Policies and Terms > Privacy Policies > TeamOS Addendum

TeamOS Privacy Addendum

Effective date: 2 March 2026

Applies to: Users of the TeamOS platform

Preamble

This Addendum supplements the TMS Privacy Policy (July 2024). It applies specifically to users of the TeamOS platform.

If you are located in Australia, the Australia Addendum (Nov 2023) also applies. If you are located in the UK, EU, or EEA, the GDPR Addendum (July 2024) also applies. Together, these documents form our complete privacy terms for your use of TeamOS.

Order of precedence (TeamOS use only):
1) This TeamOS Privacy Addendum  →  2) Relevant jurisdictional addendum (Australia or GDPR)  →  3) TMS Privacy Policy (July 2024).

All other terms of the July 2024 Privacy Policy remain unchanged.

Data Controller

The data controller responsible for your personal information collected and processed through TeamOS is:

Team Management Systems IP Pty Ltd
ABN: 60 677 148 355
139 Coronation Drive, Brisbane, QLD 4064, Australia
Phone: +61 (0)7 3368 2333
Email: info@teammanagementsystems.com

EU Representative (GDPR Article 27):
PLANIT // LEGAL, Hamburg, Germany

For privacy-specific inquiries, contact our Privacy Officer at: info@teammanagementsystems.com

1. Scope

This Addendum describes additional data processing that occurs when you use TeamOS. It does not replace the TMS Privacy Policy (July 2024) and should be read alongside it and, where applicable, the GDPR or Australia Addendum.

2. Additional Categories of Data Processed

When you use TeamOS, we process:

  • Conversation data: your chat inputs, queries, and related responses.
  • Profile and assessment data: limited extracts from your TMS assessments or team data, only where necessary to generate outputs.
  • System metadata: device identifiers, logs, and interaction timestamps.

We apply pre-send redaction to remove or minimise direct identifiers (such as names, emails, or account numbers) before data is shared with processors.

3. Processors and Data Hosting

In addition to the processors described in our TMS Privacy Policy, TeamOS relies on the following third-party processors:

3.1 OpenAI, Inc. (United States)

AI model services for conversational features and insights. Your conversation data and assessment extracts are processed by OpenAI's AI models to generate responses. Data submitted may be retained for up to 30 days for security and abuse monitoring, and is not used to train models.

3.2 Microsoft Corporation (Australia / Global)

Microsoft provides two services for TeamOS:

  • Azure App Services: application hosting, hosted in the Australia East data centre. All platform data is processed and stored within this region.
  • Azure Active Directory (Entra ID): authentication for users who sign in via Microsoft Teams. Processes your Azure AD Object ID, tenant ID, and email address.

3.3 Clerk, Inc. (United States)

Authentication services for users who sign in via email or social login.

3.4 Supabase, Inc. (Australia)

Database hosting, data storage, and role-based access control. Hosted on AWS Sydney (Australia).

3.5 Resend, Inc. (United States)

Email delivery for system notifications and platform communications. Processes your email address, message content, and delivery events (sent, delivered, opened, bounced).

3.6 Cloudflare, Inc. (Global)

Content delivery and DDoS protection. Processes IP addresses and request metadata. Cloudflare does not store personal data beyond what is needed for each request.

International Transfers

Your platform data and database are hosted in Australia (Microsoft Azure Australia East and AWS Sydney). However, some personal data is transferred to the United States for processing:

Processor Data transferred Purpose
OpenAI, Inc. Conversation data, assessment extracts (redacted) AI model processing
Clerk, Inc. Email address, name, session data Authentication (email/social login users only)
Resend, Inc. Email address, message content Email delivery
Cloudflare, Inc. IP address, request metadata Content delivery and security

These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission (EU 2021/914), supplemented by:

  • Encryption in transit and at rest
  • Data minimisation and automatic redaction of direct identifiers before AI processing
  • OpenAI's commitment not to use your data for model training

For Australian users: You acknowledge these international transfers by accepting this Addendum and using TeamOS, as described under Australian Privacy Principle 8.1.

4. Lawful Bases for Processing

We process your data based on the following lawful bases under GDPR Article 6 (and equivalent principles under the Australian Privacy Act and applicable US state laws):

4.1 Essential TeamOS Services (Contractual Necessity)

  • What: Account creation, authentication (via Clerk or Azure AD), basic platform access, data storage (via Supabase), email delivery (via Resend).
  • Legal basis: Processing necessary for performance of the contract between you and TMS (GDPR Article 6(1)(b)).
  • You cannot opt out of this processing while using TeamOS.

4.2 AI-Powered Features (Explicit Consent)

  • What: Processing psychometric data and assessment results through OpenAI's AI models to generate insights, recommendations, and conversational responses.
  • Legal basis: Explicit consent (GDPR Article 6(1)(a) and Article 9(2)(a) for special category data).
  • Consent collected: Via a standalone consent dialog when you first enable AI features. AI consent is separate from account creation — you can create an account and use non-AI features without consenting to AI processing.
  • Right to withdraw: You may withdraw consent at any time in your account settings under “Privacy & Data.” AI features will be disabled immediately, but you can continue using all non-AI features.

4.3 Platform Security and Integrity (Legitimate Interests)

  • What: Security monitoring, fraud prevention, abuse detection, system logging, debugging.
  • Legal basis: Legitimate interests (GDPR Article 6(1)(f)).
  • Our legitimate interest: Protecting the platform, users, and data from unauthorised access, misuse, and security threats.

4.4 Legal and Regulatory Compliance (Legal Obligation)

  • What: Responding to valid legal requests, complying with data protection laws, regulatory reporting.
  • Legal basis: Compliance with legal obligations (GDPR Article 6(1)(c)).

Withdrawal of Consent: If you withdraw consent for AI processing (Section 4.2), we will immediately cease processing your data for AI purposes. You can continue to use non-AI features without providing consent.

5. Retention

5.1 Chat and Interaction Data

  • Retention period: 12 months from the date of the conversation.
  • After 12 months: Automatically deleted or anonymised.

5.2 Assessment Extracts

  • Retention period: The shorter of (a) the duration of your active subscription/contract with TMS, or (b) 24 months following your last login to TeamOS.
  • After retention period: Deleted in accordance with our standard deletion procedures.

5.3 System Logs and Metadata

  • Retention period: 90 days from creation.
  • After 90 days: Automatically deleted.

5.4 Processor Retention

  • OpenAI: Retains data for up to 30 days for security and abuse monitoring, after which it is deleted. OpenAI does not use your data to train models.
  • Clerk: Retains authentication data for the duration of your active account.
  • Supabase: Retains data for the duration of our service contract, subject to our deletion instructions.
  • Resend: Retains email delivery event data for the duration of our service contract.

You may request early deletion of your data at any time by contacting info@teammanagementsystems.com or using the data deletion controls in your account settings. Note that data retained by OpenAI for security monitoring (up to 30 days) may not be immediately deletable due to security requirements.

6. Data Subject Rights

In addition to the rights set out in our TMS Privacy Policy and any applicable jurisdictional addendum, you have the following rights in relation to TeamOS:

6.1 Right to Withdraw Consent

  • Withdraw consent to AI processing at any time in your account settings under “Privacy & Data.”
  • Withdrawal is effective immediately — AI features will be disabled.
  • You can continue to use non-AI features without AI consent.
  • Withdrawing consent does not affect the lawfulness of processing prior to withdrawal.

6.2 Right to Access

  • Request a copy of all personal data we hold about you in TeamOS.
  • Includes conversation history, assessment data extracts, and account metadata.
  • Provided in machine-readable format (JSON) within 30 days of request.

6.3 Right to Rectification

  • Request correction of inaccurate or incomplete personal data.
  • We will correct data within 30 days and notify relevant processors.

6.4 Right to Erasure (“Right to be Forgotten”)

  • Request deletion of your TeamOS data at any time.
  • We will delete your data within 30 days and forward deletion requests to processors.
  • OpenAI may retain data for up to 30 days after our deletion request for security monitoring purposes, after which it is permanently deleted.
  • Some data may be retained if required by law (e.g., financial records, legal claims).

6.5 Right to Data Portability

  • Request transfer of your data to another service in machine-readable format.
  • Applies to data you provided based on consent or contract.

6.6 Right to Object

  • Object to processing based on legitimate interests (e.g., security logging).
  • We will cease processing unless we can demonstrate compelling legitimate grounds.

How to Exercise Your Rights:
Email: info@teammanagementsystems.com
Account Settings: Privacy & Data section (for consent withdrawal and data deletion)
Phone: +61 (0)7 3368 2333

We will respond to rights requests within 30 days (or 1 month under GDPR). If we require more time, we will inform you within that period.

7. Sensitive Information and Special Category Personal Data

7.1 Classification

Psychometric assessment results and workplace preference data processed in TeamOS are classified as special category personal data under GDPR Article 9 (revealing aspects of personality, behavioural traits, and working preferences) and as sensitive information under the Australian Privacy Act.

7.2 Legal Basis for Processing Special Category Data

Under GDPR Article 9(2)(a), we rely on your explicit consent to process special category personal data through AI features. This consent is collected via a standalone consent dialog (separate from account creation) that:

  • Explains what special category data will be processed
  • Identifies the AI processor (OpenAI, Inc.)
  • Allows you to opt in or decline
  • Can be withdrawn at any time

7.3 Important Limitations

Do not enter the following into TeamOS chat:

  • Health information or medical conditions
  • Government identifiers (passport numbers, social security numbers, driver’s licence numbers)
  • Racial or ethnic origin
  • Political opinions or trade union membership
  • Biometric data
  • Genetic data
  • Sexual orientation

If you inadvertently enter such data, contact info@teammanagementsystems.com immediately for assistance with deletion.

7.4 Australian Users

By accepting this Addendum, Australian users provide express consent for:

  • Overseas disclosure of personal data (including psychometric assessment extracts) to OpenAI, Inc. (United States) for AI processing
  • Overseas disclosure of authentication and email delivery data to Clerk, Inc. and Resend, Inc. (United States)

The protections described in this Addendum apply to all processing of your data.

8. Data Breach Notification

8.1 Our Obligations

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

To Supervisory Authorities (GDPR Article 33):

  • Notify the relevant data protection authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
  • Provide details of the breach, likely consequences, and measures taken or proposed.

To You (GDPR Article 34):

  • Notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.
  • Provide clear information about the nature of the breach, contact point for more information, likely consequences, and measures taken or proposed.

8.2 Australian Users

Under the Australian Privacy Act (Notifiable Data Breaches scheme), we will notify you and the Office of the Australian Information Commissioner (OAIC) if a breach is likely to result in serious harm.

8.3 Processor Breaches

If a breach occurs at a processor (OpenAI, Microsoft, Clerk, Supabase, or Resend), we will work with that processor to assess the breach and fulfil our notification obligations.

Contact for breach-related inquiries: info@teammanagementsystems.com

9. Disclaimers

AI outputs generated in TeamOS are probabilistic, may be inaccurate, and do not constitute professional advice. You remain responsible for how you use outputs generated by TeamOS.

TeamOS is not a substitute for:

  • Professional psychological assessment or counselling
  • Legal, medical, or financial advice
  • HR decision-making or employment assessments

Always verify AI-generated outputs and consult qualified professionals for important decisions.

10. Changes to This Addendum

We may update this Addendum to reflect changes in data processing practices, new legal requirements, or feedback from users and regulators.

Notice of material changes:

  • Email notification to registered users at least 30 days before effective date
  • Prominent notice on TeamOS platform
  • Updated effective date on this document

Your options if you disagree with changes: You may withdraw consent and cease using TeamOS. Non-AI features may remain available depending on the nature of the change. Contact info@teammanagementsystems.com to discuss concerns.

11. Contact

For any questions about this Addendum or your rights, contact:

Privacy Officer, Team Management Systems
Email: info@teammanagementsystems.com
Phone: +61 (0)7 3368 2333
Mail: 139 Coronation Drive, Brisbane, QLD 4064, Australia

EU Representative: PLANIT // LEGAL, Hamburg, Germany

Supervisory Authorities:

  • Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au
  • EU/EEA: Your local Data Protection Authority
  • UK: Information Commissioner’s Office (ICO) — www.ico.org.uk

Document Version: 1.2  |  Last Updated: 2 March 2026  |  Next Review: 1 July 2026