Legal

Privacy Policy

Last updated: 20 May 2026

TheWayUp ("we", "us", "our") is a sole-trader web design business based in Auckland, New Zealand. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you visit thewayup.net or engage us for services. It is written to comply with the New Zealand Privacy Act 2020.

In short: we only collect the information you actively give us (through our enquiry form or by emailing us), we only use it to respond to your enquiry and provide our services, and we never sell it to anyone.

1. Who we are

TheWayUp is operated by Harry Brookes, based in Auckland, New Zealand. You can reach us at hello@thewayup.net or 021 028 74145.

2. What information we collect

We collect the following categories of personal information:

Information you give us directly

Your name and business name
Your email address and phone number
Details about your business, services, and website requirements (provided in the enquiry form's notes field)
Files you upload (such as logos or brand assets)
Scheduling preferences when booking a strategy call

Information collected automatically

Your IP address and approximate location (from your IP)
Browser type, device type, and operating system
Pages you visit and the time you spend on them
How you arrived at our site (referrer URL)
Cloudflare Turnstile spam-protection data (used to verify you are a human visitor — Cloudflare does not share the underlying signals with us)

3. Why we collect it

We collect and use your information only for the following purposes:

To respond to your enquiry and provide a tailored quote or demo
To deliver web design, hosting, and ongoing support services to clients
To send you transactional emails (enquiry confirmations, booking confirmations, service updates)
To protect our forms from spam and abuse
To keep records as required by NZ tax and business law

We do not use your information for marketing to unrelated third parties, and we do not sell your data.

4. Who we share it with

We use the following third-party service providers to operate our website and deliver our services. These providers process your information on our behalf under their own privacy policies:

Supabase — database and file storage. Your enquiry data and any uploaded files are stored in Supabase's infrastructure. Supabase Privacy Policy
Resend — sending transactional emails (enquiry confirmations, notifications). Resend Privacy Policy
Netlify — website hosting. Server logs may briefly contain your IP address. Netlify Privacy Policy
Cloudflare — DNS, email routing, and spam protection (Turnstile). Cloudflare Privacy Policy
Google — Google Fonts (loaded on our site) and Google Business Profile (for our public listing). Google Privacy Policy

We will only share your personal information beyond these providers if we are legally required to do so (for example, in response to a lawful request from a New Zealand regulator).

5. International transfers

Some of our service providers above are based outside New Zealand, including in the United States and the European Union. This means your personal information may be stored or processed overseas. We choose providers that are widely used by NZ businesses and that maintain industry-standard security practices, but you should be aware that overseas data-protection laws may differ from those in New Zealand.

6. How long we keep your information

Enquiry submissions — kept for as long as you remain a potential or active client, then for up to 7 years after our last contact (in line with NZ business record-keeping requirements)
Uploaded files (logos, brand assets) — kept for the duration of any engagement and deleted on request
Email correspondence — kept indefinitely unless you ask us to delete it
Server logs — kept by our hosting providers for short periods (usually 30 days or less)

7. Cookies and tracking

Our website uses a small number of essential cookies and similar technologies, primarily:

Cloudflare Turnstile — sets cookies to identify human visitors and protect our forms from automated abuse
Supabase auth — used only when our team logs into the admin dashboard; not set for ordinary visitors

We do not currently use Google Analytics, Facebook Pixel, or any third-party advertising trackers. If we add analytics in the future, we will update this policy and (where required) ask for your consent before tracking.

8. Your rights under the NZ Privacy Act

Under the Privacy Act 2020 you have the right to:

Access the personal information we hold about you
Correct any information that is wrong or out of date
Request deletion of your information (subject to any legal record-keeping obligations we have)
Complain to us or to the Office of the Privacy Commissioner if you believe we have mishandled your information

To exercise any of these rights, email hello@thewayup.net with the subject line "Privacy request". We will respond within 20 working days as required by the Act.

9. How we protect your information

We take reasonable security measures to protect your information, including:

HTTPS encryption across the entire website
Row-level security policies on our Supabase database
Limiting administrative access to authorised people only
Two-factor authentication on all admin accounts
Regular review of third-party providers' security practices

No system is perfectly secure, but we take our obligations seriously and will notify affected individuals and the Office of the Privacy Commissioner promptly if a notifiable breach occurs.

10. Children's privacy

Our services are intended for businesses and their owners. We do not knowingly collect information from anyone under the age of 16. If you believe a child has submitted information to us, please email us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. We will not make changes that materially reduce your rights without first making reasonable efforts to notify affected individuals.

12. Contact us

If you have any questions about this Privacy Policy, want to exercise a right under the Privacy Act, or wish to make a complaint:

Email: hello@thewayup.net
Phone: 021 028 74145
Post: TheWayUp, Auckland, New Zealand

If you are unhappy with our response, you can also contact the Office of the Privacy Commissioner (privacy.org.nz).