Privacy Policy

1. Personal information we collect

1.1 Information you give us directly

• Name, email address, phone number when you contact us, request a quote, or book a meeting through our scheduling tool;
• Company name, role, business needs you describe;
• Communications you send us (emails, chat messages, support tickets);
• Account credentials, billing details, and any other information you provide in the course of engaging us as a service supplier.

1.2 Information collected automatically when you use our website

• IP address and approximate location (city/region level);
• Device, browser, operating system;
• Pages viewed, time on page, referring website;
• Cookies and similar technologies (see clause 4 and our Cookie Policy).

1.3 Information from third parties

• Single sign-on providers if you authenticate via them;
• Calendar booking tools we integrate with;
• Payment processors regarding the status of transactions;
• Public business registries (e.g. NZBN, ASIC) where we verify counterparty details before contracting.

1.4 Customer Data processed in the course of providing our services

Where you engage us to build, deploy, or maintain a system that processes personal information of your end users (for example, your customers’ or members’ details), we act as your service provider in relation to that data. We process such data only as necessary to provide the service, in accordance with our contract with you, and consistent with this Privacy Policy.

2. Purposes of collection (IPP 1 / APP 3)

We collect personal information for the following lawful purposes connected with our business:

• Responding to enquiries and providing quotes;
• Delivering, maintaining, and supporting the services we have agreed to provide;
• Processing payments and managing the commercial relationship;
• Improving our website, services, and AI capabilities (using anonymised or aggregated data only — see clause 5);
• Sending service notices and, with your consent, occasional marketing;
• Complying with legal, tax, accounting, and audit obligations;
• Protecting our systems and users from fraud and abuse.

We do not collect personal information that is not necessary for these purposes.

3. How we use and disclose personal information

3.1 Use (IPP 10 / APP 6)

We use personal information only for the purposes set out in clause 2 or for closely related purposes that you would reasonably expect.

3.2 We do NOT sell personal information.

3.3 Disclosure (IPP 11 / APP 6)

We disclose personal information only to:

• Our service providers acting on our behalf, including cloud hosting, email delivery, payment processing, customer relationship and analytics tools, and AI infrastructure providers — each bound by confidentiality and privacy obligations;
• Our professional advisors (lawyers, accountants, auditors) under professional confidentiality obligations;
• Authorities where required by law or court order;
• A successor in the event of a merger, acquisition, or sale of all or substantially all of our business, with notice to affected individuals.

4. Cookies and similar technologies

We use a small number of cookies to operate this website, understand traffic patterns, and provide third-party features such as scheduling tools and embedded media. Full detail is in our Cookie Policy. You can disable non-essential cookies through your browser settings; doing so may limit certain features.

5. Artificial intelligence and your data

5.1 We do not train AI models on your data

We do not use Customer Data, prompts, inputs, or outputs that you submit to our AI-powered services to train, fine-tune, or improve any artificial intelligence model. Where we use third-party large language model (LLM) APIs to deliver our services, we configure those APIs with the “no-training” or equivalent opt-out flag where the provider offers it, and we monitor provider terms of service for changes that could affect this commitment.

5.2 What happens to your prompts and outputs

Inputs you provide to AI features (including text, files, and images) and outputs the AI generates are processed for the sole purpose of producing the requested response. They may be temporarily cached by us or by our third-party LLM providers in accordance with their standard terms, after which they are deleted on the timetable described in those terms or by us in accordance with clause 8 below.

5.3 Cross-border processing

Our AI infrastructure relies on cloud-based providers some of whom are located outside New Zealand and Australia. Where personal information forms part of an AI request, it may be processed in those overseas jurisdictions. We disclose personal information across borders only in compliance with IPP 12 of the New Zealand Privacy Act 2020 and APP 8 of the Australian Privacy Act 1988, including by requiring contractual safeguards substantially equivalent to the IPPs and APPs.

5.4 Limits of AI outputs

AI-generated outputs may be inaccurate, incomplete, or biased. You should review AI outputs before relying on them for any business, personal, legal, financial, or medical decision.

6. Storage and security (IPP 5 / APP 11)

We protect personal information with reasonable safeguards, including:

• Encryption in transit (TLS 1.2 or higher);
• Encryption at rest for sensitive data;
• Access controls and least-privilege principles;
• Regular security review and patching;
• Confidentiality obligations on our staff and contractors;
• Backups and disaster-recovery procedures.

No system is perfectly secure. We commit to reasonable precautions and prompt response if anything occurs.

7. Cross-border disclosure

We may disclose personal information to service providers located outside New Zealand and Australia, including in the United States, the European Union, Singapore, and other jurisdictions where our cloud and AI providers operate. When we do so, we satisfy IPP 12 (NZ) and APP 8.1 (AU) by either:

• (a) requiring the overseas recipient by contract to protect the personal information in a manner that provides comparable safeguards; or
• (b) relying on a jurisdiction prescribed as providing comparable safeguards by the relevant regulator.

A current list of overseas processing locations is available on request.

8. Retention (IPP 9 / APP 11.2)

We keep personal information only as long as necessary for the purposes for which it was collected, or as required by law:

• Active enquiry / customer records: for the life of the relationship plus a reasonable retention period for follow-up;
• Closed account or completed engagement records: deleted within 12 months of completion, except (a) records required for tax (retained 7 years under the Tax Administration Act 1994 in NZ; 5 years in AU), (b) records required for legal claims (until resolution), and (c) anonymised aggregate data;
• AI prompts and outputs: deleted in accordance with clause 5.2;
• Marketing preferences: until you withdraw consent.

9. Your rights

9.1 Access (IPP 6 / APP 12)

You have the right to request access to the personal information we hold about you. We will respond within 20 working days of receiving your request, subject to limited exceptions in the Privacy Act 2020 (NZ) or APPs (AU).

9.2 Correction (IPP 7 / APP 13)

If any personal information we hold about you is inaccurate, you can request correction.

9.3 Withdraw consent

Where we rely on your consent (e.g. marketing), you may withdraw consent at any time.

9.4 Complain

Contact us first using the details below. If you remain dissatisfied:

• For NZ matters: Office of the Privacy Commissioner — www.privacy.org.nz
• For AU matters: Office of the Australian Information Commissioner — www.oaic.gov.au

10. Privacy breach notification

If we experience a privacy breach that has caused or is reasonably likely to cause serious harm, we will notify the affected individuals and the relevant regulator (the Privacy Commissioner in NZ; the OAIC in AU) as soon as practicable, in accordance with Part 6 of the Privacy Act 2020 and Part IIIC of the Privacy Act 1988 (Cth).

11. Children

Our website and services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in a prominent notice on our website at least 14 days before they take effect. The “Last updated” date above reflects the most recent revision.

13. Contact us

NeuralNest Limited
1252b New North Road, Avondale, Auckland 1026, New Zealand

Privacy contact: max@neuralnest.info
General contact: max@neuralnest.info
Phone: +64 22 651 1037