Privacy Policy

1. Who We Are & Data Controller Identity

SafeStack Ltd ("we", "us", or "our") is the data controller responsible for processing your personal data in connection with the services available at safestacks.org (the "Service").

Registered address:
12 Madden Street, Wynyard Quarter, Auckland 1010, New Zealand

For privacy inquiries:
Email: [email protected]
Postal: Privacy Team, SafeStack Ltd, 12 Madden Street, Wynyard Quarter, Auckland 1010, NZ

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through:

• Our website at safestacks.org and any subdomains;
• Our platform, training modules, and related services;
• Communications between you and us (email, chat, support tickets);
• Marketing activities including newsletters and event registrations.

It does not apply to third-party websites linked from our Service. We encourage you to review those parties' privacy policies independently.

3. Personal Data We Collect

3.1 Data You Provide Directly

Category	Examples	When Collected
Identity data	First name, last name, username	Account registration, contact forms
Contact data	Email address, company name	Registration, contact forms, waitlist
Account credentials	Username, hashed password	Account creation and login
Financial data	Payment card type, last four digits, billing address	Subscription (processed by payment provider — we do not store full card numbers)
Communications data	Support emails, chat logs	Customer support interactions
Marketing preferences	Opt-in/opt-out status	Email sign-up, account settings

3.2 Data Collected Automatically

Category	Examples	Source
Technical data	IP address, browser type, OS, device type	Server logs, analytics tools
Usage data	Pages visited, features used, session duration	Analytics cookies and scripts
Location data	Country/city derived from IP address	Server logs
Cookie data	Cookie IDs, referral sources	Cookies — see our Cookie Policy

3.3 Special Category Data

We do not intentionally collect or process special categories of personal data such as health data, racial or ethnic origin, religious beliefs, sexual orientation, or biometric data. Please do not submit such data through our Service.

4. Legal Bases & Purposes for Processing

Under the NZ Privacy Act 2020 and Article 6 GDPR (for EEA individuals), we process personal data on the following bases:

• Contract performance: to provide the SafeStack platform, manage your account, and process subscriptions;
• Legitimate interests: to improve our services, prevent fraud, maintain security, and send service communications;
• Consent: to send marketing communications where required by law — you can withdraw consent at any time;
• Legal obligation: to comply with NZ law, tax obligations, and court orders.

5. How We Share Your Data

We do not sell your personal data. We may share data with:

• Service providers: hosting, payment processing, email delivery, analytics — under data processing agreements;
• Professional advisers: lawyers, auditors, insurers — under confidentiality obligations;
• Regulatory bodies: where required by NZ law or applicable overseas law;
• Business transfers: in connection with a merger, acquisition, or sale of assets — you will be notified.

6. International Data Transfers

SafeStack is a New Zealand company. If you are located in the EEA or UK, your data may be transferred to NZ (which has an EU adequacy decision) and to other countries where our service providers operate. Where transfers occur outside of adequacy-covered countries, we implement Standard Contractual Clauses or other appropriate safeguards.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes in this policy, or as required by NZ law. Account data is retained for the duration of your account plus 7 years for tax and legal purposes. You may request deletion earlier — see Section 9.

8. Security

SafeStack has implemented security measures designed to protect personal data against unauthorised access, disclosure, alteration, and destruction. These include encryption in transit (TLS), access controls, and regular security assessments. No system is perfectly secure; if you believe your data has been compromised, please contact us immediately at [email protected].

9. Your Rights

Under the NZ Privacy Act 2020 you have the right to access and correct your personal data. Under GDPR (for EEA individuals), you additionally have the right to:

To exercise any of these rights, contact us at [email protected]. We will respond within 20 working days (NZ Privacy Act) or one month (GDPR). If you are not satisfied with our response, you can contact the Office of the Privacy Commissioner (NZ) or your local data protection authority.

10. Cookies

We use cookies and similar tracking technologies. For full details, see our Cookie Policy. You can manage your cookie preferences via the banner that appears on your first visit, or by contacting us.

11. Children's Privacy

Our Service is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email (if you have an account) and by posting a prominent notice on our website. We encourage you to review this policy periodically.

13. Contact Us

For any privacy-related questions or requests:
SafeStack Ltd
12 Madden Street, Wynyard Quarter, Auckland 1010, New Zealand
Email: [email protected]