Privacy Policy

Tripwire Digital Ltd (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our services. We are a New Zealand-registered company and comply with the New Zealand Privacy Act 2020 and applicable international privacy regulations. By using our website or services, you consent to the practices described in this policy.

We may collect personal information that you voluntarily provide when you fill out contact forms, subscribe to communications, or engage our services. This includes your name, email address, phone number, company name, and any other details you choose to share. We also automatically collect certain technical data when you visit our website, including your IP address, browser type, operating system, referring URLs, pages visited, and the dates and times of your visits. This information is collected through cookies, server logs, and similar technologies.

We use the information we collect to deliver and improve our services, respond to your enquiries and requests, communicate with you about projects, updates, and relevant industry information, analyse website usage to improve user experience and site performance, and comply with legal obligations. We do not sell or rent your personal information to third parties.

Our website uses cookies and similar tracking technologies to enhance your browsing experience and gather analytical data. Cookies are small text files stored on your device that help us understand how you interact with our site. You can control cookie preferences through your browser settings. Disabling cookies may affect your experience on certain parts of our website. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted or expired).

We use third-party services to help us operate our website and deliver our services. These include Google Analytics for website traffic analysis, Google Ads for advertising measurement and remarketing, and other advertising and analytics partners. These services may collect information about your online activities across different websites. Each third-party service operates under its own privacy policy, and we encourage you to review their respective policies. We do not control how these third parties collect or use your data beyond what is necessary for our stated purposes.

When we provide consulting services, we may access, process, or store information belonging to our clients and their customers. This may include business data, account credentials, analytics data, advertising account information, and communications shared with us for the purpose of delivering our services.

The collection, use, and handling of client data during a consulting engagement is governed by the specific Consulting Services Agreement, Non-Disclosure Agreement, and Security and Governance schedule agreed between Tripwire Digital Ltd and each client. Those agreements, not this Privacy Policy, set out the obligations, restrictions, and safeguards for client engagement data.

This Privacy Policy applies to information collected through our website and direct communications with us. It does not govern data processed as part of a consulting engagement, which is subject to the terms of the relevant client agreement.

If you are a client or prospective client with questions about how your data is handled during an engagement, please contact us directly.

In delivering our consulting services, we may use artificial intelligence tools, large language models, code assistants, and automation platforms to assist with tasks such as drafting, analysis, data processing, and workflow design.

We take reasonable steps to ensure that:

• client data shared with AI tools is limited to what is necessary for the specific engagement task;
• we do not send personally identifiable information belonging to our clients or their customers to external AI services unless expressly agreed with the client in writing;
• all AI-assisted outputs are reviewed by qualified professionals before delivery; and
• the specific tools used and their data handling practices are documented in the Security and Governance schedule of each client engagement.

The AI and third-party tools we use operate under their own privacy policies and terms of service. We select tools that meet reasonable security and privacy standards, but we do not control how these providers process data beyond the controls available to us as users of their services.

Upon completion or termination of a consulting engagement, we handle client data in accordance with the terms of the relevant Consulting Services Agreement. This typically includes:

• returning or providing access to all client-owned data and deliverables;
• deleting or destroying local copies of client data within a reasonable timeframe after the engagement ends;
• retaining only such records as are necessary for compliance, legal, or legitimate business purposes (such as evidencing the work performed, supporting warranty obligations, or meeting tax and regulatory requirements); and
• revoking access to client systems and rotating any shared credentials.

Specific data retention and offboarding obligations are documented in the Security and Governance schedule of each engagement.

For information about how we retain data collected through this website (such as contact form submissions and analytics data), please refer to the "How We Use Information" and "Cookies and Tracking" sections above.

Depending on your location, you may have certain rights regarding your personal information under laws such as the GDPR, CCPA, or the New Zealand Privacy Act 2020. These rights may include the right to access the personal information we hold about you, the right to request correction of inaccurate or incomplete data, the right to request deletion of your personal information, the right to restrict or object to certain processing activities, and the right to data portability. To exercise any of these rights, please contact us using the details provided below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

Our website and services are not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 13, we will take steps to delete that information as promptly as possible. If you believe a child has provided us with personal information, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the date at the top of this page. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: Tripwire Digital Ltd, New Zealand. You can reach us through the contact form on our website or by emailing us directly. We are committed to resolving any concerns you may have about our collection and use of your personal information.