Legal
Privacy Policy
Last updated: 15 February 2026
This Privacy Policy explains how Rhythmos collects, uses, discloses and stores personal information for rhythmos.com.au and related services, including the RhythmOS assessment. It is drafted for Australian privacy requirements and should be reviewed by your lawyer before launch.
Contact: hello@rhythmos.com.au. If you are an individual in Australia and want to make a privacy complaint, contact us first. If unresolved, you can complain to the OAIC.
1. Scope and legal framework
We aim to handle personal information in line with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), where applicable. Depending on our turnover and activities, the Privacy Act may apply in full. We operate this policy to align with those standards.
2. Information we collect
- Identity and contact information, including name, email address and organisation details you provide.
- Assessment information, including responses, dimension scores, totals, and inferred team/domain metrics.
- Profile information such as role and team size when you submit an assessment.
- Technical information such as IP address, device/browser metadata, logs and security events.
- Communication records when you contact us.
3. How we collect information
We collect information directly from you (forms, assessment submissions, email), automatically via website operation, and from service providers that help host and secure the platform.
4. Why we use personal information
- To deliver and improve the assessment and related reports.
- To aggregate responses by business email domain for team-level insights.
- To communicate updates, support responses and service notices.
- To prevent fraud, misuse and security incidents.
- To comply with legal obligations and resolve disputes.
5. Direct marketing
If we send marketing emails or messages, we intend to comply with the Spam Act 2003 (Cth), including consent, sender identification and unsubscribe requirements. You can opt out at any time.
6. Disclosure to third parties
We may disclose information to:
- Cloud and infrastructure providers (for example hosting, database, analytics, email delivery).
- Professional advisers, auditors, insurers and legal representatives.
- Regulators, law enforcement or courts where required by law.
- Potential acquirers if we restructure, merge or sell part of the business.
7. Overseas disclosure
Some providers may process or store data outside Australia. Where practical, we seek contractual and technical controls aligned with APP 8 to protect personal information handled overseas.
8. Security and retention
We use reasonable technical and organisational safeguards, including access controls and monitoring. We retain information only as long as needed for service delivery, legal requirements, dispute resolution and legitimate business purposes.
9. Data breach response
We maintain incident-response procedures. If an eligible data breach occurs and the Notifiable Data Breaches scheme applies, we will notify affected individuals and the OAIC as required.
10. Access, correction and complaints
You may request access to or correction of your personal information by contacting us at hello@rhythmos.com.au. We may need to verify identity before actioning requests. If you are not satisfied with our response, you may lodge a complaint with the OAIC.
11. Changes to this policy
We may update this policy from time to time. Material changes will be published on this page with a revised "Last updated" date.