Last updated 30 April 2026
This Privacy Policy explains how Tendio collects, uses, holds, and discloses personal information. It applies to:
Tendio is bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where Tendio processes health information on behalf of clients, applicable state and territory health records legislation may also apply, including the Health Records Act 2001 (Vic), the Health Records and Information Privacy Act 2002 (NSW), the Health Records (Privacy and Access) Act 1997 (ACT), and equivalent legislation in other Australian jurisdictions. Tendio operates nationally and applies consistent privacy standards across all states and territories.
Tendio is a managed automation platform for Australian aged care and home care providers. We supply AI-powered workflow solutions that help care organisations automate a wide range of operational tasks, including billing reconciliation, regulatory monitoring, workforce management, family communications, and call answering, as well as custom solutions designed for individual clients.
Tendio does not directly provide care services. We are a technology provider that processes information on behalf of our clients (care organisations) under contract.
Processed on behalf of clients (care organisations):
The majority of personal information Tendio handles is provided by client organisations for the purpose of delivering our Solutions. This includes care recipient details, staff and roster data, billing and funding records, family contact information, and other operational data relevant to the specific Solution ordered. In relation to this information, Tendio acts as a data processor under contract; the client organisation is the data controller and remains responsible for its own collection notices and direct dealings with individuals.
Client organisations also remain responsible for meeting their own obligations under applicable legislation, including the Aged Care Act 1997 (Cth) and the NDIS Act 2013 (Cth), in relation to the records Tendio processes on their behalf.
Care recipients, family members, and staff are indirect data subjects in relation to Tendio. Tendio does not have a direct relationship with those individuals for data provided by the client. If you are a care recipient, staff member, or family member and have a question about how your information is being used, please contact the care organisation directly.
From Hub portal users (staff of Tendio's clients):
From website visitors:
From callers to phone lines (AI Voice Agent solution only):
Where Tendio operates a call answering service on behalf of a client, we collect directly from callers:
We will not collect personal information by unlawful or unfair means.
| Purpose | Information used |
|---|---|
| Respond to website enquiries | Name, email, phone, message |
| Provide and operate the Hub portal | Name, email, role, login activity |
| Deliver our Solutions on behalf of clients | As provided by the client and described in our MSA |
| Call handling (AI Voice Agent solution) | Caller name, message, phone number, transcript |
| Notify care organisations of calls | Caller name, message, urgency classification |
| Security, fraud prevention, and audit | Portal activity logs, technical data |
| Product improvement (anonymised, aggregated only) | Usage telemetry; no individual is identifiable |
| Comply with legal obligations | As required by applicable law |
We do not use personal information for direct marketing without your consent, and we do not sell personal information to third parties.
Tendio shares personal information only as necessary to deliver our services.
Our clients (care organisations): Call transcripts, summaries, and structured call data are sent to the client whose line was called. This is the core purpose for which the information is collected.
Sub-processors: Tendio engages the following categories of third-party services to operate the platform. All are contractually bound to use data only for the purposes Tendio specifies, and all process Australian data within Australia. A current list of named sub-processors is available on request.
| Category | Purpose | Location |
|---|---|---|
| AI model inference | Processes care data and call transcripts to generate workflow outputs, summaries, and recommendations | Australia |
| Cloud hosting | Hosts the Tendio platform, databases, application servers, and all backups | Australia |
Client-provided telephony systems: To deliver the AI Voice Agent solution and SMS notifications, Tendio connects to telephony infrastructure owned and contracted by the client. Tendio accesses these systems using credentials provided by the client under our Master Services Agreement. Data flowing through those systems prior to reaching Tendio's infrastructure is subject to the client's arrangements with their provider. Clients are responsible for ensuring their telephony provider processes data within Australia.
Law enforcement and regulators: Tendio may disclose personal information where required or authorised by law, including in response to a court order or lawful request from a regulator.
We do not transfer personal information outside Australia.
This section applies only to Tendio's AI Voice Agent solution. Most Tendio solutions do not involve direct contact with individuals; they process data provided by client organisations.
Where a client has deployed the AI Voice Agent solution, their phone line is answered by an AI voice agent operated by Tendio. If you call one of these lines, by continuing the call you acknowledge that:
The care organisation is responsible for letting callers know that an AI voice agent service is in use. If you are uncomfortable proceeding, you may end the call at any time.
All personal information handled by Tendio is stored and processed in Australia, including all backups. We do not transfer data to overseas servers. Our AI processing, database, and application hosting (including all backups) are hosted on Australian infrastructure.
Tendio uses reasonable administrative, technical, and physical safeguards to protect personal information against unauthorised access, loss, and disclosure. These include:
We do not use personal information to train, fine-tune, or improve any AI or machine learning model, and we contractually require our AI service providers to do the same.
No system is completely secure. If you become aware of a security concern, please contact us at hello@tendio.com.au.
If Tendio becomes aware of an eligible data breach under Part IIIC of the Privacy Act 1988 (Cth) that is likely to result in serious harm to any individual, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals (or, where the information was provided by a client, the relevant client) as required by law.
| Information | Retention period |
|---|---|
| Hub portal user accounts | Duration of client contract plus 6 months |
| Call transcripts and summaries | Duration of client contract plus 6 months |
| Website enquiry submissions | 2 years from the date of submission |
| Audit and security logs | 90 days |
| Anonymised usage telemetry | Indefinitely (no individual identifiable) |
After the applicable period, personal information is deleted or irreversibly anonymised, unless longer retention is required by law or permitted under our agreements with clients (for example, where data is needed for a legitimate dispute, audit, or insurance purpose).
Client organisations whose records are subject to statutory retention obligations (for example, under the Aged Care Act 1997 (Cth), the NDIS Act 2013 (Cth), or applicable state health records legislation) are responsible for exporting their data before the retention window closes. Tendio will provide a data export on request within 90 days of contract termination in accordance with our Master Services Agreement.
You have the right to request access to, and correction of, personal information Tendio holds about you.
We will respond to access and correction requests within 30 days. In some cases we may ask you to verify your identity before we can action a request.
If we decline to provide access or make a correction, we will explain why in writing and tell you how to complain.
If you believe Tendio has handled your personal information in a way that does not comply with the APPs, you can lodge a complaint with us at:
Email: hello@tendio.com.au
We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):
We may update this Privacy Policy from time to time. The current version will always be available at tendio.com.au/privacy. We will notify Hub portal users of material changes by email or in-portal notice at least 14 days before the change takes effect.
For privacy-related questions, access requests, or complaints:
Email: hello@tendio.com.au