Privacy policy

How we collect, use, and protect your information.

Last updated: January 2, 2026

Zettabyte is based in New Zealand and serves a global audience. This Privacy Policy explains how we collect, use, share, and protect personal information when you visit this website or subscribe to our newsletters. It is written to meet our obligations under New Zealand’s Privacy Act 2020 and to be compliant with GDPR where it applies.

Our privacy commitments

When we collect and use information about people, we aim to ensure that:

  1. You know what we collect, why we collect it, how we use it, and where it goes.
  2. Information flows securely from you to us, access is controlled within our organisation, and disclosures to third parties are carefully considered.

Controller

Zettabyte is the controller (and under GDPR, the data controller) of the personal information described in this policy.

Contact: privacy@zettabyte.co.nz

Personal data we collect

We practice data minimisation. Depending on how you use the website, we may collect:

  • Newsletter subscription data: your email address and the newsletter channel you select.
  • Email delivery metadata: technical event data associated with sending emails (for example delivery status, bounces, and suppression/unsubscribe status).
  • Technical and security data: IP address, request metadata, timestamps, and diagnostic logs to protect the website, prevent abuse, and maintain reliability.
  • Preference data: your theme preference (stored locally in your browser).

How we use your data (purposes and legal bases)

We process personal information in line with New Zealand’s Privacy Act 2020. Where GDPR/UK GDPR applies, we rely on the lawful bases set out below.

Purpose Data Legal basis (GDPR)
Send newsletters and manage subscriptions (including double opt‑in confirmation) Email address, channel, delivery metadata Consent (Art. 6(1)(a)); you can withdraw at any time
Operate, secure, and protect the website and services Technical and security data Legitimate interests (Art. 6(1)(f)) in maintaining security and availability
Provide website functionality and user preferences Theme preference Legitimate interests (Art. 6(1)(f)) / necessary for service operation
Respond to privacy requests and enforce legal rights Contact details and request context Legal obligation (Art. 6(1)(c)) and/or legitimate interests (Art. 6(1)(f))

What we don’t do

  • We do not sell your personal data.
  • We do not rent your email address.
  • We do not use your newsletter subscription data for third‑party advertising.

New Zealand (Privacy Act 2020)

New Zealand’s Privacy Act 2020 applies to how organisations handle personal information (information about an identifiable individual). It includes Information Privacy Principles and rights to request access to, and correction of, personal information. It also includes obligations relating to notifiable privacy breaches.

If you are in New Zealand and have a concern, you can contact us first. You may also complain to the New Zealand Office of the Privacy Commissioner.

Cookies and local storage

We store a theme preference in your browser (via local storage) so the site can remember your selected theme. We do not use advertising cookies on this site.

Processors and sharing

We share personal data only as needed to operate the website and deliver the services you request. We use trusted service providers (processors) under contract with confidentiality and security obligations, such as:

  • Website hosting/CDN: to serve the website globally and protect it from abuse.
  • Email delivery provider: to send subscription confirmation and newsletter emails.

We may also disclose information if required by law or to protect rights, safety, and security.

International transfers

We may process and store data in New Zealand and other countries where we or our service providers operate. Where GDPR/UK GDPR applies and data is transferred outside the EEA/UK, we use appropriate safeguards (such as Standard Contractual Clauses) as required.

Retention

  • Newsletter data: retained until you unsubscribe or request deletion, subject to legal and operational requirements (for example suppression lists to prevent re‑sending after unsubscribe).
  • Security logs: retained for a limited period and rotated.

Security

We use technical and organisational measures designed to protect personal data, including access controls, least‑privilege principles, and monitoring. No method of transmission or storage is 100% secure, but we work to maintain strong safeguards.

Your GDPR rights

If GDPR applies to you, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”), subject to exceptions
  • Restrict or object to certain processing
  • Data portability (where applicable)
  • Withdraw consent at any time (this does not affect processing before withdrawal)
  • Lodge a complaint with your local supervisory authority

Other privacy laws (international users)

Privacy laws vary by country and (in some places) by state or province. Depending on where you live, you may have additional rights under laws such as:

  • Australia: Privacy Act 1988
  • Canada: PIPEDA and provincial privacy laws
  • United States: state privacy laws (for example California’s CPRA/CCPA)
  • Brazil: LGPD
  • South Africa: POPIA
  • Singapore: PDPA
  • Japan: APPI

We aim to honour privacy rights requests regardless of location where feasible. If you have a request or a question about your rights, contact us at privacy@zettabyte.co.nz.

How to exercise your rights

Email privacy@zettabyte.co.nz with your request. We may need to verify your identity to protect your information. We aim to respond within the timeframes required by applicable law.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the “Last updated” date above.