Privacy Policy

1. What personal information we collect

In short: We collect what you type into the AI chat, your contact details, analytics, and project information.

We collect personal information that you provide and that is generated when you interact with us. This includes the following.

• AI discovery chat content: everything you type into our AI discovery chat, including any details you choose to share about yourself or your business.
• Contact and capture details: your name, email address and business name when you provide them.
• Analytics information: basic, privacy-friendly analytics about how the website is used, such as pages viewed and general device or browser information.
• Engagement information: information exchanged while we scope or deliver a project, which may include access to your systems (for example Xero, job-management tools and customer records) and information about your business.

2. How we collect it

In short: We collect information directly from you and automatically as you use the site.

We collect most personal information directly from you, when you use the AI discovery chat, submit your details, email us, or work with us on a project.

We also collect some information automatically through cookies and analytics when you use the website. See our Cookies Policy for more detail.

Where you give us access to your business systems during an engagement, we may collect information held in those systems as needed to deliver the agreed services.

3. Why we collect and use it

In short: We use your information to respond to enquiries, scope and deliver projects, and improve our service.

We collect and use personal information for the following purposes.

• To operate the AI discovery chat and generate general suggestions in response to what you share.
• To follow up on your enquiry; when you complete the discovery chat, a member of our team is notified so we can get in touch.
• To scope, propose, build, deliver and support software projects under a proposal or Statement of Work.
• To improve our website, our AI discovery experience and our services.
• To meet our legal obligations and to protect our legitimate business interests, such as security and record-keeping.

4. AI processing and consent to store chat transcripts

In short: Your chat is processed by an offshore AI provider; transcripts are stored only if you consent.

The AI discovery chat is processed server-side by a third-party AI provider (Anthropic), which processes the content of your conversation in order to generate responses. This processing occurs offshore, outside New Zealand.

We store chat transcripts only where you have given explicit consent. If you consent, we keep the transcript so we can follow up properly and improve the service. If you do not consent, we do not retain the full transcript for those purposes, although your capture details and the fact you made an enquiry may still be recorded.

Please do not enter sensitive personal or financial details into the chat. It is intended for a general discovery conversation, not for confidential information.

5. Disclosure, subprocessors and cross-border (offshore) disclosure

In short: We share information with trusted service providers, some offshore, and address IPP 12.

We do not sell your personal information. We disclose it only as needed to operate our website and deliver our services, including to the service providers below, and where required or permitted by law.

Some of these providers are located outside New Zealand, which means your personal information may be disclosed offshore. This is a cross-border disclosure under Information Privacy Principle 12 of the Privacy Act 2020. Before disclosing personal information overseas, we take reasonable steps to ensure it is protected by comparable safeguards, for example through the provider's contractual commitments and security practices, or we rely on a lawful exception such as your authorisation.

• Offshore AI providers (for example Anthropic) that process AI discovery chat content to generate responses.
• Infrastructure and hosting providers, some of which may store data offshore.
• Other tools used to run our business, such as analytics and, during engagements, integrations like Xero, messaging providers (for example Twilio or Modica) and banking services, as relevant to a project.

6. Storage, security and retention

In short: We use reasonable measures to protect your information and keep it only as long as needed.

We take reasonable, industry-standard steps to protect personal information from loss, misuse and unauthorised access, as described in our Data Security statement. No system can be completely secure, so we cannot guarantee absolute security.

We keep personal information only for as long as we need it for the purposes above or as required by law, and then take reasonable steps to delete or de-identify it. Stored chat transcripts are kept only where you have consented and for as long as relevant to follow-up and service improvement.

7. Your rights: access and correction

In short: You can ask to see and correct the personal information we hold about you.

Under the Privacy Act 2020 you have the right to ask for access to the personal information we hold about you, and to ask us to correct it if it is wrong.

To make a request, contact our privacy contact (see below). We may need to verify your identity, and there are limited situations where we may decline a request as allowed by law.

8. Personal information about your own customers

In short: When our software processes your customers' data, you control it and we act on your behalf.

Where the software we build for you processes personal information about your own customers or contacts, you are the agency that controls that information under the Privacy Act 2020, and Buildloop processes it on your behalf and on your instructions.

This means you are responsible for your own privacy compliance in respect of that information, including providing privacy notices to your customers and having a lawful basis for the processing.

9. Cookies and analytics

In short: We use privacy-friendly analytics; details are in our Cookies Policy.

We use a small number of cookies and privacy-friendly analytics to understand how the website is used and to keep it working. You can control analytics cookies as described in our Cookies Policy, which also explains the difference between essential and analytics cookies.

10. How to contact us or make a complaint

In short: Contact our privacy contact; you can also complain to the Privacy Commissioner.

If you have any questions, want to access or correct your information, or wish to make a privacy complaint, please contact us at info@buildloop.co.nz.

We are operated by BuildLoop NZ Limited. General enquiries: info@buildloop.co.nz.

If you are not satisfied with how we handle your complaint, you can contact the Office of the Privacy Commissioner (www.privacy.org.nz), which oversees the Privacy Act 2020.

11. Changes to this policy

In short: We may update this policy and will show the date it last changed.

We may update this Privacy Policy from time to time. The current version is the one published here, with the 'last updated' date shown above. We encourage you to review it periodically.