euda

← Back to Home

Privacy Policy

Effective Date: 24 February 2026

1. Introduction

Euda (“we,” “our,” “us”) is an AI-powered workplace wellbeing companion designed to support employee wellbeing and provide insights into psychosocial risks. Protecting user privacy is central to our mission.

This Privacy Policy explains how we collect, use, store, and disclose personal information. Euda complies with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). While we are not yet certified under other regimes (such as the EU's GDPR or UK GDPR), we apply globally recognised privacy and security practices to support our international clients.

By using Euda, including via Slack or Microsoft Teams, you consent to the practices described in this Privacy Policy.

2. Information We Collect

We collect and process the following categories of information:

  • User-Provided Inputs: Messages, responses, or other information you share directly with Euda.
  • Wellbeing Indicators: Sentiment signals, engagement patterns, and psychosocial risk markers (aggregated and anonymised wherever possible).
  • Technical Data: Device type, browser, operating system, usage logs, and similar metadata.
  • Integration Metadata (Slack/Teams): Limited information such as interaction timestamps, channel IDs, or user IDs.

We only process messages directed to Euda.

We do not access private messages, contacts, or files unless explicitly authorised.

Important Note on Health Data

Euda does not collect or store official health records, medical diagnoses, or clinical health information.

We only process wellbeing indicators (e.g. mood, engagement, sentiment). Where this data could be considered “sensitive” under privacy law, we process it only with explicit user consent.

3. How We Use Your Information

We use the information we collect to:

  • Deliver personalised wellbeing support.
  • Provide anonymised, aggregated workplace wellbeing insights.
  • Improve our AI models, accuracy, and user experience.
  • Ensure secure, compliant operation of Slack and Microsoft Teams integrations.

We never use Euda to monitor employees for performance management, disciplinary action, or surveillance.

4. Data Hosting & Security

Euda is hosted exclusively on Amazon Web Services (AWS) in the Sydney Region.

  • Data Residency: All personal data is stored in Australia.
  • Certifications: AWS maintains compliance with ISO 27001, SOC 2, CSA STAR, and other internationally recognised standards.
  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access Control: Access to personal data is restricted to authorised personnel under confidentiality obligations.
  • Retention: Data is retained only as long as necessary and securely deleted after the appropriate retention period of inactivity.

5. Sharing & Disclosure

We do not sell personal data. We may share limited information only where necessary:

  • With employers or organisations, in fully anonymised, aggregated form.
  • With AWS as our hosting provider. AWS does not access or use personal data for its own purposes.
  • With regulators, courts, or authorities if legally required.

6. Slack & Microsoft Teams Integration

When you use Euda via Slack or Microsoft Teams:

  • Your organisation's administrators may control what data is shared with third-party apps.
  • Data processed by Euda remains subject to this Privacy Policy.
  • Slack and Microsoft also apply their own policies:

7. Calendar Integration (Google Calendar & Microsoft Outlook)

Euda offers optional integration with Google Calendar and Microsoft Outlook to provide insights about your meeting patterns and workload as part of our workplace wellbeing analysis.

What we access

  • Calendar event start and end times.
  • Number of attendees per event.
  • Whether an event is recurring.

We do not access event titles, descriptions, locations, attendee names, email addresses, or any event content.

How we use calendar data

  • To calculate wellbeing-related metrics such as total meeting hours, back-to-back meeting counts, after-hours meetings, available focus time, and meeting load trends.
  • To surface personalised insights (e.g., “You have 7 meetings today with limited breaks”).
  • Calendar data is used solely to provide user-facing wellbeing features within the Euda application.

How we store calendar data

  • Raw calendar events are never stored. Events are fetched on-demand, summarised into aggregate metrics (e.g., total meetings, hours in meetings, longest gap), and only those summaries are retained.
  • OAuth access tokens and refresh tokens are encrypted using AES-256-GCM and stored securely in AWS Systems Manager Parameter Store.
  • Cached daily summaries are retained for trend analysis and automatically refreshed.

How we share calendar data

  • Calendar data and derived summaries are not sold, transferred, or shared with any third party.
  • Calendar data is not used for advertising, marketing, credit assessment, or any purpose unrelated to workplace wellbeing.
  • Calendar data is not read by humans unless you provide explicit consent, or where necessary for security purposes or legal compliance.
  • Only anonymised, aggregated metrics may be included in organisational wellbeing reports, consistent with our existing data practices.

Connecting and disconnecting

  • Calendar integration is entirely optional and initiated by you.
  • You may disconnect your calendar at any time through Euda, which revokes access and removes stored tokens.
  • You may connect multiple calendar accounts (e.g., a work and personal calendar) and manage each independently.

Google API Services Compliance

Euda's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We limit our use of Google Calendar data to providing and improving user-facing wellbeing features.
  • We do not transfer Google Calendar data to third parties except as necessary for security, legal compliance, or with your explicit prior consent.
  • We do not use Google Calendar data for serving advertisements or for credit determination.
  • We do not allow humans to read Google Calendar data unless you have given affirmative consent, it is necessary for security purposes, it is required for legal compliance, or the data is aggregated and used for internal operations.

8. User Rights

Under the APPs, you have the right to:

  • Access your personal information.
  • Request corrections to inaccurate data.
  • Request deletion of your data (processed within 5 business days).
  • Opt out of certain processing activities (though this may limit functionality).

International users may have additional rights under local laws. While not yet GDPR-certified, Euda endeavours to respect equivalent rights where feasible.

9. AI Transparency & Ethics

  • Transparency: Euda provides wellbeing insights using AI. These are not a substitute for professional medical or mental health advice.
  • Fairness: Euda undergoes regular AI bias testing to reduce risks of discrimination.
  • Consent: By interacting with Euda, you consent to AI-driven processing of your inputs for wellbeing purposes.

10. Data Breach Response

If a breach occurs that may compromise personal data, we will:

  • Notify affected users as soon as possible.
  • Report the incident to the Office of the Australian Information Commissioner (OAIC) if required.
  • Take immediate steps to contain and mitigate risks.

11. Cross-Border Data

Euda stores all personal data in AWS Sydney Region. No personal data is transferred or stored outside Australia.

12. Updates

We may update this Privacy Policy periodically. Significant changes will be communicated via email or in-app notification.

Last Updated: 24 February 2026

13. Contact

Privacy Officer: Bia Affonso

Email: bia@euda.ai

Address: 50 Kensington Street, Chippendale, NSW 2008, Australia