SilverEarth CommerceSilverEarth Commerce
SilverEarth Commerce
Sign inGet Started →

Legal

Privacy Policy

Effective date: 8 June 2026

SilverEarth Commerce (“SilverEarth”, “we”, “us”, or “our”) operates the website at https://silverearth.co.nzand the SilverEarth Commerce platform (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it. By using the Service you agree to the practices described in this policy.

1. Who We Are

SilverEarth Commerce is a New Zealand company. We are the data controller for personal information collected through the Service. You can contact our privacy team at support@silverearth.co.nz.

2. Information We Collect

2.1 Information you provide directly

  • Account registration: name, email address, company name, department, phone number, and billing country when you sign up or complete onboarding.
  • Payment information: billing details are submitted directly to Stripe, Inc. We do not store card numbers on our servers. We receive and store a Stripe customer ID and subscription reference only.
  • Contact and support enquiries: any information you include when contacting us via the contact form or by email.
  • Profile information: updates you make to your account profile, including organisation name, contact details, and logo.

2.2 Information collected automatically

  • Session data: a single encrypted session cookie is set when you log in to authenticate your session. It contains no personally identifiable information and expires when you log out or after a period of inactivity. See Section 4 for full cookie details.
  • Server logs: our hosting provider (Vercel) automatically records standard server log data, including IP address, browser type, referring page, and request timestamps. These logs are used for security monitoring and operational purposes and are retained according to Vercel’s standard retention policy.
  • Geolocation (approximate): when you visit the marketing site, we may read the country-level geolocation header provided by Vercel’s CDN edge network to display region-appropriate content (e.g. localised retailer links). We do not store this data.

2.3 Information from third parties

  • Stripe: we receive payment status events, subscription state, and customer identifiers via Stripe webhooks.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and subscription;
  • Process payments and issue receipts and invoices;
  • Send transactional emails — account verification, password resets, subscription confirmations, and billing notifications. We do not send marketing emails without your explicit consent;
  • Provide customer support and respond to your enquiries;
  • Maintain the security and integrity of the Service;
  • Comply with our legal obligations under New Zealand law, including the Privacy Act 2020;
  • Improve the Service based on aggregate, anonymised usage patterns.

We do not sell, rent, or otherwise disclose your personal information to third parties for their own marketing purposes.

4. Cookies

We use a minimal set of cookies. We do not use advertising cookies, tracking pixels, or analytics cookies. We do not use third-party analytics services (such as Google Analytics).

CookiePurposeTypeExpiry
se_sessionEncrypted authentication session — keeps you logged in. Contains no personally identifiable information.Essential / First-partySession
__vercel_*Set by Vercel’s infrastructure for load balancing, bot protection, and edge-network routing. Not accessible to our application code.Essential / InfrastructureShort-lived / session

Because we only use strictly necessary cookies, we do not display a cookie consent banner. If you disable cookies in your browser you will not be able to log in to the Service.

5. Data Sharing and Disclosure

We share your information only in the following circumstances:

  • Stripe, Inc. — payment processing. Your payment card data is handled exclusively by Stripe under their Privacy Policy. Stripe is PCI DSS certified.
  • Vercel, Inc. — hosting and infrastructure. Vercel processes request data (including IP addresses) as our hosting provider. See Vercel’s Privacy Policy.
  • Legal requirements: we may disclose information where required by law, court order, or to protect the rights, property, or safety of SilverEarth, our customers, or others.
  • Business transfers: in the event of a merger, acquisition, or sale of all or part of our business, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

6. Data Retention

We retain your personal information for as long as your account is active and for a period thereafter as required to meet our legal obligations (including tax record-keeping obligations under the Tax Administration Act 1994 and the Goods and Services Tax Act 1985), to resolve disputes, and to enforce our agreements.

When you request deletion of your account, we will anonymise or delete your personal profile data within 30 days, subject to retention of transaction records we are legally required to keep.

7. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • All data in transit is encrypted using TLS 1.2 or higher;
  • Passwords are hashed using a strong adaptive hashing algorithm before storage;
  • Session cookies are encrypted using AES-256 via iron-session;
  • Access to production systems is limited to authorised personnel and protected by multi-factor authentication;
  • Stripe handles all payment card data — no card data ever touches our servers.

No method of transmission over the internet is 100% secure. In the event of a data breach that is likely to cause serious harm we will notify affected individuals and the New Zealand Privacy Commissioner as required by the Privacy Act 2020.

8. Your Rights

Under the New Zealand Privacy Act 2020, and where applicable the EU General Data Protection Regulation (GDPR), you have the right to:

  • Access — request a copy of the personal information we hold about you;
  • Correction — ask us to correct inaccurate or incomplete information;
  • Deletion — request erasure of your personal data, subject to our legal retention obligations;
  • Portability — receive your data in a structured, machine-readable format;
  • Objection / restriction — object to or request restriction of certain processing activities.

To exercise any of these rights, email support@silverearth.co.nz. We will respond within 20 working days as required by the Privacy Act 2020.

9. International Transfers

Our servers are located in the United States via Vercel and Australia or New Zealand via Microsoft Azure. Payment data is processed by Stripe, which operates globally. By using the Service you acknowledge that your information may be transferred to and processed in countries outside New Zealand. Where such transfers occur we ensure appropriate safeguards are in place consistent with the Privacy Act 2020.

10. Children

The Service is intended for use by businesses and individuals aged 18 or over. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will post the updated policy on this page with a revised effective date and, where appropriate, notify you by email. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

Questions or concerns about this policy or our privacy practices? Contact us:

If you are not satisfied with our response you have the right to make a complaint to the New Zealand Office of the Privacy Commissioner.