Privacy Policy

We collect information in three ways:

• Information you give us — when you submit the contact form or the "Try Now" form, we collect your name, email address, business name, phone number (optional), and the message you write describing your operations or problem.
• Conversation data — if you chat with our concierge agent or use the voice agent, we record the transcript of that conversation so we can follow up usefully and improve the service.
• Technical data— your IP address (for rate-limiting and abuse prevention), browser user agent, basic page analytics, and a session cookie ("aitearoa.trial") that links you to your trial workspace if you signed up.

• To respond to your enquiry (Daniel reads every message personally).
• To generate a personalised acknowledgement email — our AI concierge produces a three-paragraph reply and a short diagnostic of where AI/automation could help your operation. This is generated on the fly and not used to train any model.
• To improve our service and the trial workspace experience.
• To detect abuse: rate-limiting by IP, bot-detection (Cloudflare Turnstile), and honeypot checks. Failed attempts are logged and dropped.

We do not sell your information to anyone. We do not use your conversations or form submissions to train AI models.

We use the following processors to deliver the service:

• Supabase — stores lead records, conversation history, and rate-limit counters (hosted in EU/US regions depending on configuration).
• Resend — delivers acknowledgement and notification emails.
• Anthropic (Claude) — generates the personalised email body and operations diagnostic. Anthropic processes the input ephemerally and does not retain it for training under their commercial API terms.
• ElevenLabs — powers the voice concierge (only when you actively start a voice call). Audio is processed in real-time and not retained long-term.
• Deepgram — transcribes voice input to text in real-time. Transcripts are processed and dropped per their API terms.
• Cloudflare — DNS, bot-protection (Turnstile), and edge proxying.
• Fly.io — application hosting (Sydney region for low NZ latency).
• Google Workspace — for business email at aitearoa.ai addresses.

We share your information with these providers only to the extent needed to deliver the service. They are bound by their own privacy policies and (where applicable) data processing agreements.

Some of the providers above process data outside New Zealand (notably the United States, European Union, and Australia). By using the site you consent to your information being transferred to and processed in those jurisdictions. Each provider operates under appropriate safeguards (GDPR-aligned terms, SOC 2, ISO 27001).

• Lead records — kept indefinitely while we have an active business relationship, or for up to seven years after our last interaction (consistent with NZ business-records retention norms). You can request deletion at any time.
• Conversation transcripts — retained alongside your lead record while active.
• Rate-limit logs — kept for ~30 days then aged out.
• Cookies — the trial session cookie expires after 30 days.

Under the NZ Privacy Act 2020 you have the right to:

• Ask us what information we hold about you.
• Ask us to correct anything that is wrong.
• Ask us to delete your information.
• Withdraw consent for further processing (which means we'll stop emailing you and remove your record).
• Complain to the New Zealand Office of the Privacy Commissioner if you think we've mishandled your information (privacy.org.nz).

To exercise any of these rights, email daniel@aitearoa.ai. We'll respond within 20 working days.

We use a small number of first-party cookies for essential site function — there is no advertising or tracking cookie. Cloudflare Turnstile may set its own session cookie when verifying you aren't a bot.

All traffic is HTTPS-only with valid Let's Encrypt certificates. Secrets and API keys are stored in Fly.io's encrypted secret store. Supabase data is encrypted at rest. We don't hold credit card information.

The site is intended for business users. We do not knowingly collect information from anyone under 16.

We may update this policy from time to time. The "last updated" date at the top reflects the most recent change. Material changes will be highlighted on the home page for at least 14 days.

Daniel Thomson
Managing Director, AiTearoa
Email: daniel@aitearoa.ai
Phone: +64 21 178 2272