thoughtwarewhiteedit
- Privacy Policy -

Intelligent, productive solutions

Home   ↣   Privacy Policy

1. Overview

ThoughtWare Australia Pty Ltd (“ThoughtWare”, “we”, “our”) is committed to protecting personal information and handling it responsibly in the delivery of our ionMy Governance, Risk and Compliance (GRC) platform.

This policy explains how we collect, use, disclose, store, and protect personal information in accordance with applicable privacy laws and our security and compliance commitments including SOC 2 requirements.

2. Information We Collect

We may collect and process:

  • Client Data: Information entered into ionMy by our customers (e.g. employee records, incident data, compliance records)
  • Account Information: Names, email addresses, roles, and login credentials
  • Usage Data: System interactions, logs, and analytics
  • Support Data: Information provided during support or training interactions

Important: 
For most data within ionMy, ThoughtWare acts as a data processor, and our clients control the data.

3. How We Use Information

We use information to:

  • Deliver and operate the ionMy platform
  • Maintain system security and integrity
  • Provide customer support and training
  • Improve product performance and functionality
  • Meet legal and regulatory obligations

We do not sell personal information.

4. Data Hosting & Cross-Border Transfers

ionMy is hosted on cloud infrastructure provided by Amazon Web Services.

  • Data is stored in secure data centres (typically within NSW, Australia unless otherwise agreed)
  • Where cross-border processing occurs, appropriate safeguards are applied

5. Disclosure of Information

We may disclose information to:

  • Cloud hosting and infrastructure providers
  • Support and service partners
  • Regulatory authorities where required by law

All third parties are subject to confidentiality and security obligations.

6. Data Security

We implement appropriate technical and organisational controls, including:

  • Encryption of data in transit and at rest
  • Role-based access controls (RBAC)
  • Multi-factor authentication (where enabled)
  • Monitoring and logging of system activity
  • Regular security reviews and updates

7. Data Retention & Disposal

We retain personal information:

  • For the duration of the client relationship, and
  • As required for legal, contractual, or operational purposes

Upon termination:

  • Client data is returned or securely deleted in accordance with contractual terms
  • Backup data is securely overwritten in line with retention schedules

8. Access, Correction & Deletion

Individuals may request:

  • Access to their personal information
  • Correction of inaccurate information
  • Deletion of personal information (where applicable)

Requests should be directed to the relevant client organisation or to ThoughtWare where appropriate.

9. Data Breach & Incident Response

ThoughtWare maintains an incident response process aligned with industry standards.

In the event of a data breach:

  • Affected clients will be notified
  • Regulatory obligations will be met
  • Appropriate remediation actions will be taken

10. Cookies & Analytics

We may use cookies or similar technologies for:

  • Session management
  • Security
  • Usage analytics

Users can manage cookie preferences via their browser.

11. Changes to This Policy

We may update this policy periodically. Updates will be published on our website.

12. Contact

For privacy-related enquiries:

ThoughtWare Australia Pty Ltd


Email Us

Last Reviewed: 3/5/2026