Skip to content

Privacy Policy

Last updated: March 2026

Who we are

Sterling AI Group Limited (Company Number 9415041) builds and maintains websites for restaurants and cafes in New Zealand. Our website is at sterlingai.co.nz. This policy explains how we collect, use, and protect personal information from visitors to our website and from our clients.

We comply with the Privacy Act 2020 and the Information Privacy Principles.

What we collect from website visitors

If you submit our contact form, we collect your name, restaurant or cafe name, phone number (if provided), email address, and your message. This information is processed by Formspree, a US-based form handling service, and forwarded to us by email. We use it to respond to your enquiry.

We use Cloudflare Web Analytics to understand how people use our website. Cloudflare Web Analytics is privacy-first: it does not use cookies, does not track individual visitors, and does not collect personally identifiable information. It measures aggregate page views and visits only.

What we collect from clients

When you become a client, we collect your name, email address, phone number, business address, and business information including menus, photos, and opening hours. We collect this through the service agreement, the design brief form, and ongoing communications. We use this information to build and maintain your website, communicate with you about your site, and process payments.

Why we collect it

We collect personal information to respond to enquiries, build and maintain client websites, process payments, and improve our services. We do not use personal information for any purpose other than the one it was collected for, unless we have your consent or are required to by law.

Third-party services

We do not sell personal information. We share information with the following service providers, only as needed to deliver our services:

  • Cloudflare for website hosting and security
  • Cloudflare Web Analytics for privacy-first website usage data
  • Formspree for processing contact form submissions
  • Stripe for payment processing
  • Google Workspace for email and file storage
  • Resend for email delivery
  • Anthropic for AI tools used in website development and maintenance
  • GitHub for code hosting and version control
  • WhatsApp (Meta) for client communication and support
  • Domain registrars for domain name registration and management

These providers process data on our behalf and under our instructions. They do not use your information for their own purposes. We may also disclose personal information if required by law.

Where your information is stored

Our service providers are based in the United States. Your personal information may be stored on servers in the United States. These providers handle data on our behalf and are subject to their own privacy and security obligations.

How long we keep it

Contact form submissions from non-clients are retained for 12 months after the enquiry is resolved, then deleted. If a prospective client submits a design brief but does not sign a service agreement, we retain the submitted information for 90 days to allow for follow-up, then delete it along with any preview website built from it. If the enquiry leads to a client relationship, the data becomes part of the client record. If you become a client and later cancel, we keep your personal information for 90 days to allow for reactivation or resolution of billing matters, then delete it. If a domain transfer is still in progress at the end of the 90-day period, we may retain your contact details until the transfer is complete.

Cookies

Our website does not use any analytics cookies. Cloudflare Web Analytics, which we use for website usage data, does not set cookies or track individual visitors.

Cloudflare, our hosting provider, may set functional cookies (such as __cflb and __cf_bm) for security and performance purposes, including bot management and load balancing. These cookies are necessary for the website to function securely and cannot be opted out of.

Client restaurant websites

Sterling AI builds and hosts websites for restaurant and cafe clients. Each client website may use its own analytics or other tools that collect visitor data. For those websites, the restaurant or cafe is the agency responsible for deciding what personal information is collected from its visitors and how it is used, for the purposes of the Privacy Act 2020. Sterling AI holds and processes this data on the client's behalf, under the client's instructions, as part of the website hosting and maintenance service.

If you have questions about how a specific restaurant website handles your data, please contact the restaurant directly.

Your rights

Under the Privacy Act 2020, you have the right to ask what personal information we hold about you and to request that we correct any errors. You can exercise these rights by emailing ryan@sterlingai.co.nz. We will respond to access or correction requests within 20 working days. This period may be extended under section 53 of the Privacy Act 2020 if there is a good reason for needing more time, in which case we will notify you of the extension and the reason for it.

Data breaches

If we become aware of a privacy breach that has caused or is likely to cause serious harm, we will notify the affected individuals and the Privacy Commissioner as required by the Privacy Act 2020.

Contact

If you have questions about this policy or how we handle personal information, email us at ryan@sterlingai.co.nz.

Privacy Officer: Ryan Osbaldiston, Sterling AI Group Limited.