privacy policy from time to time to reflect:

  • Changes in our practices or services
  • Changes in applicable privacy laws
  • Feedback from users and regulators
  • Evolution of privacy best practices

11.2 Notification Process

When we make changes:

  • We will notify you via email and in-app notification
  • Significant changes will be highlighted clearly
  • You will have the opportunity to review changes before they take effect
  • Continued use of the Service after changes constitutes acceptance

12. Contact Us

12.1 Privacy Officer

Tom Fitzgerald
Privacy Officer & Data Protection Officer
TENSH Digital Health PTY LTD

12.2 Contact Information

Email: privacy@tensh.au
Phone: 0478 123 587
Post: 61 Lower Fort Street, Dawes Point NSW 2000

12.3 Privacy Complaints

If you have concerns about our privacy practices:

  1. Contact our Privacy Officer using the details above
  2. We will acknowledge your complaint within 7 days
  3. We will investigate and respond within 30 days
  4. If you're not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC)

OAIC Contact:

13. Definitions

TENSH Score: A proprietary 14-day weighted health metric calculated from your daily check-in responses.

De-identified Data: Information that has had identifying details removed so that individuals cannot be identified.

Aggregate Data: Combined information from multiple users presented as statistical summaries.

Sensitive Information: Information about health, wellbeing, or other sensitive matters as defined under Australian privacy law.

Personal Information: Information that identifies you or could reasonably identify you, as defined under the Privacy Act 1988.

Document Details:

  • Entity: TENSH Digital Health PTY LTD
  • ABN: 88 681 025 918
  • Registered Address: 61 Lower Fort Street, Dawes Point NSW 2000
  • Effective Date: 1 July 2025
  • Review Date: 30 June 2026

TENSH is committed to improve Australians' health and create well beings by making workplace health support the norm.

Product
FeaturesFor Organisations
Resources
BlogSupportAbout
Legal
Privacy Policy
© 2025 TENSH. All rights reserved