TenPod
Privacy & Data Management Policy

1. Our Commitment

TenPod Pty Ltd (ACN 687 438 526) is bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) and the Privacy and Other Legislation Amendment Act 2024 minterellison.com. We design every feature to protect personal information and earn user trust.

2. Scope

This policy covers all personal information handled inside the TenPod platform, including data processed by our AI agents and any integrated third-party API (e.g., VEVO, identity-verification services).

3. What We Collect

CategoryExamplesSourceIdentityname, email, phone, government ID imagessign-up forms, uploadsEmploymentjob title, payroll ID, visa statusHR imports, API feedsUsage Logstimestamps, IP address, feature eventsin-app telemetryMeta-datamodel prompts, error traces (pseudonymised)AI operations

We never intentionally collect sensitive data unless you or your organisation deliberately supply it for a defined compliance purpose.

4. Why We Collect

• Deliver contracted HR, recruitment and immigration services
• Verify identity and legal work rights
• Generate autonomous reports and audit trails
• Improve system performance with aggregate, de-identified analytics
• Meet legal or regulatory obligations

5. Data Minimisation & Fair Use

We only process information that is reasonable and necessary for the above purposes (APP 3 & APP 6). When AI agents analyse documents, they receive the smallest possible excerpt; outputs are retained, inputs are not reused to train public models.

6. Storage & Security

• Australian primary hosting in ISO 27001-certified data centres, with geo-redundant backups in the same region
• Encryption: AES-256 at rest; TLS 1.3 in transit
• Zero-trust access: role-based permissions, MFA, and quarterly access reviews
• Comprehensive logging with tamper-evident hashes retained for seven years
• Regular penetration testing and continuous vulnerability scanning

7. AI & Automated Decision-Making

All automated decisions that can materially affect an individual (e.g., work-rights invalidation) are:

1. Logged with decision rationale;
2. Available for human review on request;
3. Subject to correction under APP 13.

No personal information is fed back into large language models for vendor training.

8. Disclosure & Overseas Transfers

We share data only with vetted sub-processors who:

• Sign strict data-processing agreements aligned with the APPs;
• Store or mirror data in jurisdictions that offer comparable privacy protections (currently limited to Australia, New Zealand, EU/EEA, USA).
  A live list of sub-processors is maintained in your admin portal.

9. Data Retention & Disposal

Data TypeDefault RetentionDisposal MethodHR & Immigration Records7 years after employment endsencrypted wipe & certificateSystem Logs12 monthsautomated deletionMarketing Enquiries24 monthsdeletion or anonymisation

Upon verified deletion request, we erase or de-identify records within 30 days, unless law requires longer retention.

10. Access, Correction & Portability

Individuals may request access to, or correction of, their personal information at any time. Verified requests are completed within 30 days at no charge, except where an excessive or repeated request permits a reasonable fee (APP 12–13).

11. Notifiable Data Breaches

If a data breach is likely to result in serious harm, we will:

1. Contain and assess within 72 hours;
2. Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable, including recommended protective steps;
3. Document root-cause analysis and remediation actions.

12. Changes to This Policy

We will post any material changes here and notify account administrators at least 30 days before they take effect.

13. Contact

Privacy Officer – TenPod Pty Ltd
470 St Pauls Terrace, Fortitude Valley QLD 4006
E privacy@tenpod.com.au

If you believe we have breached the APPs, contact us first. If unresolved, you may lodge a complaint with the OAIC (oaic.gov.au).

‍