Privacy Policy

Information We Collect

KauriGuard Align collects information necessary to provide our AI-powered compliance and cyber resilience services. This includes personal information you provide directly, technical data from your systems, and usage analytics from our platform interactions.

We collect contact details, organizational information, system configurations, security incident data, and compliance documentation as required for our services. All data collection is conducted with appropriate security measures and in accordance with applicable privacy laws.

How We Use Your Information

Your information enables us to deliver personalized compliance mapping, risk assessment, and remediation planning services. We use AI algorithms to analyze your data against regulatory frameworks including ISO 27001, NIST CSF, PCI DSS, and the New Zealand Privacy Act.

We also use your information to improve our platform capabilities, provide customer support, send service-related communications, and ensure the security and integrity of our systems.

Data Processing and AI Analytics

Our platform employs advanced artificial intelligence to process your compliance data, system configurations, and security incidents. This processing occurs within secure, encrypted environments with strict access controls and audit trails.

AI-generated insights and recommendations are tagged as NFA (Not Financial Advice) and are designed to support your risk management decisions without replacing professional legal or compliance expertise.

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information with trusted service providers who assist in delivering our services, subject to strict confidentiality agreements and data protection requirements.

We may disclose information when required by law, to protect our rights, or in connection with business transfers, always ensuring appropriate safeguards are in place.

Data Security and Protection

We implement comprehensive security measures including encryption, access controls, regular security assessments, and incident response procedures. Our platform integrates with SIEM systems and maintains detailed audit logs for all data access and processing activities.

We employ industry-standard security practices and regularly update our security protocols to address emerging threats and maintain the confidentiality, integrity, and availability of your data.

International Data Transfers

As a New Zealand-based company, we primarily process data within New Zealand and Australia. When international transfers are necessary for service delivery, we ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions.

We maintain transparency about data locations and provide notifications when processing locations change, ensuring compliance with applicable cross-border data transfer requirements.

Data Retention and Deletion

We retain your information only as long as necessary to provide services, comply with legal obligations, and maintain business records. Retention periods vary based on data type, regulatory requirements, and business needs.

Upon service termination or at your request, we securely delete or anonymize your data according to established procedures, while preserving information required for legal compliance or legitimate business purposes.

Your Privacy Rights

You have the right to access, correct, update, or delete your personal information. You may also request data portability, object to certain processing activities, or withdraw consent where applicable.

To exercise these rights, contact our privacy team at privacy@kauriguard.com. We will respond to your requests within the timeframes required by applicable privacy laws.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance platform functionality, analyze usage patterns, and improve user experience. Our cookie policy provides detailed information about the types of cookies we use and your choices regarding them.

You can manage cookie preferences through your browser settings or our cookie management tools, though some functionality may be limited if you disable certain cookies.

Third-Party Integrations

Our platform integrates with various third-party systems including SIEM tools, cloud platforms, and ticketing systems. These integrations are governed by separate privacy policies and terms of service from the respective providers.

We carefully evaluate third-party partners and require appropriate data protection measures, but we recommend reviewing their privacy practices independently.

Children's Privacy

Our services are designed for business and organizational use and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we become aware that we have collected information from a child, we will take steps to delete such information promptly and restrict future access to our services.

Privacy by Design

We incorporate privacy considerations into our platform development and business processes from the outset. This includes data minimization, purpose limitation, and implementing appropriate technical and organizational measures.

Our privacy-by-design approach ensures that privacy protection is built into our systems and processes, not added as an afterthought.

Incident Response and Breach Notification

We maintain comprehensive incident response procedures to address potential data breaches or security incidents. In the event of a breach that poses risks to your privacy, we will notify you and relevant authorities as required by law.

Our incident response includes containment, investigation, remediation, and communication procedures designed to minimize impact and prevent recurrence.

Compliance and Regulatory Alignment

Our privacy practices align with applicable laws including the New Zealand Privacy Act, Australian Privacy Principles, GDPR where applicable, and sector-specific regulations relevant to our clients.

We regularly review and update our privacy practices to maintain compliance with evolving regulatory requirements and industry best practices.

Updates to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices, services, or applicable laws. We will notify you of material changes through our platform, email, or other appropriate means.

Continued use of our services after policy updates constitutes acceptance of the revised terms. We encourage you to review this policy regularly to stay informed about our privacy practices.

Contact Information

For privacy-related questions, concerns, or requests, please contact our privacy team:

Email: privacy@kauriguard.com
Phone: +64 27 394 0628
Address: 23 Becroft Drive, Forrest Hill, Auckland 0620, New Zealand

We are committed to addressing your privacy concerns promptly and transparently.