No. Tell Touch is a vendor. We provide a "tool" that is used by providers to help them manage feedback and complaints.

Here are the measures to ensure each consumer's privacy is respected and personal information is kept confidential:

• Security has been designed with respect to the "Australian Privacy Principles" (part of the Australian Privacy Act). We follow these principles. This includes limited access to databases and only accessing the data for the purpose of diagnosing problems.
• All data is treated as "Protected Health Information".
• All data is hosted on servers managed Equinix in Sydney. Equinix is Australia's largest data centre provider. Many of their data centres are used by Australian banks. All the security measures they have in place apply.
• Servers are managed and maintained by Fly.io. They are SOC2 Type I compliant and have controls for HIPAA compliance.
• All data stored in our database is encrypted at rest using Linux LUKS block storage encryption secrets. This means that if someone were to get access to our database, they still would not be able to read it without the encryption keys.
• All data transmits over HTTPS using standard best practice encryption techniques. "Let's Encrypt" is used as the SSL Certificate Authority.
• All data is encrypted in transit over WireGuard (256-bit ChaCha20-Poly1305 with an authenticated Curve25519 key exchange).
• All data is routinely backed up.
• The backend is built in Ruby On Rails (a mature framework/language) using a PostgreSQL database.
• Upon sending feedback, the all data is completely removed from the kiosk app.
• On the mobile app, the data related to the feedback is removed. The users demographic data remains to make it easier to fill in the feedback form in the future.
• Organisations receive a dedicated instance of the "dashboard". No data from other organisations is stored alongside your data.
• The apps include "SSL Pinning" to prevent Man-In-the-middle (MITM) attacks. This means it stops people from intercepting data being transmitted to and from our servers.
• When feedback is submitted on the kiosk, in a mobile app, or on the website the consumer MUST comply with the Tell Touch Terms and Conditions and the Tell Touch Privacy Policy. We link to each, and the checkbox must be ticked before the feedback is submitted.

Tell Touch provides suggested documentation that is to be distributed to residents and representatives when Tell Touch is installed and when new consumers are on-boarded. This is up to each provider to implement.