Learn about our data processing policies

Together Platform is a GDPR-defined Data Controller, although the customer data we handle ultimately falls under the ownership of the customer as outlined in our Customer Terms of Service. 

Together is SOC2 certified through an independent 3rd party auditor on an annual basis. To request a copy of our SOC2, please submit a request here

Together Platform complies with GDPR including its four main pillars of standard:

  • Data Flow
  • Explicit Consent
  • Right to Access
  • Right to be forgotten

Data Flow

Together only collects data necessary for the purpose of managing employee mentoring and learning programs. This includes data like name, email, demographic data provided by our customer, and data collected through the use of the tool such as mentoring progress, notes and feedback. We also collect data on application usage for the purpose of error tracking, troubleshooting and maintenance and reliability of the software. 

All data is encrypted in transit and at rest. We use HTTPS for all network traffic and sessions are authenticated with OAuth2.0. At rest, we use Google Cloud Platform’s database and storage products, which use state of the art encryption protocols. 

Explicit Consent

Users signing up for Together Platform are presented with Terms of Use and a Privacy Policy, the latter of which contains information about our Cookie Policy.


We have security policies that outline procedures to inform our customers in the unlikely event of a data breach. For more information, see our Security Policies.

Together Platform is SOC2 certified by an independent 3rd party auditor. This means we comply with the strictest security standards, ensuring we constantly monitor our systems for security risks and vulnerabilities and renew our audit on an annual basis. 

Right to access

Any user may request access to the data we have about their account by submitting a request here. Our customers can also download the data about their users in the Reports page of the admin panel. 

Right to be forgotten

Users may delete their account on-demand on the Settings page of their profile. They may also request deletion by submitting a request here

Upon deletion, the PII of the user account will be removed. 



Have more questions? Submit a request here and let us know how we can help!


Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Please sign in to leave a comment.