Our Privacy Commitment

Last updated: 18 June 2025
A note on plain language summaries

To help make this Privacy Policy easier to understand, we’ve added plain language summaries under the heading “What this means for you.” These summaries are for guidance only and do not replace or override the full legal terms in the policy. Please read the entire policy to understand how your information is handled.

1. General

  1. 1.1 This Privacy Policy describes how Canopy Operations Pty Ltd (ACN 680 689 623) ("Hello Canopy", "we", "us" or "our") and all of their related entities collects, uses, discloses, and protects your personal information. It applies to:

    • Visitors to our website (https://hellocanopy.io);
    • End users who submit reports through the HelloCanopy platform;
    • Organisation administrators and other authorised representatives who manage cases through the HelloCanopy platform.
  3. 1.2 In this policy, the words “we”, “our”, “us”, “HelloCanopy” and “Site” refer to http://HelloCanopy.io, any HelloCanopy software or web based application and Canopy Operations Pty Ltd (ACN 680 689 623), and all of their related entities. 
  5. 1.3 This Privacy Policy applies to and should be read in conjunction with the HelloCanopy End User Terms (collectively, the “Agreement”), which are available on https://hellocanopy.io/.
What this means for you

This policy explains how Hello Canopy handles your personal information if you visit our website, report something through our platform, or help manage reports as an admin.

2. Changes to This Policy

  1. 2.1 We may amend, add or remove any part of this Privacy Policy from time to time. If we make material changes, we will notify you via our website or through direct communication where appropriate.
  1. 2.2 Your continued use of the platform after changes are made constitutes acceptance of the updated policy.
What this means for you

We might update this policy from time to time. If the changes are significant, we’ll let you know. If you keep using the platform, you’re agreeing to the latest version.

3. Collection of Personal Information

  1. 3.1 We are committed to protecting the privacy and security of your personal information. We maintain strict policies and implement appropriate safeguards to help protect the personal data you share with us.
  1. 3.2 When you use HelloCanopy, whether by visiting our website, creating an account, submitting information, or interacting with the platform, we collect and handle your personal information in accordance with this Privacy Policy.
  3. 3.3 This policy applies to all personal information we collect, hold, use, or disclose, whether directly from you, through your organisation, or via your interactions with our platform.
What this means for you

We collect information to make Hello Canopy secure and effective. This includes what you share, what your organisation provides, and how you use our platform or site.

4. Information we collect

  1. 4.1 We may collect: We collect different types of personal information depending on how you interact with Hello Canopy:

    1. Website Visitors: If you visit our website (https://hellocanopy.io), we may collect:
      1. Technical data: IP address, browser type, device and operating system, time spent on pages, and referring URLs;
      2. Cookies and similar technologies (see our Cookie Policy available at https://hellocanopy.io/.);
      3. Information you submit via forms (e.g. contact details or waitlist sign-up);
      4. Information collected by third-party tools embedded on our site. For example, we use services such as Calendly to facilitate meeting bookings and event scheduling. These services may use cookies or similar technologies to track usage and optimise functionality. For more information, please refer to Calendly’s Privacy Policy and Cookie Policy.
    2. Platform Users (End Users and Administrators): If you access the HelloCanopy platform, whether as an employee (end user) or company administrator user, we may collect:
      1. Your name, email address, role, and organisation-related identifiers;
      2. Information you submit via reports or surveys, including descriptions, documents, and timestamps;
      3. Actions taken in the platform (e.g. login activity, case updates, comments);
      4. Device and usage data (e.g. IP address, browser, session duration, pages viewed).
    3. Authentication and Access: If you log in via a third-party provider such as Kinde, we may receive your name, email, profile picture, and unique ID for secure access.
    1. HRIS Integrations and Uploads: We may receive employment-related data from your organisation’s HRIS system (e.g. HiBob, Rippling) or from a manual upload. This may include:
      1. Your name, work email, employee ID, employment status, and other workplace-related identifiers that your organisation provides to us to facilitate case management and reporting.
  4. This data enables secure onboarding, access controls, and accurate case management.
  6. 4.2 We may combine data collected across these sources to deliver our services, enhance platform security, and support compliance for our customers.
What this means for you

Depending on how you use Hello Canopy, we may collect things like your name, email, device details, reports you submit, or data your employer provides, such as your role or employee ID. 

We also collect limited information if you visit our website or sign up for updates. This helps us deliver our services, keep the platform secure, manage access, and send you relevant communications where you’ve opted in.

5. How We Use Your Information

  1. 5.1 We use the personal information we collect to:

    1. Provide, maintain, and improve the Hello Canopy platform and services;
    2. Authenticate users and manage access permissions;
    3. Facilitate secure reporting, case management, and analytics for customer organisations;
    4. Send service-related communications such as onboarding guides, report updates, platform changes, support responses, or where you have opted in, newsletters and promotional content;
    5. Detect, investigate, and prevent security incidents or misuse of the platform;
    6. Comply with legal obligations, respond to lawful requests, and resolve disputes. We may also disclose information where required or permitted by law;
    7. Meet our legal obligations, respond to lawful requests, and help resolve disputes. In limited cases, we may share information if required or permitted by law.
    8. Analyse trends and improve user experience using de-identified or aggregated information;
    9. Include publicly available or shared content (e.g. social media posts or event photos) in promotional materials in a de-identified format, unless we have obtained your express permission.
  1. 5.2 We may combine information you provide with data we collect through platform use or from third parties to ensure accurate account setup, reporting, and support.
What this means for you

We use your information to run the platform, keep it secure, respond to reports, improve features, and meet legal requirements. We may send you updates, and if you’ve opted in, occasional communications.

6. Legal Basis for Collection

  1. 5.1 Where applicable, such as under the GDPR, we may collect and process personal information on the basis of:

    1. Your consent;
    2. Performance of a contract with you or your organisation;
    3. Compliance with legal obligations; or
    4. Our or our customers' legitimate interests, such as workplace safety and organisational compliance.
What this means for you

If you’re in a country within the EU or UK, we process your data based on things like your consent, legal obligations, or legitimate interest in workplace safety.

7. Disclosure of Personal Information

  1. 7.1 We may disclose personal information to:

    1. Your employer or customer organisation, in connection with platform use, subject to any applicable anonymity settings selected by the user;
    2. Service providers who support our operations (e.g. hosting, authentication, analytics);
    3. Government agencies, regulators, or law enforcement as required by law;
    4. Third parties where you provide consent or where authorised under applicable laws.
  1. 7.1 We may disclose personal information to:

    1. Your employer or customer organisation, in connection with platform use, subject to any applicable anonymity settings selected by the user;
    2. Service providers who support our operations (e.g. hosting, authentication, analytics);
    3. Government agencies, regulators, or law enforcement as required by law;
    4. Third parties where you provide consent or where authorised under applicable laws.
  1. 7.2 We take reasonable steps to ensure that any third parties we engage comply with applicable privacy obligations.
What this means for you

We only share your information with your employer, trusted service providers, or authorities if the law requires it. Where possible, we respect any anonymity settings you’ve chosen.

8. Overseas Disclosure

  1. 8.1 Some personal information may be transferred to, or stored in, countries outside Australia, including where our service providers or customer organisations operate internationally. When we do so, we take reasonable steps to ensure that overseas recipients comply with the Australian Privacy Principles or are otherwise subject to safeguards that offer comparable levels of protection.

  1. 8.1 Some personal information may be transferred to, or stored in, countries outside Australia, including where our service providers or customer organisations operate internationally. When we do so, we take reasonable steps to ensure that overseas recipients comply with the Australian Privacy Principles or are otherwise subject to safeguards that offer comparable levels of protection.

  1. 8.2 We may also enter into contractual arrangements to ensure that appropriate privacy and data protection measures are in place for international data transfers.
What this means for you

Some of your information might be stored or processed outside Australia. We take care to ensure it’s still protected, using tools like contracts and trusted providers.

9. Security

  1. 9.1 We use a number of security measures to protect the information you provide to us. These include:

    1. Restricting internal and external access to your personal information; 
    2. Role-based access controls and authentication measures;
    3. Encryption of data in transit and at rest;
    4. Maintaining our technology systems to prevent unauthorised computer access;
    5. Secure destruction or de-identification of data when no longer required.
  1. 9.2 If we become aware of a data breach likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner, as required by law.
  3. Where applicable, we may also notify impacted customer organisations directly so they can meet their own regulatory obligations.
What this means for you

We use strict security measures like encryption and access controls to protect your information. If there’s ever a serious breach, we’ll notify you as required by law.

10. Accuracy and Retention

  1. 10.1 You may request access to or correction of your personal information by contacting us at privacy@hellocanopy.io

  1. 10.2 We retain personal information only for as long as reasonably necessary to fulfil the purposes outlined in this policy or as required by law. When no longer needed, we securely delete or de-identify the information.
What this means for you

You can ask to access or correct your information at any time. We don’t keep your data longer than necessary and securely delete it when it’s no longer needed.

11. Our Role as Data Processor

  1. 11.1 When providing our services to customer organisations, Hello Canopy acts as a data processor or service provider. The customer organisation is the data controller and determines how your personal information is used. We process such information only on their instructions and in accordance with our contractual obligations.
What this means for you

When your organisation uses Hello Canopy, they’re in charge of how your data is used. We just process it on their behalf under strict instructions.

12. Contact and Complaints

  1. 12.1 We will respond to your enquiry as soon as reasonably practicable. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact our Privacy Officer at privacy@hellocanopy.io
  3. We will respond to your enquiry as soon as reasonably practicable. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

    13. Cookie Policy

    1. 13.1 For information about how we use cookies and other tracking technologies, please see our separate Cookies Policy.