Privacy Policy | Togetha Software Docs

This Policy was last updated on 9 December 2025.

Who We Are

When we say ‘Togetha’, ‘we’, ‘us’ or ‘our’, we mean any of the following:

Togetha Group Pty Ltd
Togetha Group Hong Kong Limited
Willyama Togetha Pty Ltd
Togetha Software Pty Ltd

Togetha Group includes all entities, employees, and Contractors under Togetha Holdings Pty Ltd, operating in Australia, Hong Kong, and other regions.

Contact (Privacy): privacy@togetha.io

Trust Centre: https://trust.togetha.io/

Scope & How This Policy Works

This Privacy Policy explains how we collect, use, disclose, store, handle and protect your Personal Information across digital (eg. websites, email, sms, webinars, social media and apps) and in-person events, phone calls, video conferences, etc.

Read this together with any agreement we have with you (e.g., EULA) and the controls visible in our Trust Centre. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and other applicable privacy laws.

By interacting with us, you acknowledge you understand and agree with our use of your Personal Information and your rights in relation to your data.

Types of Data

User Data: All information collected from our customers that is not Personal Information.

Personal Information (Australia): Information or an opinion about an identified individual or an individual who is reasonably identifiable (as defined in the Privacy Act).

Personal Data (EU/UK/Vietnam and similar): Any information relating to an identified or identifiable natural person (GDPR Art. 4(1)). We use Personal Information and Personal Data interchangeably in this policy.

Sensitive Information: Examples include (non‑exhaustive) racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; sexual orientation or practices; criminal record; health/genetic data; certain biometric data. We generally do not collect Sensitive Information unless necessary, lawful, and with appropriate safeguards.

Data We Collect

We collect data depending on how you interact with us. Common items include:

Identity & contacts: name, employer and role/title, email address(es), phone number(s).
Purchase & support: billing/shipping details, product/license details, logs and usage info for troubleshooting.
Preferences: newsletter opt‑in, delivery confirmations and statistics.

We do not knowingly collect Personal Information from individuals under 18. If we become aware that we hold information about a minor, we will delete it.

Information Collected Through Interactions

Browsing our website: We log technical data (e.g., IP address, browser, date/time) and use analytics (e.g., Google Analytics).

Making enquiries: If you contact us, we collect information relevant to the enquiry and any details you provide.

Purchasing from us: We collect billing/shipping details and product/license information.

Support via our portal: We may collect usage information, system information, and logs necessary to diagnose issues.

Subscriptions: We store preferences, opt‑in consent, and tracking for statistics.

Use of our applications: Our cloud apps store only meta/config data with anonymised user IDs and write back to your Atlassian Cloud tenancy.

How We Collect Data

Directly: Where possible, we collect Personal Information from you.

Service Providers and Subprocessors: We may collect Personal Information from Atlassian, service providers, or legitimate promotional activities.

Unsolicited information: If you provide unsolicited Personal Information we could not have collected, we will destroy or de‑identify it as soon as practicable.

Technical information: We periodically gather technical metadata to provide updates, measure usage, and issue security/technical notices.

Cookies and Tracking Technologies

We also use cookies and similar tracking technologies to collect certain information automatically when you use our website or services.

What Are Cookies?

Cookies are small text files placed on your device when you visit our websites or use our applications. They help us remember your preferences, improve your experience, and analyze how our services are used. Cookies may be set by us (“first-party cookies”) or by third parties (“third-party cookies”) such as analytics providers or advertising partners.

Types of Cookies We Use

We use the following categories of cookies:

Strictly Necessary Cookies: Essential for the operation of our website and services (e.g., to enable logins, secure areas, or shopping carts). These cannot be switched off in our systems.
Performance/Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Google Analytics).
Functionality Cookies: Allow us to remember your preferences (such as language or region) and provide enhanced, more personalized features.
Targeting/Advertising Cookies: Used by us or third parties to deliver relevant advertising and track the effectiveness of our marketing campaigns.

Third-Party Cookies

Some cookies are set by third-party services that appear on our pages, such as analytics providers (e.g., Google Analytics), advertising networks, or embedded content. These third parties may use cookies to collect information about your online activities across different websites. We do not control these cookies; please refer to the third parties’ privacy and cookie policies for more information.

Legal Basis for Using Cookies

Strictly necessary cookies are used based on our legitimate interest in providing a secure and functional website.

All other cookies (analytics, functionality, advertising) are only used with your explicit consent, in line with GDPR requirements.

When you first visit our website, you will see a cookie banner or pop-up requesting your consent for non-essential cookies. You can accept or reject different categories of cookies, except those strictly necessary for the site to function.

You can change or withdraw your consent at any time by accessing our [Cookie Preferences Center] or adjusting your browser settings. Instructions for managing cookies in your browser can be found at http://www.allaboutcookies.org.

How to Manage Cookies

Browser Settings: Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of our website.

Cookie Preferences Center: You can update your cookie preferences at any time via the link in our website footer or cookie banner.

Contact Us

If you have any questions about our use of cookies or this policy, please contact us at privacy@togetha.io.

Children’s Privacy

Our Products and Services are not directed to children under 18. We do not knowingly collect Personal Information from children under 18. If we become aware of such collection, we will delete the information within 30 days of being aware. We are committed to complying with the Australian Children’s Online Privacy Code.

How We Use Data

Operate and improve services (identity verification, delivery, reliability, preferences, fraud prevention, compliance, updates, communications, support).

We may use technical data to the extent necessary to support or improve our Products/Services.

Legal Basis for Processing Personal Data

Under the General Data Protection Regulation (GDPR), we are required to inform you of the legal grounds on which we process your personal data. Depending on the specific purpose and context, we rely on different legal bases as set out in Article 6 of the GDPR. The table below outlines the main categories of personal data we process, the purposes for which we use them, and the corresponding legal basis. In some cases, more than one legal basis may apply depending on the nature of your interaction with us.

Data Category	Purpose of Processing	Legal Basis (GDPR Art. 6)
Account Information	Creating and managing user/customer accounts for Togetha apps and services	Contract (Art. 6(1)(b))
Contact Details	Communicating with clients, project stakeholders, and support users	Contract (Art. 6(1)(b)); Consent (Art. 6(1)(a)) for marketing
Billing & Payment Data	Invoicing, payment processing, and financial record-keeping	Contract (Art. 6(1)(b)); Legal Obligation (Art. 6(1)(c))
Project & Usage	Delivering project management, configuration, analytics, and reporting services; improving service quality	Contract (Art. 6(1)(b)); Legitimate Interests (Art. 6(1)(f))
Marketing Preferences	Sending newsletters, product updates, and event invitations	Consent (Art. 6(1)(a))
Technical Data (e.g., IP, device)	Security, troubleshooting, fraud prevention, and compliance	Legitimate Interests (Art. 6(1)(f))
Marketing Preferences	Sending newsletters and updates	Consent (Art. 6(1)(a))
Support Requests	Providing customer and technical support	Contract (Art. 6(1)(b))
Cookies & Tracking	Analytics, personalisation, advertising	Consent (Art. 6(1)(a)), except strictly necessary cookies (Legitimate Interests, Art. 6(1)(f))
Legal/Compliance Data	Fulfilling legal and regulatory obligations	Legal Obligation (Art. 6(1)(c))
Subprocessor Data	Engaging cloud providers (e.g., Atlassian, Microsoft, AWS) to deliver services	Contract (Art. 6(1)(b)); Legitimate Interests (Art. 6(1)(f))
Service Provider Data Access	Allowing third-party service providers (e.g., marketing consultants, IT support, cloud vendors) to access and process personal data as necessary to deliver contracted services to clients	Contract (Art. 6(1)(b)); Legitimate Interests (Art. 6(1)(f))

Automated Decision-Making

We do not use automated decision-making (including profiling) that produces legal or similarly significant effects on individuals, unless required or permitted by law and with appropriate safeguards. If such processes are introduced, we will provide clear information about the logic involved, the significance and consequences, and your rights to request human intervention, express your view, or contest the decision.

Direct Marketing Communications

We send marketing where you have consented. You can unsubscribe at any time.

If you receive a message purporting to be from us without signing up, treat it with caution and notify us.

Service Providers and Subprocessors

We may disclose your data to:

Related companies within our corporate group
Service providers who assist us in operating our business and delivering our products and services (for example, marketing agencies, delivery companies, consultants, IT support, and professional advisers)
Potential purchasers in connection with a sale or proposed sale of our business;
Legally Authorised organisations or parties you authorise;
Others as required or permitted by law (such as regulatory authorities or to comply with legal obligations).
Subprocessors (including cloud service providers such as Atlassian, AWS, and others) who process personal data on our behalf as part of delivering our products or services. These subprocessors are contractually required to implement appropriate data protection measures, either through our agreements or their own published Data Processing Addenda (DPAs). For more information and a current list of our subprocessors and their DPAs, visit https://trust.togetha.io/.

We include suitable privacy and confidentiality clauses in our agreements with service providers and subprocessors where practicable.

Service providers may access or handle personal information only as necessary to perform their contracted functions and are required to protect such information in accordance with our privacy requirements

All subprocessors are contractually required to implement appropriate data protection measures, either through our agreements or their own published Data Processing Addenda (DPAs). DPAs are available in https://trust.togetha.io.

Cross‑Border Transfer of Data

Using our Products/Services may involve international transfers of Personal Information.

We share Personal Information globally (Asia‑Pacific, Europe, North America, other locations) and implement measures to ensure compliance with applicable privacy laws.

Personal Information may be handled and stored by service providers in the United States, Australia, EU countries, Asia‑Pacific, and other jurisdictions where service providers or we operate.

Compliance statement: We comply with applicable privacy laws; if local laws grant additional rights, we honor them.

Data Protection in Different Regions

Australia (Australian Customers): EU laws are substantially similar to the Privacy Act/APPs. Other regions may not be equivalent; we use contractual safeguards. Non‑Australian recipients may not be subject to the Privacy Act/APPs; enforcement options may differ.

EU/UK Customers: We may transfer Personal Data outside the EEA/UK relying on EU SCCs (EU 2021/915) and the UK Addendum. Request redacted copies at privacy@togetha.io.

How We Protect Your Data

We implement reasonable measures to protect your Data. Trust Centre: https://trust.togetha.io/.

We will notify you of security breaches as soon as reasonably practicable.

Online transmissions cannot be guaranteed secure; exercise care and notify us of suspected unauthorised activity.

Liability exclusions apply to the maximum extent permitted by law, subject to non‑excludable consumer rights.

How Long We Keep Your Personal Information

We retain Personal Information only as long as necessary unless longer retention is required by law or reasonably necessary.

Your Rights

Choosing not to disclose: You may remain anonymous or use a pseudonym for general enquiries.

Access & correction: Request access/corrections; identity verification may be required; limited exceptions apply.

Right to be forgotten: Request deletion subject to law; we verify identity, assess feasibility, and delete where approved.

GDPR rights (EU/UK): Access, rectification, erasure, restriction, objection, portability; response within one month. Contact privacy@togetha.io

We may refuse to delete due to legal obligations (eg. Australian Tax Office requirement).

Questions or Complaints

Data Processing Officer: Brian Hill, brian.hill@togetha.group, +61 2 6190 1554

Unsubscribe or contact privacy@togetha.io

Supervisory Authorities:

Australia — OAIC: GPO Box 5218, Sydney NSW 2001; 1300 363 992; https://www.oaic.gov.au/; enquiries@oaic.gov.au

United Kingdom — ICO: Wycliffe House, Wilmslow, Cheshire SK9 5AF; +44 1625 545 700; https://ico.org.uk/; icocasework@ico.org.uk

European Union — Contact your Member State authority.

United States — Contact the relevant state authority.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will post the updated policy on this page and update the “Last updated” date at the top of the policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions about changes to this policy, please contact us at privacy@togetha.io.

Definitions

Contractors: Freelance contractor, a very small business, engaged by Togetha to perform specific tasks or projects as part of our delivery team. Contractors are not employees, but work under a contract for services, often on a temporary or project basis.

Personal Information / Personal Data: As defined by applicable law.

Data Subject: The individual the Personal Information relates.

Service Provider: An external organisation engaged by Togetha to deliver a specific set of services, often as part of their regular business operations. Service providers usually operate as independent businesses with their own staff, processes, and infrastructure.

Subprocessor: A type of service provider that processes personal data on our behalf as part of delivering our products or services. Subprocessors include cloud service providers (such as Atlassian, AWS, and others) and other organisations who process, store, or transmit personal data for us. Data Processing Agreements are available at https://trust.togetha.io.

Related Companies: Is any company that is partially owned by Togetha Group Holdings Pty Ltd.