Policies and Terms > Privacy Policies > TeamOS Addendum

TeamOS Privacy Addendum

Last updated: 10 March 2026

Next review: 1 July 2026

Applies to: Users of the TeamOS platform

Preamble

This Addendum supplements the TMS Privacy Policy. It applies specifically to users of the TeamOS platform.

If you are located in Australia, the Australia Addendum also applies. If you are located in the UK, EU, or EEA, the GDPR Addendum also applies. Together, these documents form our complete privacy terms for your use of TeamOS.

Order of precedence (TeamOS use only):
1) This TeamOS Privacy Addendum  →  2) Relevant jurisdictional addendum (Australia or GDPR)  →  3) TMS Privacy Policy.

All other terms of the Privacy Policy remain unchanged.

Data Controller

The data controller responsible for your personal information collected and processed through TeamOS is:

Team Management Systems IP Pty Ltd trading as TMS Global
ABN: 60 677 148 355
139 Coronation Drive, Brisbane, QLD 4064, Australia
Phone: +61 (0)7 3368 2333
Email: info@teammanagementsystems.com

EU Representative (GDPR Article 27):
PLANIT // LEGAL, Hamburg, Germany

For privacy-specific inquiries, contact our Privacy Officer at: info@teammanagementsystems.com

1. Scope

This Addendum describes additional data processing that occurs when you use TeamOS. It does not replace the TMS Privacy Policy and should be read alongside it and, where applicable, the GDPR or Australia Addendum.

TeamOS is a workplace platform intended for use by adults in a professional context. It is not directed at individuals under the age of 16, and we do not knowingly collect personal data from children.

2. Additional Categories of Data Processed

When you use TeamOS, we process:

  • Conversation data: your chat inputs, queries, and related responses.
  • Profile and assessment data: limited extracts from your TMS assessments or team data, only where necessary to generate outputs.
  • System metadata: device identifiers, logs, and interaction timestamps.

How we collect this data:

  • Directly from you: when you type into the TeamOS chat, complete assessments, or update your account settings.
  • From your organisation's administrator: when an administrator uploads participant lists, assigns assessments, or configures team settings.
  • Automatically: through your use of the platform (system logs, interaction timestamps, device identifiers).

Pre-send redaction: We apply automatic redaction to remove or minimise direct identifiers (such as names, emails, or account numbers) before data is shared with AI processors.

3. Processors and Data Hosting

In addition to the processors described in our TMS Privacy Policy, TeamOS relies on the following third-party processors. For the current register, transfer mechanisms, and change notifications, see our TeamOS Sub-Processor Register.

3.1 Microsoft Corporation (Australia / Global)

Microsoft is the primary infrastructure provider for TeamOS, providing two categories of service:

  • Azure OpenAI Service: AI model processing for conversational features and insights. Hosted in the Australia East data centre. Your conversation data and assessment extracts are processed by AI models within this region. Microsoft does not use your data to train AI models.
  • Azure Cloud Infrastructure: Application hosting, database, file storage, and authentication. All hosted in the Australia East data centre.

3.2 Clerk, Inc. (United States)

Authentication services for users who sign in via email.

3.3 Resend, Inc. (United States)

Email delivery for system notifications and platform communications. Processes your email address, message content, and delivery events (sent, delivered, opened, bounced).

3.4 Cloudflare, Inc. (Global)

Content delivery and DDoS protection. Processes IP addresses and request metadata. Cloudflare does not store personal data beyond what is needed for each request.

International Transfers

TeamOS is designed so that your most sensitive data — including AI conversations, psychometric assessment extracts, database records, and stored files — is processed and stored entirely in Australia (Microsoft Azure Australia East).

A limited amount of personal data is transferred to the United States for the following purposes:

Processor Data transferred Purpose
Clerk, Inc. Email address, name, session data Authentication (email login users only)
Resend, Inc. Email address, message content Email delivery
Cloudflare, Inc. IP address, request metadata Content delivery and security

These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission (EU 2021/914), supplemented by encryption in transit and at rest.

For Australian users: You acknowledge these limited international transfers by accepting this Addendum and using TeamOS, as described under Australian Privacy Principle 8.1.

For EU/UK users: Your AI conversation data, psychometric assessment data, database records, and stored files are not transferred outside Australia. Only authentication and email delivery data (as listed above) is transferred to the United States, protected by SCCs.

4. Lawful Bases for Processing

We process your data based on the following lawful bases under GDPR Article 6 (and equivalent principles under the Australian Privacy Act and applicable US state laws):

4.1 TeamOS Platform Services (Contractual Necessity)

  • What: Account creation, authentication (via Clerk or Azure AD), basic platform access, data storage (via Microsoft Azure), email delivery (via Resend), and AI-powered features including conversational coaching (Oski) and psychometric insights (processed by Azure OpenAI Service, hosted in Australia).
  • Legal basis: Processing necessary for performance of the contract between you and TMS (GDPR Article 6(1)(b)).
  • Note: AI features are an integrated part of the TeamOS platform. By using TeamOS, you agree to the processing described in this Addendum, including AI processing of your conversation data and psychometric assessment extracts. You cannot opt out of this processing while using TeamOS.

4.2 Platform Security and Integrity (Legitimate Interests)

  • What: Security monitoring, fraud prevention, abuse detection, system logging, debugging.
  • Legal basis: Legitimate interests (GDPR Article 6(1)(f)).
  • Our legitimate interest: Protecting the platform, users, and data from unauthorised access, misuse, and security threats.
  • Balancing test: Our security interest does not override your fundamental rights, as we use proportionate measures (logging, monitoring) and provide transparency.

4.3 Legal and Regulatory Compliance (Legal Obligation)

  • What: Responding to valid legal requests, complying with data protection laws, regulatory reporting.
  • Legal basis: Compliance with legal obligations (GDPR Article 6(1)(c)).

5. Retention

5.1 Chat and Interaction Data

  • Retention period: 12 months from the date of the conversation.
  • Rationale: To provide conversation history and enable you to reference past interactions.
  • After 12 months: Automatically deleted or anonymised (removal of direct identifiers, retention of statistical aggregates for service improvement).

5.2 Assessment Extracts

  • Retention period: The shorter of (a) the duration of your active subscription/contract with TMS, or (b) 24 months following your last login to TeamOS.
  • Rationale: To provide ongoing access to your psychometric insights and team data.
  • After retention period: Deleted in accordance with our standard deletion procedures.

5.3 System Logs and Metadata

  • Retention period: 90 days from creation.
  • Rationale: Security monitoring, debugging, and platform integrity.
  • After 90 days: Automatically deleted.

5.4 Processor Retention

  • Microsoft (Azure OpenAI): By default, prompts and completions are not stored after processing. If abuse monitoring is enabled, data may be retained for up to 30 days, after which it is deleted. Microsoft does not use your data to train AI models.
  • Microsoft (Azure infrastructure): Retains data for the duration of our service contract, subject to our deletion instructions and backup retention policies.
  • Clerk: Retains authentication data for the duration of your active account.
  • Resend: Retains email delivery event data for the duration of our service contract.

Early Deletion: You may request early deletion of your data at any time by contacting info@teammanagementsystems.com or using the data deletion controls in your account settings.

6. Data Subject Rights

In addition to the rights set out in our TMS Privacy Policy and any applicable jurisdictional addendum, you have the following rights in relation to TeamOS:

6.1 Right to Access

  • Request a copy of all personal data we hold about you in TeamOS.
  • Includes conversation history, assessment data extracts, and account metadata.
  • Provided in machine-readable format (JSON) within 30 days of request.

6.2 Right to Rectification

  • Request correction of inaccurate or incomplete personal data.
  • We will correct data within 30 days and notify relevant processors.

6.3 Right to Erasure ("Right to be Forgotten")

  • Request deletion of your TeamOS data at any time.
  • We will delete your data within 30 days and forward deletion requests to processors.
  • Some data may be retained if required by law (e.g., financial records, legal claims).

6.4 Right to Data Portability

  • Request transfer of your data to another service in machine-readable format.
  • Applies to data you provided based on consent or contract.

6.5 Right to Object

  • Object to processing based on legitimate interests (e.g., security logging).
  • We will cease processing unless we can demonstrate compelling legitimate grounds.

6.6 Complaints

If you are not satisfied with how we handle your personal information or respond to a rights request, you may:

  • Contact our Privacy Officer at info@teammanagementsystems.com
  • Lodge a complaint with the relevant supervisory authority:
    • Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au
    • EU/EEA: Your local Data Protection Authority
    • UK: Information Commissioner's Office (ICO) — www.ico.org.uk

We will acknowledge your complaint within 7 days and aim to resolve it within 30 days.

How to Exercise Your Rights:
Email: info@teammanagementsystems.com
Account Settings: Privacy & Data section (for data deletion)
Phone: +61 (0)7 3368 2333

We will respond to rights requests within 30 days (or 1 month under GDPR). If we require more time, we will inform you within that period.

7. Psychometric Data and Sensitive Information

7.1 Classification

TMS psychometric instruments (including the Team Management Profile, QO2 Profile, Window on Work Values, and Linking Leader Profile) measure work role preferences, communication styles, and team orientation. These are not clinical, diagnostic, or health-related assessments, and the resulting data does not reveal information about health status, political opinions, religious beliefs, or other categories listed in GDPR Article 9(1).

Accordingly, psychometric assessment results and workplace preference data processed in TeamOS are not classified as special category personal data under GDPR Article 9. Under the Australian Privacy Act, this data is not classified as sensitive information.

Notwithstanding this classification, TMS applies elevated technical and organisational safeguards to psychometric data — including encryption at rest and in transit, pre-send redaction of direct identifiers before AI processing, purpose limitation, and defined retention periods — consistent with the protections we would apply to sensitive personal data.

7.2 AI Processing of Psychometric Data

AI features — including Oski, TeamOS's conversational coach — process psychometric assessment extracts to generate insights and recommendations. This processing is performed by the Azure OpenAI Service, hosted in the Microsoft Azure Australia East data centre, and is part of the core TeamOS service (see Section 4.1).

7.3 Australian Users

By accepting this Addendum, Australian users acknowledge that:

  • AI processing of psychometric data occurs within the Microsoft Azure Australia East data centre and does not involve overseas disclosure.
  • Limited personal data (email address, authentication data) is disclosed to overseas processors (Clerk, Resend) in the United States for authentication and email delivery purposes.
  • The protections described in this Addendum apply to all processing of your data.

8. Data Breach Notification

8.1 Our Obligations

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

To Supervisory Authorities (GDPR Article 33):

  • Notify the relevant data protection authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
  • Provide details of the breach, likely consequences, and measures taken or proposed.

To You (GDPR Article 34):

  • Notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.
  • Provide clear information about:
    • The nature of the breach
    • Contact point for more information (Privacy Officer)
    • Likely consequences
    • Measures taken or proposed to address the breach

8.2 Australian Users

Under the Australian Privacy Act (Notifiable Data Breaches scheme), we will notify you and the Office of the Australian Information Commissioner (OAIC) if a breach is likely to result in serious harm.

8.3 Processor Breaches

If a breach occurs at a processor (Microsoft, Clerk, or Resend), we will work with that processor to assess the breach and fulfil our notification obligations.

Contact for breach-related inquiries: info@teammanagementsystems.com

9. Disclaimers

AI outputs generated in TeamOS are probabilistic, may be inaccurate, and do not constitute professional advice. You remain responsible for how you use outputs generated by TeamOS.

TeamOS is not a substitute for:

  • Professional psychological assessment or counselling
  • Legal, medical, or financial advice
  • HR decision-making or employment assessments

Always verify AI-generated outputs and consult qualified professionals for important decisions.

10. Changes to This Addendum

We may update this Addendum to reflect changes in data processing practices, new legal requirements, or feedback from users and regulators.

Notice of material changes:

  • Email notification to registered users at least 30 days before effective date
  • Prominent notice on TeamOS platform
  • Updated effective date on this document

Your options if you disagree with changes: You may cease using TeamOS. Contact info@teammanagementsystems.com to discuss concerns.

11. Contact

For any questions about this Addendum or your rights, contact:

Privacy Officer, Team Management Systems
Email: info@teammanagementsystems.com
Phone: +61 (0)7 3368 2333
Mail: 139 Coronation Drive, Brisbane, QLD 4064, Australia

EU Representative: PLANIT // LEGAL, Hamburg, Germany

Supervisory Authorities:

  • Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au
  • EU/EEA: Your local Data Protection Authority
  • UK: Information Commissioner's Office (ICO) — www.ico.org.uk