Legal

Privacy Policy

Last updated: 30 June 2026

WakaWeb Limited ("WakaWeb", "we", "us", or "our") is committed to handling personal information in a transparent, lawful, and secure way. This Privacy Policy explains what we collect, how we use it, who we share it with, how long we keep it, and the choices you have.

1. Scope of this Policy

This Privacy Policy applies to personal information we handle in connection with our website, our website design, branding, digital marketing, automation and related services, client onboarding, communications, billing and support, and our use of third-party platforms, tools, and service providers used to deliver our services.

We are based in New Zealand and aim to comply with the New Zealand Privacy Act 2020. Other privacy or data protection laws may apply depending on where you are located and how you use our services. This policy does not attempt to cover every law in every jurisdiction in full. If you are outside New Zealand and want to understand how local laws apply to you, please contact us.

By using our website, engaging our services, or otherwise interacting with us, you confirm that you have read and understood this Privacy Policy.

2. What this Policy Does Not Cover

This Privacy Policy does not govern:

  • Third-party websites, platforms, software, white-label systems, tools, or services that have their own independent privacy policies including those our services link to or integrate with.
  • How a client uses personal information outside our services or outside systems we manage or provide.
  • The privacy practices of third-party platforms such as social networks, advertising platforms, analytics tools, payment providers, hosting providers, white label providers, or AI providers except to the extent we describe our own relationship with them.

If you interact directly with a third party, that party's own privacy practices may also apply.

3. Our Role and Your Role

Depending on the context, WakaWeb may act in one or more different privacy roles.

3.1 When We Act for Our Own Purposes

We generally collect and use personal information for our own business purposes including managing client relationships, marketing our services, handling enquiries and support, processing billing and payments, operating and improving our website and systems, maintaining records, internal reporting, fraud prevention, security, and meeting our statutory legal obligations, and enforcing our terms.

3.2 When We Act on Behalf of a Client

Where a client provides personal information and asks us to handle it on their behalf in connection with web development, content creation, scheduling, automation, analytics, or related service delivery, we may act as a service provider. In those cases the client is generally responsible for determining the purposes for which that information is collected and used, and we handle that information in line with our obligations under applicable privacy laws.

3.3 Clients' Responsibilities

Clients are responsible for their own privacy practices and legal compliance where they control personal information relating to their leads, contacts, customers, audiences, or systems, including any collection, use, or disclosure of personal information outside our services or systems.

3.4 Operating Across Jurisdictions

We may support clients in different countries. While we take reasonable steps to comply with applicable privacy laws that apply to us, we do not assess whether every campaign, post, or use of personal information is lawful in every jurisdiction. Clients are responsible for ensuring their activities comply with the laws that apply to them.

4. Personal Information We Collect

We collect, receive, generate, or otherwise process the following categories of personal information, but only where it is reasonably necessary for the purposes set out in this policy.

4.1 Contact and Identity Information: Full name, display name, business name, email address, phone number, postal or physical address, job title or role, billing contact details, and account logins or identifiers.

4.2 Client and Service Information: Onboarding documentation, brand assets, service selections, campaign and content briefs, scheduling preferences, project communications, support history, approvals, instructions, feedback, and billing records.

4.3 Content and Creative Inputs: Text, images, video, logos, product information, business descriptions, captions, hashtags, and other materials you provide or that we generate or curate on your behalf for publication.

4.4 Marketing and Communications Data: Marketing preferences, engagement tracking with our emails, pages, and content, survey or form responses, support messages, and sales enquiry histories.

4.5 Technical and Usage Data: IP address, browser type and version, operating system, device identifiers, language settings, pages visited, referring URLs, session and diagnostics data, and cookie or similar tracking technology data.

4.6 Financial and Payment Information: Invoicing information, billing contact details, transaction records, and payment status. We do not store full card details ourselves; all payment processing is securely handled by third-party providers.

4.7 Information from Third Parties: We may receive personal information from advertising platforms, analytics providers, automation tools, AI platforms, referral sources, publicly available sources, and clients who provide data for service delivery.

5. How We Collect Personal Information

We collect personal information directly from you when you contact us, use our website, request a demo, or engage our services. We also collect information automatically through our website, platforms, analytics, cookies, and tracking technologies, and from clients, service providers, and integrated third-party platforms.

Where we collect personal information about you from someone other than you, we take reasonable steps to make sure you are aware of the matters required by the Privacy Act 2020, unless an exception applies.

6. How We Use Personal Information

We use personal information for the following purposes for which it was collected, unless an exception applies under the Privacy Act 2020.

6.1 Service Delivery: We may use personal information to provide digital marketing, website development, branding, automation, content creation, scheduling, analytics, and related services; onboard and manage client accounts; configure and operate service environments; and communicate about projects, deliverables, and support.

6.2 Sales and Marketing: To respond to enquiries, send updates and promotional communications where permitted by law (including the Unsolicited Electronic Messages Act 2007) for example, where consent has been obtained and an unsubscribe facility is provided), perform lead generation and audience analysis, personalise marketing communications, and improve our marketing strategy and communications.

6.3 Analytics and Service Improvement: To monitor website and campaign performance, improve user experience, refine internal tools and workflows, identify issues or inefficiencies, and evaluate operational performance.

6.4 Fraud Prevention, Security, and Integrity: To protect our website, systems, and services, detect unauthorised access or misuse, investigate suspicious activity, and maintain audit trails and security logs.

6.5 Legal and Compliance: To comply with legal, regulatory, tax, and accounting obligations, respond to legal requests, disputes, or complaints, enforce our terms and policies, and preserve evidence for claims, investigations, or disputes.

6.6 AI and Automation Operations: We may use reputable third-party AI and automation tools to help generate or improve content, copy, ideas, drafts, summaries, and creative assets, analyse performance, and improve internal efficiency. We do not intend to use AI for standalone automated decisions that produce legal or similarly significant effects on individuals.

6.7 Aggregated and De-identified Data: We may create, use, retain, and disclose aggregated, anonymised, or de-identified data for analytics, research, benchmarking, product development, marketing, or business intelligence, provided it does not identify an individual except as permitted by law.

7. Cookies, Tracking, and Advertising Technologies

We may use cookies, analytics tools, advertising pixels and tags, local storage, browser identifiers, session markers, and similar technologies to analyse traffic, improve performance and user experience, support attribution and conversion measurement, personalise content or marketing, conduct retargeting, and secure sessions.

Most browsers let you control cookies through their settings. Blocking certain cookies may affect functionality. Where required by law, we provide or honour appropriate consent or opt-out controls for non-essential technologies.

8. When We Share Personal Information

We may disclose personal information to service providers and contractors, advertising and analytics platforms, payment and payout providers, white-label and platform providers, for legal and regulatory reasons, in connection with business transfers, and in aggregated or de-identified form where it does not reasonably identify any individual.

  • Service Providers and Contractors: Trusted vendors used for cloud hosting, infrastructure, data analytics, AI processing endpoints, content tools, payment processing, customer support tools, communications, and security management.
  • Professional Advisers: Financial auditors, accountants, and legal counsel under appropriate confidentiality obligations.
  • Regulators and Law Enforcement: Where required by law, an active court order, or to protect our legal rights, systems safety, or the security of others.
  • Corporate Successors: In connection with a merger, acquisition, restructure, or sale of assets, subject to standard confidentiality protections.

We do not sell personal information in the ordinary sense of that term. In some jurisdictions, certain advertising disclosures may be treated as "sharing" for targeted advertising purposes under local law. Where applicable, you may exercise any available opt-out rights.

9. International Data Transfers

Your personal information may be stored, hosted, or processed in New Zealand or in any other country where we or our service providers operate. Where we disclose or transfer personal information outside New Zealand, we take reasonable steps to ensure the recipient is subject to comparable privacy safeguards in accordance with information privacy principle 12 of the Privacy Act 2020, including by contractual or other appropriate measures where required.

10. Data Security

We maintain reasonable, industry-standard administrative, physical, and electronic security frameworks to protect personal information against loss, misuse, unauthorised access, alteration, or disclosure. These measures include transit encryption, multi-factor authentication (MFA) protocols, secure data storage partitions, layered access controls, and staff confidentiality obligations.

No method of transmission or storage is completely secure. We cannot guarantee absolute security but work to reduce risk and respond appropriately to incidents.

11. Data Retention

We keep personal information only for as long as reasonably necessary for the purposes for which it was collected, including to provide services, manage client relationships, comply with legal obligations, maintain accounting and tax records, preserve evidence for disputes, maintain fraud prevention and security records, and support operational continuity.

Retention periods may vary depending on the type of data, legal requirements, and operational needs. When information is no longer required we will delete, anonymise, or de-identify it where reasonably practicable.

12. Children's Privacy

Our services are intended for businesses and are not directed to children. We do not knowingly collect personal information from children under the age thresholds that apply under relevant law. If you believe a child has provided personal information to us, please contact us so we can take appropriate action.

13. Your Rights and Choices

Depending on your location and the law that applies, you may have rights in relation to your personal information. Under the New Zealand Privacy Act 2020 these include rights to request access to your personal information, request correction, and complain to the Privacy Commissioner. You may also have rights to object to or restrict certain processing, to withdraw consent where processing is based on consent, and to opt out of marketing communications.

We may need to verify your identity before actioning a request. If your request relates to personal information controlled by one of our clients, we may direct you to that client or coordinate with them as appropriate.

14. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our services, operations, technology, legal obligations, or privacy practices. If we make material changes we may notify you by appropriate means, such as updating the "Last updated" date, posting an updated version on our website, or sending an email or in-platform notice where appropriate. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

15. Contact and Complaints

If you have questions, requests, or complaints about this Privacy Policy or our handling of personal information, please contact us first so we can resolve the issue.

WakaWeb Limited

Email: hello@wakaweb.co.nz

If your request relates to information processed on behalf of one of our clients, you may also need to contact that client directly.

If we are unable to resolve the issue, you can contact the New Zealand Office of the Privacy Commissioner. If you live outside New Zealand, you can also take the matter to the privacy regulator in your own country, such as the relevant authority in the EEA, UK, or United States.