Privacy Policy

Effective: 23 April 2026 · BuyLokal.kiwi is operated from Aotearoa New Zealand.

We take your privacy seriously. This policy explains what we collect, why, and what rights you have under the New Zealand Privacy Act 2020. If you have questions, email support@buylokal.kiwi.

1. Who we are

"BuyLokal.kiwi" (we / us / our) is a community commerce platform connecting New Zealand towns, retailers, artists, designers, councils and residents.

2. What we collect

  • Account data — name, email, home town, phone (optional), role (retailer / artist / designer / councillor / resident).
  • Business data — for retailers/artists/designers: store name, address, product catalogue, pricing.
  • Transaction data — orders, wholesale contracts, subscriptions, advertising bids. Card details are handled by Stripe — we never see or store them.
  • Usage data — pages visited, clicks, and diagnostic errors (via PostHog analytics).
  • Content you submit — community suggestions, votes, reviews, wishlist items, photos.

3. How we use it

  • Running your account and the services you've signed up for.
  • Processing payments, subscriptions, and ad-slot auctions via Stripe.
  • Sending transactional emails (verification codes, receipts, shipping updates) via Resend.
  • Sending community notices you've opted into (council broadcasts, wishlist offers, etc.).
  • Detecting fraud, abuse, and keeping the platform safe.
  • Improving the platform based on aggregated usage patterns.

4. Who we share it with

  • Stripe — payments (PCI-DSS compliant).
  • Resend — transactional email delivery.
  • PostHog — product analytics (anonymised by default).
  • MongoDB Atlas / Emergent — hosting the database and application.
  • Retailers, community groups, councils — only the information you explicitly share with them (e.g. a wishlist offer to a group owner).

We do not sell your personal data to anyone, ever.

5. Cookies & tracking

We use essential cookies to keep you logged in and a single PostHog analytics cookie to understand which features are working. No advertising trackers, no data brokers.

6. How long we keep it

Account data: while your account is active, plus up to 12 months after deletion to honour legal obligations (e.g. Inland Revenue record-keeping). Transaction records: 7 years as required by NZ tax law.

7. Your rights under the Privacy Act 2020

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct anything that's wrong.
  • Deletion — close your account and request removal of personal data.
  • Opt-out — unsubscribe from any non-transactional email at any time.
  • Complaints — escalate to the NZ Privacy Commissioner if unresolved.

To exercise any of these, email support@buylokal.kiwi.

8. Security

Passwords are hashed with bcrypt. Connections are HTTPS-only. Database access is restricted and monitored. We notify you promptly (within 72 hours) of any serious privacy breach affecting your data, as required by the Privacy Act.

9. Children

BuyLokal.kiwi is intended for users aged 16 and over. If you believe a child has registered, email us and we'll remove the account.

10. Changes to this policy

We'll post updates here and email registered users for material changes. Continuing to use the platform after a change means you accept the new policy.

Last updated: 23 April 2026.

Made with Emergent