Privacy Policy
Last updated April 22, 2026
We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). This policy explains how and why we collect, use, hold and disclose your personal information.
In this Privacy Policy, we, us and our means ReFresh OS Pty Ltd ACN 687 813 832 of 28 Pearl Bay, Mosman New South Wales 2088 Australia. We refer to our websites, App and the ReFresh platform as our Services.
What is personal information?
Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.
What personal information do we collect and hold?
We may collect and hold the following kinds of personal information:
(a) identity and contact details, such as your name, email address, telephone number, job title, employer and account credentials;
(b) account, profile and subscription information;
(c) information you provide when using our Services, including logins (e.g. via authenticated sessions), responses, submissions, feedback and support requests;
(d) usage, device, log, analytics and technical information;
(e) job title, salary and other employment-related information;
(f) payment and transaction information;
(g) information relating to enquiries, complaints and incidents; and
(h) information received from your employer, administrators, integrated services and other third parties.
Sensitive information
Depending on how the Services are configured and used, sensitive information may be collected:
(a) directly from you;
(b) from your employer, administrators or related entities of your employer where the Services are provided in connection with your workplace; or
(c) through integrations or data sources enabled by you or your employer.
We only collect the categories of sensitive information that are reasonably necessary for the relevant service or feature. These are likely to be health information, racial or ethnic origin and sexual orientation or practices but may include other sensitive information if provided to us or collected by us.
Cookies
Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Notice: https://refresh.tech/legal/cookies-policy. The information we collect includes:
(a) log and usage data;
(b) device data; and
(c) location data.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. For further information, please see our Cookie Notice: https://refresh.tech/legal/cookies-policy.
Payment information
We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. We use third-party payment processors to process payments. We do not store full payment card details on our systems. Payment information is handled by our payment processor in accordance with its privacy policy, which is available here: https://stripe.com/privacy.
Social media information
Our Services may offer you the ability to register and log in using your third-party account details (like your Microsoft or Google logins). Where you choose to do this, we will receive certain profile information about you from the relevant third party.
We will use the information we receive only for the purposes that are described in this Privacy Policy or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review its privacy policy to understand how it collects, uses and shares your personal information, and how you can set your privacy preferences on its sites and apps.
Other information
We also permit third parties and service providers to use online tracking technologies on our Services for analytics.
We may collect information about how you access, use and interact with the website. One of the ways we do is through use of Google’s APIs. Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Another way we collect this information is through chat functionality provided by Intercom (please see here for Intercom’s privacy policy).
We automatically collect certain information when you visit, use or navigate the Services. This information may reveal your identity (like your name) but may also include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Why do we collect, hold and use your personal information?
We use personal information to:
(a) provide, operate, maintain and improve the Services;
(b) authenticate users and secure accounts;
(c) provide customer support and respond to enquiries or complaints;
(d) communicate with users and administrators about the Services;
(e) generate reporting, analytics and insights as described below; and
(f) comply with legal obligations and protect rights, safety and security.
We may also analyse personal information and service usage data to generate reports, insights or recommendations to be provided to your employer.
What if you do not want to provide personal information?
If you do not provide the personal information we reasonably require, we may not be able to provide the Services, manage your account, verify your identity, respond to your enquiries or otherwise deal with you.
Can you deal with us anonymously or by using a pseudonym?
Where lawful and practicable, you may interact with us anonymously or by using a pseudonym. However, in many cases this will not be practicable, including where we need to verify your identity, create or manage an account, provide the Services, process payments, investigate complaints, ensure platform security or comply with legal obligations.
How do we collect your personal information?
We may collect personal information:
(a) directly from you, including when you create an account, use the Services, contact us or submit information;
(b) automatically through your use of the Services, including usage, device, log and analytics information;
(c) from your employer, administrators or related entities of your employer where the Services are provided in connection with your workplace;
(d) from integrations and connected services enabled by you or your employer; and
(e) from third parties such as payment providers, identity providers, analytics providers, public sources, marketing partners and social media platforms, where permitted by law.
How do we store and hold personal information?
We store most information about you in computer systems and databases operated by either us or our external service providers.
We take reasonable technical, organisational and administrative measures to protect personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure. While no method of transmission or electronic storage is completely secure, we work to protect personal information using safeguards appropriate to the nature of the information and the risks involved.
You should only access the Services within a secure environment.
We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, to comply with legal obligations, resolve disputes, enforce agreements, maintain security and support legitimate business operations. We may retain different categories of personal information for different periods depending on the nature of the information and the purpose for which it was collected.
We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the APPs.
Who do we disclose your personal information to, and why?
We may transfer or disclose your personal information to our related companies.
We may disclose your personal information to your employer in connection with our provision of the Services. We may disclose your personal information to integrated and/or connected services enabled by you or your employer.
We may share your data with third-party vendors, service providers, contractors, or agents (third parties) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. The categories of third parties we may share personal information with are as follows:
(a) Cloud Computing Services
(b) Data Analytics Services
(c) Data Storage Service Providers
(d) Government Entities
(e) Product Engineering & Design Tools
(f) Sales & Marketing Tools
(g) User Account Registration & Authentication Services
(h) Website Hosting Service Providers
(i) Auditors, Lawyers, & Insurers
(j) User Employer & Related Entities
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, capital raise, financing, or acquisition of all or a portion of our business to another company.
We may also disclose your personal information to others outside our group of companies where:
(k) we are required or authorised by law to do so;
(l) you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
(m) we are otherwise permitted to disclose the information under the Privacy Act.
Do we offer Artificial Intelligence-based products?
As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, AI Products). These tools are designed to enhance your experience and provide you with innovative solutions. Where we do so, personal information, prompts, files, audio, text, outputs and related metadata may be processed by those providers to deliver the relevant functionality.
We provide the AI Products through third-party service providers (AI Service Providers) however all AI Products are provided from within our Amazon environment and do not communicate with third parties unless expressly disclosed.
Do we disclose personal information to recipients outside Australia?
Unless your employer is located outside of Australia and except as follows, we are not likely to disclose personal information to recipients located outside Australia. Limited personal information may be disclosed to recipients in the United States and India solely in connection with payment processing (via PCI-DSS Level 1 compliant providers) and analytics and communication tools on our public website, which do not process authenticated customer data.
Do we use your personal information for marketing?
We may use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to. These products and services may be offered by us and our related companies.
Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
Do we collect personal information from minors?
Our Services are generally provided in connection with workplaces and are not directed to children. We do not knowingly collect personal information directly from a child who does not have capacity to make their own privacy decisions. If we become aware that we have collected personal information from a child in circumstances where the child did not have capacity to consent, we will take reasonable steps to delete the information or, where appropriate, seek consent from a parent or guardian. If you believe that a child has provided personal information to us inappropriately, please contact us using the details below so that we can investigate and take appropriate steps.
Access to and correction of your personal information
You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information. You are able to make some changes to the information we hold about you by logging into the Services and accessing your account settings.
There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as time spent on collating large amounts of material).
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date, complete, relevant and not misleading.
Additional information if you are located in certain jurisdictions
If you are located in a certain jurisdiction or subject to its laws (such as the EU, UK, Canada, Switzerland or New Zealand) then additional Privacy Policy terms apply. Please see https://refresh.tech/legal/overseas-privacy-terms.
Controls for Do-Not-Track features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (DNT) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
Complaints
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.
We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent adviser or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action that may be available.
Contact details
If you have any questions, comments, requests or concerns, please contact us at:
Email: privacy@refresh.tech
Post: 28 Pearl Bay, Mosman, New South Wales 2088 Australia
Telephone: +61 422 298 372
Changes to this policy
From time to time, we may change our policy on how we handle personal information or the types of personal information that we hold. Any changes to our policy will be published on our website.
You may obtain a copy of our current policy from our website or by contacting us at the contact details above.