Privacy Policy


Who we are and what this policy covers Bang the Table’s mission is to improve the quality of public debate and level of community involvement in public life. Our expertise in the online space aims to empower organizations and the communities they care about by providing them affordable and accessible opportunities to learn about and contribute to the decisions that affect their daily lives.

We provide EngagementHQ, the leading software-as-a-service (SaaS) platform for community engagement to hundreds of government agencies and large enterprises across Australia, Canada, UK, USA and New Zealand.

Our clients run their community engagement websites on EngagementHQ, which gives them all of the benefits of our engagement methodology expertise as well as best practice privacy and security operations.

We take the privacy of all information stored on our platform very seriously and are committed to comply with applicable laws and regulations in all of the jurisdictions we operate in. These regulations include the European Union’s General Data Protection Regulation (‘GDPR’), the Canadian Privacy Act PIPEDA, the Australian Privacy Act 1988 and New Zealand Privacy Act 1993.

We’ve created this privacy policy to explain how we treat personal information on our technology platform. It also explains how the rights of every individual whose personal data we are dealing with are protected and fulfilled effectively.

Please note that our clients’ websites have their own separate privacy policies. This Privacy Policy exists to detail how we, Bang the Table, treat the data collected via the EngagementHQ platform. We may update this privacy policy from time to time and we encourage you to check our website regularly to ensure that you are aware of our most current version.

This policy covers:


What personal information we collect and how we use it

We manage the following personal information when provided to us through use of our services:

Profile Information

Profile information means the details provided by individual users as a part of the registration process on our clients’ websites. These details can include personal information such as email address, gender, age range and location. The extent of detail collected vary on each of our clients’ websites as configured by the client operating the website. The details collected are bound by the specific consent received by each client therein.

We use email addresses for transactional emails for registration verification as well as automated notifications relevant to use of the services. Demographic data is acessed in anonymised form by us for benchmarking and analysis.

User Created Content

User created content means the content created as part of users’ interaction with our clients’ websites. These can include personal details provided within responses to surveys, comments on discussion forums, or any of the other engagement tools available on our technology platform. These engagement tools are configured by clients to fit their consultation needs and the details collected are also bound by the specific consent received by each client therein. The available engagement tools are outlined here.

Any comments contributed to publicly accessible sections of clients’ websites may be read, collected or used by any member of the public who chooses to access them. This information may remain posted on these sites, even if a user’s account is deleted at their request.

There are rare occasions where we seek to use some publicly accessible information to include in our promotional material; we will obtain explicit permission from our client before doing so.

Device Information and Log Data

We collect information about the device used to access clients’ websites; this includes device type, operating system, browser information, connection type, IP address, and the URLs of referring pages. Additionally, we log the date and time of access to our services, as well as any error data.

We use device and location information to help us optimize performance and improve overall user experience. Log data helps us troubleshoot errors, analyze performance, resolve reliability issues, perform security audits, and investigate potential service fraud or abuse.

Service Metadata

This data is generated automatically when users visit our clients’ websites. It provides us with information about how our application is used. This includes the links clicked, the search terms used, and the features accessed.

We also use this information to measure the ease of use of our product, enhance our services and guide our future development.

Support Information

When our clients or their users reach out to us for support, this contact typically happens through a third-party support platform. The information provided to our team is saved as part of our support history.

We use this information to resolve any issues users are having, relay feedback to our team, and to respond to comments and requests.


Cookies are small text files that are automatically stored by internet browsers when users visit a website that uses them. Internet browsers send these cookies back to that website every time it is visited, so it can recognize the computer or mobile device, typically to help personalize and improve the browsing experience.

We use two types of cookies:

  • Essential cookies that are necessary to help users sign in, access and move around our site and use all its features. Without these cookies, clients’ websites created on our platform would not work properly and users would not be able to access certain important features of these websites.
  • Analytics cookies to help us understand how visitors arrived at our website, how and how long they use it and how we can improve their experience. To place these cookies, we use Google Analytics. We have set our Google Analytics to protect users’ privacy to the maximum extent. We are also not using any other Google Analytics related cookie services which are offered by Google.


How we share information

We Do Not Sell Data

Our business model is based on providing a software platform and attendant services on a subscription basis to our clients. All of the data created on our technology platform belongs to our clients and their communities, and as such is governed by our clients’ policies. Our role is to process the data in accordance with our service agreements with our clients.

This means that we do not own and can never sell any personal data that we collect through EngagementHQ to advertising companies or any other third parties.

Social Media Widgets

EngagementHQ allows social media links and widgets to be embedded as an option. In order to function properly, these features may set a cookie that records the page from which users engage with them, as well as their IP address. These features may also link to other websites or services whose privacy policies differ from ours. We do not have any influence over which data these providers collect from users and we are also not aware of the extent of their data processing. As a result, any information provided to them by users of our platform will be governed by their policies and not this one.

Third-Party Integrations

Our clients are free to allow third-party integrations to connect to their websites. Once enabled, EngagementHQ may share information with those services to support integration. Bang the Table does not control the way in which these services collect, share, or use information. Clients should review the privacy policies of all third-party services before connecting to them.

Legal Compliance and Fraud Prevention

In exceptional circumstances, we may disclose information to a third party if we receive a request and believe that the disclosure is in accordance with or required by any applicable law, rule or regulation, legal process, or enforceable governmental request. We may also do so to enforce our Terms of Service, investigate potential violations, track and solve security or technical issues, and protect against any harm to the rights, property or safety of Bang the Table, its clients, or the public as required or permitted by law.

How we store, secure, and transfer information

Data Security

We take the privacy of all information stored on our platform very seriously  We take all reasonable measures to protect this information, and to prevent any kind of unauthorized access, misuse, loss, or disclosure.

We are committed to complying with relevant standards in all of the jurisdictions in which we do business and have implemented industry best practices such as ISO 27001 to support this commitment. Click through for further detail on the measures we have in place to protect data.

Data Retention

Bang the Table stores information for as long as that particular client’s service agreement is active, and for a six-month period thereafter, in case the client decides to use our services again.

Third Party Service Providers

We utilise a range of third party services in order to enhance the service we provide to our clients. We use third parties for hosting infrastructure, spam control, website performance and management, error monitoring, support and other functionality. Our contracts with these services provide for the maintenance, confidentiality, security, and integrity of the information we share with them.

Please follow this link for more information about the third-party services we use.


Users’ data rights and choices

Subject to applicable local laws and regulations, users may have some or all of the following rights with respect to their personal data residing with us:

  • to access their personal data and to rectify any inaccuracies within that personal data;
  • to request the erasure of their personal data residing with us;
  • to request their personal data in portable, machine-readable format; and
  • to withdraw their consent for our processing of their personal data.

Since the personal data we collect is controlled by our clients, the applicability, details of methods and terms for requesting and fulfilling of these rights will be governed by our clients’ policies and agreements with their users.

Bang the Table is GDPR-compliant and committed to helping our clients fulfill their specific data privacy obligations.


How to contact us

If you have any questions about Bang the Table’s Privacy Policy, or want to make a request with regard to personal information, please contact us at

If you are contacting us regarding data collected by us on behalf of one of our clients, we will refer your request to the relevant client for their consideration.