Privacy Policy

Last updated: March 17, 2026

Overview

CloudHerder.nz ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the New Zealand Privacy Act 2020 and the EU General Data Protection Regulation (GDPR) where applicable.

Information We Collect

Essential Data (Automatically Collected)

  • Session cookies — Required for login functionality and form submissions (CSRF protection)
  • Server logs — IP addresses, browser type, pages visited (retained for 30 days for security)
  • Contact form submissions — Name, email, message content (only when you submit)

Account Data (When You Register)

  • Name and email address
  • Encrypted password (we cannot read this)
  • Optional: Two-factor authentication settings

Newsletter Data

  • Email address (only with explicit opt-in)
  • Subscription preferences
  • Confirmation timestamps (double opt-in)

How We Use Your Information

  • To provide and maintain the website functionality
  • To respond to contact form submissions
  • To send newsletters (only to confirmed subscribers)
  • To detect and prevent security incidents
  • To comply with legal obligations

Cookies We Use

Cookie Name Purpose Duration Type
laravel_session Session management 2 hours Essential
XSRF-TOKEN Security (CSRF protection) 2 hours Essential
remember_web_* "Remember me" login 30 days (if selected) Functional
cookie_notice_acknowledged Privacy notice acknowledgment 1 year Essential

Third-Party Services

We do not use analytics, advertising, or tracking pixels. Your browsing activity on this site is not shared with third parties for marketing purposes.

Data Retention

  • Server logs: 30 days
  • Contact form submissions: 2 years (or until you request deletion)
  • Newsletter subscriptions: Until you unsubscribe
  • Account data: Until you delete your account

Your Rights (GDPR & NZ Privacy Act)

Under the New Zealand Privacy Act 2020 and GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Objection: Object to processing of your data
  • Portability: Request transfer of your data to another service

Data Security

We implement appropriate technical and organizational measures to protect your data:

  • HTTPS encryption for all data transmission
  • Password hashing using bcrypt
  • Database transactions for data integrity
  • Regular security audits
  • Rate limiting to prevent abuse

Data Breaches

In the unlikely event of a data breach, we will notify affected users and the Office of the Privacy Commissioner as required by the Privacy Act 2020.

Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

Contact Us

For privacy-related inquiries, data access requests, or to exercise your rights:

Regulatory Compliance

  • New Zealand: Privacy Act 2020
  • European Union: General Data Protection Regulation (GDPR)
  • Data Location: New Zealand-based servers

Privacy Notice

We use essential cookies for site functionality (session management, CSRF protection) and do not track you across the web. By using this site, you acknowledge our Privacy Policy and New Zealand Privacy Act 2020 compliance.

Learn More