Free Team Effectiveness Indicator now publicly available — Read more about the release in our recent blog
TeamHive Logo

TeamHive

TeamHive Privacy Policy

Last updated: 15th April 2026

Version: 1.1

Team Development Analytics Pty Ltd (ACN 696 223 891) is committed to protecting the privacy of all individuals whose personal information we collect and process.

1. Introduction

1.1 Team Development Analytics Pty Ltd (ACN 696 223 891) ("Team Development Analytics", "we", "us" or "our") operates the TeamHive platform and service ("Service"). We are committed to protecting the privacy of all individuals whose personal information we collect and process.

1.2 This Privacy Policy explains how we collect, hold, use, disclose and otherwise handle personal information in connection with the Service, including our website at https://team-hive.co ("Website"), the TeamHive online platform ("Platform"), and any related services.

1.3 We are an Australian company, and although we are not required to comply with the Privacy Act 1988 (Cth), we are committed to handling your personal information responsibly and in accordance with the Australian Privacy Principles (APPs). Where we collect or process personal data of individuals located in the European Economic Area (EEA) or the United Kingdom (UK), we also comply with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR, as applicable. See Section 15 for additional information about your rights under the GDPR.

2. Key Definitions

In this Privacy Policy:

  • "Assessment Response Data" means the responses provided by Respondents when completing an assessment through the Service.
  • "Client" means an organisation that registers for and uses the Service to create, distribute and analyse assessments.
  • "Personal Information" has the meaning given in the Privacy Act 1988 (Cth). For the purposes of this policy, it includes "personal data" as defined in the GDPR.
  • "Respondent" means an individual who is invited to complete an assessment through the Service.
  • "User" means any individual who accesses the Platform, including Client representatives and Respondents.

3. Personal Information We Collect

We collect the following categories of personal information:

3.1 Account and Registration Information (Clients and Client Representatives)

When a Client registers for an Account, we collect:

  • Full name
  • Email address
  • Organisation name
  • Team name
  • Role or position (where provided)
  • Billing and payment information (where applicable — see Section 8)

3.2 Assessment Response Data (Respondents)

We collect and process the responses provided by Respondents when completing assessments. As a core privacy feature of the Service:

  • We separate Assessment Response Data from the Respondent's personal identifiers (name and email address) at the point of processing.
  • Assessment responses are not linked to identifiable individuals in our database once processed.
  • The de-identified Assessment Response Data is used to generate reports, scores and insights for the Client.

Important: While we design our systems to prevent re-identification, in very small teams it may theoretically be possible for a reader to infer the source of a response based on its content. We take reasonable steps to mitigate this risk (for example, through minimum response thresholds for reporting), but we cannot guarantee absolute anonymity in all circumstances.

3.3 Research Data (Where Consent Is Given)

Where a Respondent provides separate, voluntary consent (see Section 11), we may retain de-identified Assessment Response Data for research purposes. Research Data is fully de-identified and cannot reasonably be used to identify any individual.

3.4 Usage Data

We automatically collect certain technical information when you use the Service, including:

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Pages visited and features used
  • Date and time of access
  • Referring URL

This data is collected through server logs, cookies and similar technologies (see Section 12).

3.5 Communications Data

If you contact us (e.g., by email or through a support form), we collect your name, email address and the content of your communication.

4. How We Collect Personal Information

4.1 Directly from you, when you:

  • register an Account or create a profile;
  • complete or participate in an assessment;
  • purchase a Subscription or make a payment;
  • contact us with an enquiry, complaint or support request;
  • opt in to marketing communications; or
  • provide research consent.

4.2 From Clients, when a Client invites Respondents to participate in an assessment (e.g., Respondent name and email address for the purpose of distributing the assessment).

4.3 Automatically, through cookies, server logs and similar technologies when you access the Website or Platform (see Section 12).

4.4 From third-party service providers, such as payment processors who confirm payment status.

4.5 We will not collect personal information by unlawful or unfair means. Where it is reasonable and practicable to do so, we will collect personal information directly from you (APP 3).

5. Why We Collect, Use and Disclose Personal Information

5.1 We collect, use and disclose personal information for the following purposes:

  • Providing the Service — creating accounts, distributing assessments, generating reports and insights.
  • Processing payments — managing subscriptions, invoicing and billing.
  • Customer support — responding to your enquiries and resolving issues.
  • Improving the Service — analysing usage patterns, fixing bugs, developing new features.
  • Our Research — we use de identified Assessment Response Data (that cannot be reverse engineered to identify any individual) to train, test, validate and improve the TeamHive assessment tool (including its AI components); and to contribute and publish to scientific literature or commercial reports – see Section 11 below for more information.
  • Third Party Research – if you have consented, we provide de identified Assessment Response Data to third party research institutions, including Newcastle University, for their internal research – see Section 11 below for more information.
  • Security and fraud prevention — protecting the Service, detecting unauthorised access.
  • Marketing communications — sending newsletters, product updates and promotional material.
  • Legal compliance — complying with applicable laws, regulations and legal processes.

5.2 Under GDPR (for EEA/UK Individuals)

Where we process personal data of individuals in the EEA or UK to provide the Service, we are acting as the processor for our corporate Clients who are the controllers. Our corporate Clients’ lawful basis may be one of the following:

  • Legitimate interests (Art 6(1)(f)) — to improve their internal human resources processes and resource allocation, where those interests are not overridden by your data protection rights.
  • Legal obligation (Art 6(1)(c)) — to comply with applicable laws.

We may process personal information of our corporate Clients to provide the Services (Performance of a contract) and to market our Services to that client.

Our processing of de-identified Assessment Response Data does not constitute processing of personal data under the GDPR.

In the limited circumstances where you have consented to your personal information being transferred to research institutions or by us for internal research, we are acting as a data controller.

6. Who We Share Personal Information With

6.1 We do not sell your Assessment Response Data or any personal information provided to us as part of the Service.

6.2 We may disclose personal information to the following categories of recipients:

  • Cloud hosting providers — for storing and serving the Platform and data.
  • Payment processors — for processing payments and managing subscriptions.
  • Analytics providers — for understanding how the Service is used (using anonymised or aggregated data where possible).
  • Email service providers — for sending transactional and marketing communications.
  • Customer relationship management (CRM) tools — for managing client relationships and support.
  • Research institutions — for receiving de-identified Assessment Response Data for research purposes (only where Respondent consent has been given — see Section 11).
  • Professional advisers — for legal, accounting and audit services.
  • Law enforcement or regulators — where required by law, regulation, court order or binding regulatory request.

6.3 All third-party service providers are required to protect personal information in accordance with contractual obligations consistent with the APPs (and, where applicable, the GDPR). A list of specific sub-processors is available on request by contacting us at contact@team-hive.co.

6.4 If we sell the business or there is an internal group reorganisation, we may transfer your personal information to the purchaser or assignee as part of the business sale or reorganisation.

7. Overseas Disclosures

7.1 Some of our third-party service providers may store or process personal information on servers located outside Australia. Our primary AI provider is located in the US.

7.2 Before disclosing personal information to an overseas contractor, we take reasonable steps to ensure that the overseas contractor will protect your information with the same degree of care as you can expect in Australia. These steps include:

  • Entering into contractual arrangements that require the recipient to handle personal information in accordance with the APPs; and
  • performing vendor due diligence on the suppliers.

7.3 For EEA/UK individuals: Where personal data is transferred outside the EEA/UK, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision.

8. Payment Information

8.1 Payment and billing information (such as credit card details) is collected and processed by our third-party payment processor. We do not store your full credit card number on our servers.

8.2 Information processed by our payment processor is subject to that provider's own privacy policy and PCI-DSS compliance obligations.

8.3 We receive from our payment processor only the information necessary to confirm payment status, manage your Subscription, and issue invoices (e.g., last four digits of the card, billing name, billing address, payment confirmation).

9. Data Security

9.1 We implement reasonable and appropriate technical and organisational security measures to protect personal information against unauthorised access, loss, destruction, alteration and misuse, having regard to the nature of the information, the state of the art and the cost of implementation. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest;
  • Access controls restricting access to personal information to authorised personnel on a need-to-know basis;
  • Regular security reviews and testing;
  • Secure software development practices; and
  • Staff training on data protection and privacy obligations.

9.2 You are responsible for keeping your Account credentials secure. You must notify us immediately if you become aware of any unauthorised access to your Account.

9.3 While we take reasonable steps to protect personal information, no system is completely secure. We cannot guarantee absolute security.

10. Notifiable Data Breaches

10.1 We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth).

10.2 If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

  • Take immediate steps to contain and remediate the breach;
  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable;
  • Notify affected individuals as required by the NDB scheme; and
  • Notify the relevant Client within 72 hours of becoming aware of the breach.

11. Research Use of de-identified data

11.1 Separate and Voluntary Consent

When completing an assessment, Respondents are given the separate and voluntary option to consent to the use of their de-identified Assessment Response Data for research purposes. Research participation is entirely voluntary and is not a condition of using the Service or receiving assessment results.

11.2 What Respondents Consent To

Where consent is given, the Respondent consents to:

  • Their de-identified Assessment Response Data being used for research purposes to validate and improve the TeamHive 360 assessment tool; and
  • Their de-identified data being shared with other researchers and research institutions for scientific purposes, in support of open scientific practices.

11.3 De-identification and Safeguards

  • All Assessment Response Data used for research is fully de-identified before being provided to any researcher.
  • Neither we, nor any third party, can reverse engineer the de-identified data to personal information.
  • No personal identifying information (name, email address or other identifiers) is ever shared with researchers.
  • De-identified data is stored securely in accordance with the Australian Code for the Responsible Conduct of Research (2018) and the National Statement on Ethical Conduct in Human Research (2007, updated 2018).

11.4 Withdrawal of Consent

  • A Respondent may withdraw their research consent at any time by contacting us at contact@team-hive.co.
  • Upon withdrawal, we will cease using that Respondent's de-identified data in future research.
  • However, data cannot be withdrawn from research studies that have already been completed using de-identified datasets, as the data is anonymised and can no longer be linked to the individual.

11.5 GDPR Basis (for EEA/UK Individuals)

Where a Respondent located in the EEA or UK provides research consent, the lawful basis for processing is consent. The right to erasure is subject to the exception for research purposes to the extent that erasure would render impossible or seriously impair the achievement of the research objectives.

12. Cookies and Tracking Technologies

12.1 What We Use

We use the following categories of cookies and tracking technologies:

  • Strictly necessary cookies — essential for the operation of the Website and Platform (e.g., session management, authentication).
  • Analytics cookies — help us understand how visitors use the Website and Platform so we can improve performance.
  • Functional cookies — remember your preferences and settings (e.g., language and display preferences).

12.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. If you disable cookies, some features of the Service may not function correctly.

12.3 Analytics Services

We may use third-party analytics services to analyse how visitors use the Website. These services use cookies to collect information (including your truncated IP address), which may be transmitted to and stored on servers located outside Australia. Where we use such services, we enable IP anonymisation where available.

You may be able to opt out of analytics tracking by installing browser add-ons offered by the relevant analytics provider, or by adjusting your cookie settings.

12.4 "Do Not Track" Signals

We currently do not respond to "Do Not Track" browser signals, as there is no industry-standard protocol for doing so. We will update this policy if a standard is adopted.

13. Data Retention

13.1 We retain personal information for as long as reasonably necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting or reporting requirements.

13.2 Our general retention periods are:

  • Account and registration information — for the duration of your Account, plus 12 months after Account closure or termination (to allow for data export and to resolve any outstanding issues).
  • Assessment Response Data (linked to Client reports) — for the duration of the Client's Subscription, plus 12 months after termination. De-identified and aggregated data may be retained indefinitely for benchmarking and Service improvement.
  • Research Data (de-identified) — retained indefinitely in de-identified form, in accordance with the Australian Code for the Responsible Conduct of Research, unless consent is withdrawn (see Section 11.4).
  • Payment and billing information — for 7 years after the last transaction, as required by Australian taxation law.
  • Usage and analytics data — up to 26 months from collection, unless anonymised and aggregated.
  • Marketing consent records — for the duration of the consent, plus 12 months after withdrawal.
  • Communications data — for 24 months from the date of communication, unless related to a dispute or legal matter.

13.3 On termination of the Service: we delete all personal information within 30 days.

13.4 When personal information is no longer required, we will take reasonable steps to destroy it or ensure it is de-identified.

14. Your Rights — All Users

All individuals (regardless of location) whose personal information we hold have the following rights:

(a) Right of access: You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days. Access may be refused in limited circumstances permitted by law (e.g., where granting access would pose an unreasonable impact on the privacy of others, or where the request is frivolous or vexatious), and we will provide reasons for any refusal.

(b) Right of correction: You have the right to request that we correct any personal information we hold about you that is inaccurate, out of date, incomplete, irrelevant or misleading. We will respond to your request within 30 days.

(c) Right to opt out of marketing: You have the right to opt out of receiving direct marketing communications at any time by using the unsubscribe link in any marketing email, updating your preferences in your Account, or contacting us at contact@team-hive.co.

(d) Right to complain: You have the right to complain about how we have handled your personal information (see Section 16).

14.2 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: contact@team-hive.co

We may need to verify your identity before processing your request. We will not charge you a fee for making a request or for providing access, unless the request is manifestly unfounded, excessive, or repetitive.

15. Additional Rights for EEA and UK Individuals

15.1 If you are located in the European Economic Area or the United Kingdom, you have the following additional rights under the GDPR (in addition to the rights set out in Section 14):

(a) Right to erasure ("right to be forgotten"): You may request that we delete your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent and there is no other legal basis for processing, or where the data has been unlawfully processed. This right is subject to exceptions.

(b) Right to restriction of processing: You may request that we restrict the processing of your personal data in certain circumstances (e.g., where you contest its accuracy, pending verification).

(c) Right to data portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller, where the processing is based on consent or a contract and carried out by automated means.

(d) Right to object: You have the right to object to processing based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.

(e) Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

(f) Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or place of the alleged infringement.

16. Complaints

16.1 If you believe we have breached applicable law or this Privacy Policy, you may lodge a complaint with us by contacting:

Email: contact@team-hive.co

16.2 We will:

  • Acknowledge your complaint within 5 business days;
  • Investigate the complaint and provide a response within 30 days; and
  • Work with you in good faith to resolve the matter.

16.3 If you are not satisfied with our response, you may escalate your complaint to:

(a) In Australia: Office of the Australian Information Commissioner (OAIC) Website: https://www.oaic.gov.au Phone: 1300 363 992

(b) In the EEA/UK: The supervisory authority in the member state of your habitual residence, place of work, or place of the alleged infringement. A list of EEA supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

For UK residents: the Information Commissioner's Office (ICO) Website: https://ico.org.uk

17. Marketing Communications

17.1 We will only send you marketing or promotional communications if you are a Client of ours. We never send marketing to Respondents.

17.2 You may withdraw your consent and opt out of marketing at any time by:

  • Clicking the "unsubscribe" link in any marketing email;
  • Updating your communication preferences in your Account; or
  • Contacting us at contact@team-hive.co.

17.3 Withdrawal of marketing consent does not affect transactional or service-related communications (e.g., payment confirmations, security alerts, material changes to the Service).

18. Children's Privacy

18.1 The Service is intended for use by organisations and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children under 18.

18.2 If we become aware that we have collected personal information from a child under 18 without appropriate parental or guardian consent, we will take steps to delete that information as soon as practicable.

19. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party site you visit.

20. Changes to This Privacy Policy

20.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors.

20.2 Where the change is material, we will give you at least 30 days' notice by email or through the Platform before the change takes effect.

20.3 The "Last updated" date at the top of this policy indicates when the most recent revision was published.

21. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our handling of your personal information, please contact us at:

Team Development Analytics Pty Ltd (ACN 696 223 891) Email: contact@team-hive.co