facebook-pixel
Try Gatheroo FREE
Try Gatheroo FREE

Provider: Kicking Pixels Pty Ltd (ABN 13 136 066 496)
Address: S4.39 The Element Building, 200 Central Coast Highway, Erina NSW 2250
Contact: help@gatheroo.io
Governing Law: New South Wales, Australia
Certification ISO: 27001:2022 certified ISMS

These Terms and Conditions (“Terms”) govern access to and use of the Gatheroo platform and services (“Service”) operated by Kicking Pixels Pty Ltd. By creating an account or using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service.

Part A contains the main Terms and Conditions.

Part B is the Data Processing Addendum, which applies where you use Gatheroo to collect personal information from your own clients.

Part A |Terms and Conditions

1. Definitions

In these Terms, the following words have the meanings set out below.

Term Meaning

Account A unique account created by you to access the Service.
Company / We / Us Kicking Pixels Pty Ltd (ABN 13 136 066 496).
Customer / You The business or individual accessing the Service under a Subscription.
Customer Data Any data, documents, or files uploaded to the Service by you or your Clients.
Client A third party from whom you collect information or documents using the Service.
Service The Gatheroo web-based platform at gatheroo.io and app.gatheroo.io.
Subscription A paid or trial plan granting access to the Service.
Confidential Information Any non-public information disclosed by one party to the other in connection with the Service.
DPA The Data Processing Addendum set out in Part B of these Terms.
Personal Information Information or an opinion about an identified or reasonably identifiable individual, as defined under the Privacy Act 1988 (Cth).

2. The Service

2.1 What Gatheroo Does

Gatheroo is a secure, web-based platform that enables businesses to request, collect, and organise documents and information from their clients. The Service is provided on a software-as-a-service basis.

2.2 Account Registration

To use the Service you must create an Account. You must provide accurate, current, and complete registration information and keep it up to date. You are responsible for all activity that occurs under your Account.

You must be at least 18 years old and have the legal authority to bind the business on whose behalf you are registering. The Service is not intended for use by individuals under 18.

2.3 Acceptable Use

You agree to use the Service only for lawful purposes and in accordance with these Terms. You must not:

  • Use the Service to collect, store, or transmit unlawful, fraudulent, or unauthorised content
  • Use the Service in a way that would require your Clients to provide personal information without an appropriate lawful basis under applicable privacy law
  • Attempt to gain unauthorised access to any part of the Service or its underlying infrastructure
  • Reverse engineer, decompile, or otherwise attempt to derive the source code of the Service
  • Resell or sublicense the Service to third parties without our prior written consent
  • Use the Service to send unsolicited communications or to harass, defame, or discriminate against any person
  • Introduce malware, viruses, or other harmful code into the Service

We reserve the right to suspend or terminate your Account immediately if we reasonably believe you are in breach of this clause.

3. Subscriptions and Billing

3.1 Subscription Plans

Access to the Service requires a paid Subscription. Subscription plans and pricing are set out on our pricing page at gatheroo.io/pricing. All prices are in Australian Dollars (AUD) and include GST where applicable.

3.2 Billing and Payment

Subscriptions are billed in advance on a recurring basis (monthly or annually, depending on your selected plan). Billing is processed securely by Stripe. You must provide accurate billing information and maintain a valid payment method. If payment fails, we will notify you and provide a reasonable opportunity to update your payment details before suspending access.

3.3 Free Trial

We may offer a free trial for a limited period. No charge will be made until the trial period expires. At the end of the trial, if you have not subscribed to a paid plan, your access will be restricted. We may modify or cancel free trial offers at any time.

3.4 Fee Changes

We may change Subscription fees from time to time. We will give you at least 30 days’ written notice of any fee increase before it takes effect. Your continued use of the Service after the effective date constitutes acceptance of the new fees. If you do not accept the new fees, you may cancel your Subscription before the change takes effect.

3.5 Cancellation

You may cancel your Subscription at any time through your Account settings. Cancellation takes effect at the end of your current billing period. You will retain access to the Service until that date. Fees already paid are non-refundable except where required by the Australian Consumer Law or as otherwise stated in these Terms.

3.6 Refunds

Except as required by the Australian Consumer Law, Subscription fees are non-refundable. Refund requests may be considered on a case-by-case basis at our discretion. Nothing in this clause limits your rights under the Australian Consumer Law.

4. Customer Data and Content

4.1 Ownership

You retain full ownership of all Customer Data you upload to the Service. We claim no intellectual property rights over your Customer Data.

4.2 Licence to Operate the Service

You grant us a limited, non-exclusive, worldwide licence to store, process, and transmit your Customer Data solely to the extent necessary to provide and maintain the Service for you. We do not use your Customer Data for any other purpose, including training AI models, advertising, or sharing with third parties outside of what is described in the Data Processing Addendum (Part B).

4.3 Your Responsibility for Customer Data

You are solely responsible for the accuracy, legality, and appropriateness of all Customer Data.

You represent and warrant that:

  • You have all necessary rights and permissions to upload Customer Data to the Service
  • Collecting information from your Clients using the Service complies with applicable privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles
  • You have informed your Clients about how their information will be collected and used, and obtained any necessary consents

4.4 Content Restrictions

You must not upload to the Service any content that is unlawful, infringes third-party rights, contains malware, or is otherwise prohibited by applicable law.

4.5 Data Backup

We perform automated daily backups of Customer Data, stored in geographically redundant locations. Backup integrity is tested regularly. While we take reasonable steps to prevent data loss, we recommend that you maintain your own independent copies of critical data. Our liability in the event of data loss is limited as set out in clause 8.

4.6 Data on Account Termination or Cancellation

Following cancellation or termination of your Subscription, your data will remain accessible for a 30-day grace period to allow you to export it. After this period, your Customer Data will be securely deleted in accordance with our data retention schedule. You may request immediate deletion at any time by contacting help@gatheroo.io. Details of our data handling obligations are set out in the DPA (Part B).

5. Intellectual Property

The Service, including its software, design, features, and all content produced by us, is owned by Kicking Pixels Pty Ltd and protected by Australian and international intellectual property laws. Our trademarks and trade dress may not be used in connection with any product or service without our prior written consent.

Nothing in these Terms transfers any of our intellectual property to you, and nothing transfers your intellectual property to us, except the limited licence in clause 4.2.

5.1 Feedback

If you provide feedback, suggestions, or ideas about the Service, you grant us a non-exclusive, perpetual, royalty-free licence to use that feedback to improve the Service. We are under no obligation to act on any feedback provided.

6. Security and Availability

6.1 Our Security Commitments

We are certified to ISO 27001:2022 and operate a formal Information Security Management System (ISMS). Our security measures include:

  • Encryption of all data in transit using TLS 1.2 or higher
  • Encryption of all data at rest using AES-256
  • Multi-factor authentication (MFA) enforced for all internal systems
  • Role-based access control with the principle of least privilege
  • Regular vulnerability assessments and security reviews
  • Automated monitoring and threat detection
  • A documented incident response plan

Full details of our security controls and subprocessors are available at our Trust Centre: kickingpixelsgroup.com.au/trust-centre.

6.2 Your Security Responsibilities

You are responsible for maintaining the security of your Account credentials. You must use strong passwords, enable MFA where available, and notify us immediately at help@gatheroo.io if you suspect any unauthorised access to your Account.

6.3 Service Availability

We aim to maintain high availability of the Service. Our current status and any known incidents are available at gatheroo.statuspage.io. Planned maintenance will be communicated in advance where practicable. We do not guarantee uninterrupted access to the Service but will use commercially reasonable efforts to minimise downtime.

7. Confidentiality

Each party agrees to keep the other’s Confidential Information confidential and not to disclose it to any third party without prior written consent, except:

  • To employees, contractors, or subprocessors who need it to perform obligations under these Terms and are bound by equivalent confidentiality obligations
  • As required by law, regulation, or a court order -in which case the disclosing party will give the other party reasonable advance notice where legally permitted

This obligation survives termination of these Terms for a period of three years.

8. Limitation of Liability

8.1 Liability Cap

To the maximum extent permitted by applicable law, our total aggregate liability to you for any claims arising under or in connection with these Terms or the Service is limited to the total Subscription fees paid by you to us in the 12 months immediately preceding the event giving rise to the claim.

8.2 Exclusion of Consequential Loss

To the maximum extent permitted by applicable law, we are not liable for any indirect, incidental, special, or consequential loss or damage, including loss of profits, loss of data, or business interruption, even if we have been advised of the possibility of such loss.

8.3 Australian Consumer Law

Nothing in these Terms limits or excludes any rights you may have under the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)) or other applicable law that cannot be excluded by contract. Where the law implies a guarantee that cannot be excluded, our liability for a breach of that guarantee is limited, to the extent permitted by law, to resupplying the Service or paying the cost of having the Service resupplied.

8.4 Service Disclaimer

The Service is provided “as is” and “as available.” We do not warrant that the Service will be error-free, uninterrupted, or fit for any particular purpose beyond what is described in these Terms. We make no representations about the completeness or accuracy of information provided through the Service.

9. Termination

9.1 Termination by You

You may terminate your Subscription at any time by cancelling through your Account settings or contacting help@gatheroo.io. Termination takes effect at the end of your current billing period.

9.2 Termination by Us

We may suspend or terminate your Account immediately, with written notice where practicable, if:

  • You materially breach these Terms and fail to remedy the breach within 14 days of written notice
  • You breach clause 2.3 (Acceptable Use) in a way that poses an immediate risk to the Service or other users
  • You become insolvent or subject to administration, liquidation, or receivership
  • We are required to do so by law or regulatory obligation

9.3 Effect of Termination

On termination, your right to access the Service ceases. We will retain your Customer Data for 30 days to allow export, after which it will be securely deleted. Our rights and obligations under clauses 4.1, 5, 7, 8, and Part B survive termination.

10. Disputes Resolution

If a dispute arises between you and us in connection with these Terms or the Service, the parties agree to the following process:

  1. Notify us in writing at help@gatheroo.io, describing the dispute and the outcome sought.
  2. Within 10 business days of receiving the notice, a representative of each party will meet (in person, by phone, or video) to attempt to resolve the dispute in good faith.
  3. If the dispute is not resolved within 30 days of the initial notice, either party may refer the matter to mediation administered by the Resolution Institute (or a mutually agreed mediator) before commencing legal proceedings.
  4. Nothing in this clause prevents either party from seeking urgent interlocutory or injunctive relief from a court.

These Terms are governed by the laws of New South Wales, Australia. The parties submit to the non-exclusive jurisdiction of the courts of New South Wales.

11. General

11.1 Changes to These Terms

We may update these Terms from time to time. If we make material changes, we will give you at least 30 days’ notice by email or a prominent notice in the Service. Continued use of the Service after the effective date of updated Terms constitutes acceptance. If you do not agree, you may cancel your Subscription before the changes take effect.

11.2 Entire Agreement

These Terms (including the DPA in Part B) constitute the entire agreement between you and us in relation to the Service and supersede all prior agreements, representations, or understandings. In the event of any inconsistency between the main Terms and the DPA, the DPA prevails to the extent of the inconsistency.

11.3 Severability

If any provision of these Terms is found to be invalid or unenforceable, that provision will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in full force and effect.

11.4 Waiver

Failure by either party to enforce any provision of these Terms does not constitute a waiver of the right to enforce that provision in the future.

11.5 Assignment

You may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign our rights and obligations to a related entity or in connection with a merger, acquisition, or sale of assets, provided we give you reasonable notice.

11.6 Subprocessors

Our current list of subprocessors is maintained at our Trust Centre: kickingpixelsgroup.com.au/trust-centre. We will give you reasonable notice of any changes to our subprocessors.

11.7 Links to Third-Party Sites

The Service may contain links to third-party websites. We are not responsible for the content or privacy practices of those sites. We encourage you to review the terms and privacy policies of any third-party sites you visit.

11.8 Contact

For questions about these Terms, contact us at help@gatheroo.io or by post at S4.39 The Element Building, 200 Central Coast Highway, Erina NSW 2250, Australia.

Part B | Data Processing Addendum (DPA)

Important: This Data Processing Addendum forms part of the Terms and Conditions and applies automatically where you use Gatheroo to collect personal information from your Clients.

You do not need to sign a separate document, by using the Service you agree to this DPA. If your organisation requires a countersigned standalone DPA (for example, for enterprise procurement), please contact help@gatheroo.io.

DPA 1. Background and Purpose

When you use Gatheroo to collect personal information from your Clients, you act as the Data Controller -you determine what information is collected and why. Kicking Pixels Pty Ltd acts as the Data Processor -we process that information on your behalf, according to your instructions, solely to provide the Service.

This DPA sets out how we handle personal information in our role as Data Processor, and your obligations in your role as Data Controller. It is intended to satisfy the requirements of:

  • The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
  • The Notifiable Data Breaches (NDB) scheme (Part IIIC of the Privacy Act)
  • The EU General Data Protection Regulation (GDPR) and UK GDPR, where applicable

DPA 2. Definitions

Term Meaning

Data Controller The Customer (you), who determines the purposes and means of processing personal information through Gatheroo.
Data Processor Kicking Pixels Pty Ltd, who processes personal information on behalf of the Data Controller.
Data Subject The individual whose personal information is collected (i.e., your Client or their representatives).
Personal Information Information or an opinion about an identified or reasonably identifiable individual (Privacy Act 1988, s 6).
Processing Any operation performed on personal information, including collection, storage, retrieval, use, disclosure, and deletion.
Sub-processor A third party engaged by us to assist in processing personal information as part of delivering the Service.
Security Incident Any unauthorised access to, disclosure of, or loss of personal information held in the Service.

DPA 3. Data Controller Obligations

As the Data Controller, you agree to:

  1. Ensure you have a lawful basis under applicable privacy law to collect personal information from your Clients using the Service (for example, consent, contractual necessity, or a legal obligation).
  2. Provide Clients with a clear and accessible privacy notice explaining what information is collected, how it is used, and their rights -before requesting information through Gatheroo.
  3. Only instruct us to process personal information in ways that are lawful and consistent with applicable law.
  4. Promptly respond to any Data Subject access, correction, or deletion requests relating to personal information you have collected through the Service.
  5. Ensure that any sensitive information (such as financial records, identity documents, or health information) collected through Gatheroo is genuinely necessary for your business purposes.
  6. Notify us promptly if you become aware of any complaint, claim, or regulatory inquiry relating to personal information processed through the Service.

DPA 4. Data Processor Obligations

As the Data Processor, we agree to:

4.1 Process Only on Your Instructions

We will process personal information only in accordance with your documented instructions, as set out in these Terms and the main T&Cs, or as otherwise agreed in writing. We will not process personal information for any other purpose, including our own marketing, analytics, or product development.

4.2 Confidentiality

All staff and contractors with access to personal information are bound by confidentiality obligations. Access is restricted to those who need it to provide the Service.

4.3 Security

We implement and maintain technical and organisational security measures appropriate to the nature of the personal information processed. These measures include, but are not limited to:

  • Encryption at rest (AES-256) and in transit (TLS 1.2+)
  • Multi-factor authentication for all internal system access
  • Role-based access control with the principle of least privilege
  • Regular automated backups stored in geographically redundant locations
  • Continuous monitoring and automated threat detection
  • Annual security assessments and penetration testing
  • Staff training on data protection and security

Our ISO 27001:2022 certification provides independent verification of our security controls. Our Trust Centre at kickingpixelsgroup.com.au/trust-centre sets out the full list of controls and current certification status.

4.4 Sub-processors

We engage the following sub-processors to assist in delivering the Service. All sub-processors are bound by contractual data protection obligations at least equivalent to those in this DPA.

Sub-processor Location Purpose
Amazon Web Services (AWS) Australia Primary cloud infrastructure – all Gatheroo data is stored and processed on AWS in Australia
Stripe USA Payment processing – billing data and email addresses only; no Customer Data uploaded to Gatheroo is shared with Stripe
Bitbucket (Atlassian) USA Source code version control – no Customer Data is stored in Bitbucket
Microsoft Office 365 USA Internal document management – used by Kicking Pixels staff; not used to store Customer Data from Gatheroo
WP Engine Australia Website hosting for gatheroo.io marketing site – no Customer Data is stored on WP Engine

 

We will notify you of any intended change to this sub-processor list (additions or replacements) with at least 14 days’ notice, giving you the opportunity to object. If you object on reasonable data protection grounds and we cannot accommodate your objection, you may terminate your Subscription without penalty.

4.5 Assistance with Data Subject Rights

We will provide reasonable assistance to help you respond to Data Subject requests (access, correction, deletion, portability). Where a Data Subject contacts us directly about personal information that you, as Data Controller, are responsible for, we will direct them to you and notify you of the contact.

4.6 Assistance with Compliance

We will provide reasonable assistance to you in meeting your obligations in relation to:

  • Security of processing
  • Notification of personal data breaches
  • Data protection impact assessments (where required)
  • Vendor security assessments and procurement due diligence

We can provide a countersigned standalone DPA, our ISO 27001 certificate, and relevant sections of our Statement of Applicability (SoA) upon request.

DPA 5. Security Incidents and Breach Notification

We maintain a documented Incident Response Plan and monitor our systems for security threats continuously.

In the event of a Security Incident involving personal information you have collected through Gatheroo, we will:

  1. Notify you without undue delay, and in any event within 72 hours of becoming aware of the incident (to support your obligations under the NDB scheme and, where applicable, GDPR)
  2. Provide you with sufficient information to assess the nature, scope, and likely impact of the incident, including the categories and approximate number of Data Subjects and records affected
  3. Take immediate steps to contain the incident and mitigate harm
  4. Cooperate with you and relevant authorities throughout the investigation and remediation process
  5. Provide a written incident report once the investigation is complete

As the Data Controller, you are responsible for determining whether a notifiable data breach has occurred under the NDB scheme and for making any required notifications to the Office of the Australian Information Commissioner (OAIC) and affected individuals.

DPA 6. International Data Transfers

All Gatheroo Customer Data is stored on AWS infrastructure located in Australia. We do not transfer Customer Data outside Australia in the ordinary course of operating the Service.

Two sub-processors (Stripe and Bitbucket/Atlassian) are based in the USA. However:

  • Stripe processes only billing data (name, email, payment details) – no documents or information uploaded to Gatheroo are shared with Stripe
  • Bitbucket holds only source code – no Customer Data is stored in our code repositories

Where any transfer of personal information outside Australia occurs, we ensure appropriate safeguards are in place, including contractual protections requiring the recipient to maintain privacy standards equivalent to the Australian Privacy Principles.

DPA 7. Data Retention and Deletion

We retain Customer Data for the duration of your active Subscription and for a 30-day grace period following cancellation or termination. After this period, Customer Data is securely deleted. You may request immediate deletion of your data at any time by emailing help@gatheroo.io.

The following retention schedule applies to different categories of data:

Data Category Retention Period Basis
Customer Data (documents and information uploaded to Gatheroo) Duration of Subscription + 30-day grace period Service delivery; deleted on request
Account information Duration of Subscription Service delivery
Payment records 7 years after transaction ATO / tax obligations
Security and access logs 12 months Security monitoring and incident investigation
Support and communication records 3 years Legitimate interest

On deletion, data is permanently removed from production systems. Encrypted backup copies are purged within 90 days of the deletion request, in accordance with our backup rotation schedule.

DPA 8. Audit and Compliance

We will make available to you, on reasonable request, the information necessary to demonstrate our compliance with this DPA. This includes:

  • A copy of our current ISO 27001:2022 certificate
  • Our Trust Centre documentation at kickingpixelsgroup.com.au/trust-centre
  • Relevant sections of our Statement of Applicability (SoA), subject to NDA for sensitive security information
  • Pre-filled vendor security questionnaires and procurement documentation

We do not permit on-site audits by individual customers as a standard arrangement, given the sensitive nature of multi-tenant infrastructure. However, we are happy to facilitate security assessments and calls for enterprise customers as part of a documented vendor review process.

DPA 9. Term and Termination

This DPA applies for as long as we process personal information on your behalf under the main Terms. It terminates automatically when your Subscription ends and all Customer Data has been deleted in accordance with clause DPA 7.

Obligations of confidentiality and those relating to Security Incidents survive termination of this DPA.

Contact and Countersigned DPA Requests

If you require a countersigned standalone copy of this Data Processing Addendum for procurement, vendor onboarding, or regulatory purposes, please contact us:

Email help@gatheroo.io
Post Kicking Pixels Pty Ltd,
S4.39 The Element Building,
200 Central Coast Highway, Erina NSW 2250
Australia
Trust Centre kickingpixelsgroup.com.au/trust-centre
Status Page gatheroo.statuspage.io

 

Try Gatheroo Free See How it Works Help