Privacy Policy

This Privacy Policy explains how Kapsule Group Limited ("Kapsule Cloud", "we", "us", "our") collects, uses, holds, stores, discloses, and protects personal information when you use our cloud hosting, domain registration, email hosting, and related products and services (together, the "Services"). It is written to comply with the New Zealand Privacy Act 2020 and the twelve Information Privacy Principles ("IPPs") set out in that Act.

This Privacy Policy applies to our customers, our customers' personnel, visitors to kapsulecloud.com and kpanel.kapsulecloud.com, applicants, and any other individual whose personal information we hold. It does not apply to information you choose to store on the Services about other people; that processing is governed by the Data Processing Agreement ("DPA").

We are committed to handling your personal information openly and lawfully. If you have a concern, please contact us first at [email protected]. We will work with you to resolve it. You can also complain to the Office of the Privacy Commissioner (details in clause 12).

Kapsule Group Limited (NZBN 9429050450015) is a company incorporated in New Zealand with its registered office in Christchurch. We are the agency for the purposes of the Privacy Act 2020 in respect of personal information we hold about you.

Contact for privacy matters: [email protected] | Privacy Officer, Kapsule Group Limited, Christchurch, New Zealand.

We only collect personal information that we need for one or more of the purposes set out in clause 3.

Account information: name, business name, email address, phone number, billing address, country, and the username and hashed password you set.

Verification information: where required to prevent fraud or comply with law, government identification, proof of address, or other identity documents.

Payment information: payment method, billing history, transaction identifiers, and partial card details (last four digits and card type). Full card numbers are tokenised by Stripe and are not stored on our systems.

Authentication information: hashed passwords, two-factor authentication secrets and recovery codes, session tokens, authentication logs, and password-reset audit trails.

Customer Content metadata: filenames, sizes, content types, dates of upload, access logs, and other metadata about content you store on the Services. We do not routinely inspect the substance of Customer Content.

Usage data: server resource usage (CPU, memory, storage, bandwidth, requests, queries, mail volumes), feature usage in KPanel, API call records, error logs, and aggregated metrics used for capacity planning, abuse prevention, and product improvement.

Device and connection information: IP address, browser type and version, operating system, device type, screen resolution, language, time zone, approximate geographic location derived from IP, referrer URLs, and unique device identifiers.

Communications: records of your communications with us, including support tickets, KPanel messages, conversations with Kora (our AI customer support assistant), emails, phone or video call recordings (where you consent), survey responses, and feedback.

Domain registrant information: where you register a domain through us, the registrant, administrative, technical, and billing contact information required by the relevant Registry, including name, organisation, address, email, and phone. Where you enable WHOIS privacy, public WHOIS displays a privacy proxy contact instead of your personal contact information, but we still hold the underlying information.

Mail metadata: for email Services, message headers (including sender, recipient, subject, message ID, timestamps), routing data, and reputation indicators. We do not routinely read the content of your messages, except where strictly necessary for security, abuse-prevention, or to comply with law.

Cookies and similar technologies: see our Cookie Policy at kapsulecloud.com/legal/cookies.

Job applicant information: where you apply for a role with us, your CV, cover letter, references, and the information you provide during the recruitment process.

Other information: any other personal information you choose to provide to us.

We collect, use, and disclose personal information for the following purposes:

To provide the Services: including creating, operating, supporting, and maintaining your Account, provisioning resources, delivering content, hosting websites, sending and receiving email on your behalf, and registering domain names.

To bill and collect payment: including processing transactions, issuing invoices, calculating taxes, retrying failed payments, processing refunds, and managing disputes and chargebacks.

To authenticate and secure the Services: including verifying your identity, enforcing two-factor authentication, detecting and preventing fraud, abuse, and unauthorised access, and protecting the integrity of the platform.

To communicate with you: including responding to support enquiries, providing service-related notices (billing, security, outages, policy changes), and (where you opt in) sending marketing communications.

To improve our Services: including analysing aggregated and de-identified usage data, conducting research, developing new features, and benchmarking performance.

To comply with law: including responding to lawful requests from regulators, law enforcement, or courts; meeting tax and corporate record-keeping obligations; and complying with the Privacy Act 2020, Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (to the extent applicable), and other applicable laws.

To enforce our agreements: including investigating breaches of our Terms of Service or Acceptable Use Policy, exercising our rights under those agreements, and defending legal claims.

To operate automated abuse detection: we operate automated systems that analyse patterns in account activity, traffic, payments, and content to identify potential abuse or breach of our policies. Where the system flags activity as likely abusive, proportionate automated measures may be applied (such as challenge tests, rate limiting, account holds, or service suspension), subject to human review on request.

For recruitment purposes: where you apply for a role with us, to assess your suitability and to communicate with you about the application.

We do not use your personal information for any purpose other than those listed in this clause or for purposes you authorise.

Lawful basis under the EU GDPR (for EU/EEA residents). Where the EU General Data Protection Regulation applies to our processing of your personal information, we rely on the following lawful bases: (a) Contract (Article 6(1)(b)): providing the Services, billing, and Account management; (b) Legitimate interests (Article 6(1)(f)): security, fraud prevention, abuse detection, enforcing our agreements, and improving our Services - these interests do not override your rights given the technical and organisational safeguards we maintain; (c) Consent (Article 6(1)(a)): marketing communications - you may withdraw consent at any time; (d) Legal obligation (Article 6(1)(c)): tax, accounting, and regulatory requirements.

Most personal information we hold about you is collected directly from you when you sign up, log in, contact support, or use the Services.

We also collect personal information from our Sub-processors and other service providers (for example, Stripe provides payment status; Cloudflare provides security and traffic telemetry); fraud prevention databases and third-party verification services; public sources (including WHOIS records and government registers); referrals (for example, where another customer refers you and you accept the referral); and your interactions with our website (including via cookies; see Cookie Policy).

#5.1 Kora. Kora is our AI customer-support assistant, built on Anthropic Claude. Kora may read your support messages, recent ticket history, basic Account context, and any information you specifically include in a support chat (for example, log excerpts) in order to respond to your enquiries.

#5.2 Memory and observability. We use Mem0 to maintain short-term conversation memory for Kora so that it can answer follow-up questions in context, and Langfuse to monitor AI quality, accuracy, and safety.

#5.3 Limitations on AI processing. We do not authorise our AI sub-processors to use Customer Content or your support communications to train their general models. AI processing is for the purpose of providing the Services only.

#5.4 No automated decision-making with legal effect. Kora does not make decisions with legal or similarly significant effects on you. Decisions about suspension, termination, refunds, or account changes are made by humans, or by automated systems that are reviewed by humans on request.

#5.5 Human review. You may request that your support interaction be handled by a human at any time by emailing [email protected] or [email protected].

#6.1 We disclose personal information only: (a) to our Sub-processors (clause 7), who are bound by contractual confidentiality and security obligations and permitted to use the information only to provide services to us; (b) to integration partners and other third parties where you have directed or authorised us to do so; (c) to professional advisers (lawyers, accountants, auditors, insurers) under duties of confidentiality; (d) to law enforcement, regulators, courts, registries, or other authorities where required by New Zealand law or by foreign law applicable to a Sub-processor; (e) to acquirers in connection with a merger, acquisition, or sale of all or substantially all of our assets (we will notify you of any such change); (f) where reasonably necessary to enforce our agreements, protect our rights or those of others, or prevent harm; and (g) with your express consent.

#6.2 We do not sell, rent, or trade personal information.

We rely on the following Sub-processors to provide the Services. Each is subject to a written contract and to security and confidentiality obligations no less protective than those in this Privacy Policy.

Hetzner Online GmbH: Cloud servers and infrastructure (Germany/Finland/Singapore).

Cloudflare, Inc.: CDN, DNS, R2 object storage (off-site backups), security (Global; R2 Oceania for backups).

Stripe, Inc.: Payment processing (United States, Ireland).

Openprovider B.V.: Domain registration: registrar (Netherlands).

Stalwart Mail Server (self-hosted): Customer mailbox hosting - IMAP, SMTP, and webmail (operated by us on Hetzner infrastructure).

Resend, Inc.: Transactional outbound email - account notices, billing emails, password resets (United States).

Anthropic, PBC: AI processing: Kora and platform AI features (United States).

Mem0: AI conversation memory (United States).

Langfuse GmbH: AI observability (European Union).

Sentry (Functional Software, Inc): Error tracking (United States and European Union).

GitHub, Inc: Internal source-code hosting and GitHub Sign In authentication (United States).

Apple, Inc.: Apple Sign In authentication, Apple receives your Apple ID and email when you use Sign in with Apple. Private relay addresses (ending in @privaterelay.apple.com) may be issued in place of your real email (United States).

A current and dated list is maintained at kapsulecloud.com/legal/sub-processors. We will notify you of any new Sub-processor that will process personal information at least thirty days before that Sub-processor begins processing, so you can object on reasonable grounds. If you object and we cannot resolve your concern, you may terminate the affected Service and receive a pro rata refund of any prepaid Fees.

#8.1 Some Sub-processors are located outside New Zealand. Where personal information is transferred overseas, we ensure that the recipient is required (by contract or operation of law) to apply protections comparable to those in the Privacy Act 2020. This includes ensuring that the recipient is bound by privacy laws that, in our view, provide comparable safeguards (for example, the EU General Data Protection Regulation), or by contractual safeguards we put in place.

#8.2 By using the Services, you authorise the transfer of your personal information to the jurisdictions in which our Sub-processors operate, as listed in clause 7 and at kapsulecloud.com/legal/sub-processors.

#8.3 You may withdraw this authorisation by terminating the Services. Withdrawal of authorisation may make it impossible for us to continue to provide the Services.

We retain personal information only for as long as we need it for the purposes set out in clause 3, or as required by law.

Account information: retained for the life of the Account plus 12 months after closure.

Billing and tax records: 7 years from the date of the transaction (Tax Administration Act 1994).

Customer Content: retained for the duration of the subscription plus a 30-day Grace Period after termination.

Off-site backups (Customer Content): 30-day rolling retention minimum (longer for higher Plans), purged on next rotation after deletion.

Support communications: 3 years after the ticket is closed.

Kora chat logs: 12 months from the date of the conversation, then aggregated and de-identified.

Authentication and security logs: 12 months (longer where needed for an active investigation).

Marketing consent records: life of the consent plus 7 years after withdrawal (to evidence the consent).

Recruitment information: 12 months after the recruitment decision (unless you ask us to retain it longer for future opportunities).

WHOIS Data: for the duration of the domain registration plus any period required by ICANN or the relevant Registry.

We may extend retention where required to comply with law, to defend a legal claim, or to investigate or remedy a security incident.

#10.1 We protect personal information using a layered approach, including: TLS encryption for all data in transit; encryption at rest for backups and sensitive databases; restic-encrypted off-site backups in Cloudflare R2 (Oceania region); strict role-based access controls and least-privilege principles; mandatory two-factor authentication for all personnel with access to production systems; regular security patching, vulnerability scanning, and periodic penetration testing; segregation of customer data; logging and monitoring of access and changes; documented incident response and breach notification procedures; and personnel confidentiality undertakings and ongoing privacy and security training.

#10.2 A more detailed description of our technical and organisational measures is available at kapsulecloud.com/legal/security.

#10.3 No system is perfectly secure. If a notifiable privacy breach occurs, we will notify the Office of the Privacy Commissioner and affected individuals as soon as practicable, and in any event within seventy-two hours of becoming aware of the breach, as required by sections 112 and 114 of the Privacy Act 2020.

Under the Privacy Act 2020 you have the following rights in relation to personal information we hold about you.

Right of access (IPP 6): you may request a copy of the personal information we hold about you. We will respond within twenty working days of receiving your request.

Right to correct (IPP 7): you may request that we correct personal information that is inaccurate, incomplete, out of date, irrelevant, or misleading. Where we do not agree to make a correction, we will attach a statement of the correction sought, if you request.

Right to request deletion: we will delete personal information where we no longer need it, subject to retention required by law (see clause 9).

Right to receive a portable copy: where reasonably practicable, we will provide your data in a structured, commonly used, machine-readable format (such as CSV or JSON).

Right to withdraw consent: where we rely on your consent (for example, for marketing communications), you may withdraw consent at any time without affecting the lawfulness of earlier processing.

Right to complain: you may complain to us at [email protected]. If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner (see clause 12).

Additional rights under the EU GDPR (for EU/EEA residents). If the EU GDPR applies to our processing of your personal information, you also have: (a) Right to restriction of processing (Article 18): request that we pause processing of your information while a dispute is resolved; (b) Right to object (Article 21): object to processing based on legitimate interests or for direct marketing (we will stop unless we have compelling legitimate grounds); (c) Right to lodge a complaint with a supervisory authority: in addition to the Office of the Privacy Commissioner, you may complain to the EU data protection supervisory authority in your country of residence or in the EU member state where the alleged breach occurred. A list of EU supervisory authorities is available at edpb.europa.eu.

To exercise any of these rights, contact [email protected]. We may need to verify your identity before responding. We will respond within thirty calendar days. We do not charge for these requests, except where a request is manifestly unfounded, excessive, or repetitive.

If you are not satisfied with our response to a privacy concern, you may contact: Office of the Privacy Commissioner, PO Box 10094, Wellington 6143, New Zealand. Phone: 0800 803 909. Website: privacy.org.nz.

We do not specifically target the Services to residents of any particular jurisdiction outside New Zealand.

We endeavour to respect rights granted to you under your local law (including, where applicable, the EU General Data Protection Regulation, UK General Data Protection Regulation, and Australian Privacy Act 1988).

Where you believe a specific local right applies to you and is not addressed by this Privacy Policy, please contact [email protected]. We will respond to your specific request to the extent it is applicable to our processing.

The Services are not directed at children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe we have collected personal information from a person under 18, contact [email protected] so we can promptly delete it.

Our use of cookies, pixels, local storage, and similar technologies is described in our Cookie Policy at kapsulecloud.com/legal/cookies.

#16.1 We may send you service-related communications (for example, billing notices, security alerts, outage notifications, policy updates). These are not marketing communications and you cannot opt out of them while you have an active Account.

#16.2 Where you have opted in, we may send you marketing communications (such as product updates, offers, and event invitations). You may opt out at any time by clicking the unsubscribe link in any marketing email, by updating your preferences in KPanel, or by emailing [email protected].

#16.3 Our marketing complies with the Unsolicited Electronic Messages Act 2007. We will identify ourselves clearly, include a functional unsubscribe mechanism, and only send marketing where we have your express, inferred, or deemed consent under that Act.

The Services may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties. You should review their privacy policies before providing personal information to them.

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. Material changes will be notified by email or KPanel notice at least thirty days before they take effect. Non-material changes (such as typographical corrections or contact updates) take effect on posting. The "Last updated" date at the top of this Policy indicates the most recent change.

Privacy Officer, Kapsule Group Limited, Christchurch, New Zealand.

Email: [email protected]