DigitalArchitect® is an SEO analysis tool operated by Growth Partners Limited (New Zealand Company Number 7017234), whose registered office is at 7 Fairbairn Place, East Tamaki, Auckland 2016 (“Growth Partners”, “we”, “us” or “our”). The tool is built and hosted for us by CoreShift Limited, who acts as our technology partner. CoreShift does not use any data within DigitalArchitect® for its own purposes.
This notice tells you what personal information we collect through DigitalArchitect®, why we collect it, who we share it with, how long we keep it, and how you can exercise your rights under the Privacy Act 2020 (New Zealand). If anything below is unclear, please contact us — details are in Section 11.
Who this notice applies to
DigitalArchitect® is a business-to-business tool used in three ways:
- as part of Growth Partners’ Revenue Accelerator Programme (we run DigitalArchitect® on behalf of the customer);
- by customers running DigitalArchitect® themselves to produce their own analysis; and
- by customers using DigitalArchitect® alongside KeyContent® for an integrated workflow.
In each case, the customer is a business or organisation that subscribes to DigitalArchitect® (each a “subscribing organisation”). This notice applies to:
- subscribing organisations and the individuals who use the tool on their behalf (each an “Authorised User”); and
- individuals whose personal information is provided to us by a subscribing organisation during Business Consultation, Brand Foundation or otherwise as part of using DigitalArchitect® (for example, a subscribing organisation’s key contacts, references or other named individuals).
Where an organisation subscribes to DigitalArchitect®, the relationship between Growth Partners and that organisation is also governed by a customer agreement. In that scenario, the subscribing organisation controls the content uploaded into the tool and is responsible for ensuring it has authority to upload personal information about its own staff, contacts, references or other third parties. Rights requests about that content may need to be routed through the subscribing organisation — see Section 7.
1. What we collect
You give us, directly
- Your email address and name when you accept an invitation or sign up as an Authorised User
- A password, which we never see in plain text — it’s hashed by our authentication provider
- Information provided during Business Consultation: business information about the subscribing organisation (industry, revenue streams, products and services, average order value, pricing, target audience, competitors, locations, seasonality and similar)
- Information provided during Brand Foundation: brand strategy, positioning, audience descriptions, messaging framework and content governance
- Personal information about named individuals provided as part of Business Consultation or Brand Foundation (for example, key contacts, references and competitor representatives)
- Any other content you create or upload in the tool, including notes, screenshots and bug reports
- Information you choose to send when you contact support
We collect automatically when you use the tool
- Your IP address, browser type, operating system and screen size — to render the interface, for security and for bug-report context
- Authentication session information — a token in your browser that proves you’re signed in
- Error events when something goes wrong, so we can fix it
- Outputs generated by DigitalArchitect® itself, including market analysis, competitor benchmarking, GrowthCast® revenue projections and website analysis based on the inputs you provide
We collect indirectly from third parties (Information Privacy Principle 3A)
From 1 May 2026, the Privacy Act 2020 requires us to tell you when we collect personal information about you from a source other than you directly. We collect personal information indirectly in the following ways:
- When a subscribing organisation invites you to DigitalArchitect® as an Authorised User, we receive your name and email address from that organisation before you have any direct contact with us. Where this is the case, the invitation email serves as our notification to you of the collection.
- Where a subscribing organisation provides personal information about its own staff, contacts, references, competitor representatives or other third parties as part of Business Consultation or Brand Foundation, we collect that information from the subscribing organisation rather than from the individuals concerned. The subscribing organisation is responsible for ensuring it has authority to provide that information to us and has notified the individuals concerned where required.
- DigitalArchitect® gathers publicly available information from the open web as part of its analysis — for example, competitor websites, public business listings and similar. This may include limited personal information about named individuals where that information is publicly available (e.g. a competitor’s published staff bios).
Where required by the Privacy Act 2020, we take reasonable steps to ensure the individual is aware of: the fact that the information has been collected, the source it came from, the purpose of collection, the intended recipients, our name and contact details, whether supply was voluntary or required by law, and the individual’s rights of access and correction. We rely on the exceptions in the Privacy Act 2020 where they apply.
2. What we use it for
- Give you and your subscribing organisation access to DigitalArchitect® and the data within it
- Run the analysis the tool is designed for: market research, competitor benchmarking, GrowthCast® revenue projections and website analysis, to produce a website and content development roadmap
- Where applicable, feed outputs from DigitalArchitect® into KeyContent® for use in content production
- Send confirmations, account communications and resolution emails when you submit a bug or question
- Detect and fix bugs
- Comply with our legal obligations under New Zealand law
We do not sell your personal information. We do not use your content or data to train AI models on our own behalf, and we have configured the AI services that power DigitalArchitect® not to use it to train theirs.
We may create aggregated and anonymised data from tool usage. Once anonymised, this data cannot be used to identify you or your subscribing organisation, and we use it only for purposes such as improving DigitalArchitect® and benchmarking.
3. Cookies and things we store on your device
DigitalArchitect® does not use tracking or analytical cookies. We store a small number of operational items in your browser for authentication and to remember your selected context within the tool. Our security and edge providers may set operational cookies (for example, for bot-management purposes), which are not used for tracking or analytics.
4. Error tracking
When something goes wrong in DigitalArchitect®, we capture an error report to help us understand and fix the bug. Error reports do not include request bodies, cookies or IP addresses. If you’d prefer to opt out of error reporting entirely, contact us (Section 11) — we can disable error capture for your account.
5. Who we share information with
To run DigitalArchitect®, we share personal information with third-party providers (sub-processors). They process data only on our instructions and only for the purposes below. Each provider has signed a Data Processing Agreement (or equivalent contract) with us or with CoreShift on our behalf.
| Category | What they receive | Where |
|---|---|---|
| Application infrastructure | Account information, content, files and request metadata | Sydney, Australia |
| Edge security and DNS | TLS-terminated request metadata, abuse-detection logs | Global edge; logs in US |
| AI generation (text and analysis) | Inputs you submit and outputs generated for you | United States |
| SEO and search data | Search query and ranking data submitted as part of the analysis | United States / Europe |
| Web crawling | URLs submitted for website analysis | Various |
| Transactional email | Your name, email address and the content of account and support emails we send you | United States |
| Error monitoring and uptime | Anonymised error reports (no IPs, no request bodies) and availability checks | United States |
| Payment processing | The subscribing organisation’s billing information — card data never reaches us | United States / Europe |
A current named list of all sub-processors is available on request — contact us using the details in Section 11.
Growth Partners also shares DigitalArchitect® outputs with KeyContent® (also operated by us, with CoreShift as our technology partner) where the subscribing organisation uses both tools as part of an integrated workflow.
Overseas disclosures under Privacy Act 2020 IPP 12. Our sub-processors are based in jurisdictions with comparable privacy safeguards — Australia (under the Australian Privacy Principles), the European Union (under the GDPR), and the United States (under their respective regulations and our contractual safeguards). If we add a sub-processor in a jurisdiction without comparable safeguards, we will update this notice and provide an opt-out for the specific feature it enables.
We do not sell your personal information, share it with marketing platforms, share it with data brokers, or use it to train our own AI models.
6. How long we keep it
We keep personal information only as long as we reasonably need it (Privacy Act 2020 IPP 9):
- Active account information: while your account is active. After your subscription ends, the customer agreement gives subscribing organisations a reasonable window to export their data. Account information is then deleted from our active systems within a reasonable time, with backup copies removed in line with our standard backup retention periods.
- Inputs and outputs from Business Consultation, Brand Foundation and DigitalArchitect® analysis: retained for the life of the subscription so that the analysis can be updated and refreshed over time. After the subscription ends, this data is deleted in line with the customer agreement.
- Bug reports and support communications: 24 months
- Financial records: 7 years (NZ Companies Office requirement)
- Error reports: 90 days
7. Your rights
Under the Privacy Act 2020, you have the following rights regarding personal information we hold about you:
- Right of access (IPP 6). You can ask us what personal information we hold about you. We will respond within 20 working days.
- Right of correction (IPP 7). If something we hold is wrong, you can ask us to correct it. If we do not make the correction, we will take reasonable steps to note on the information that you requested the correction.
In addition to your statutory rights, we will delete personal information we hold about you on request, where we are lawfully able to do so. We may need to retain some information for limited periods to meet legal obligations (for example, financial records for 7 years), or where deletion would prejudice an ongoing legal claim.
Routing of rights requests. Where you are an Authorised User of a subscribing organisation, requests about your own account information (name, email, password, authentication data) should come direct to us. Requests about content uploaded into the tool by your subscribing organisation — including information about third parties such as references or contacts — will generally be routed through that organisation, because they control that content. We will help you identify the right path when you contact us.
End of subscription. If your subscribing organisation ends its subscription to DigitalArchitect®, deletion of platform data is governed by the customer agreement with that organisation rather than by individual rights requests. See Section 6.
To exercise any of these rights, email us using the contact details in Section 11. We may ask you to verify your identity before we act on the request.
8. Children
DigitalArchitect® is intended for business use by adults. We do not knowingly collect personal information from children.
9. Privacy breaches
If we ever experience a privacy breach that is reasonably likely to cause you serious harm, we will:
- Notify you as soon as practicable after becoming aware of the breach (Privacy Act 2020 s 115)
- Notify the NZ Office of the Privacy Commissioner where required by s 114
- Tell you what happened, what information was involved, what we’ve done, and what you can do
10. Security
- All connections to DigitalArchitect® are encrypted with TLS 1.2 or higher
- All passwords are bcrypt-hashed; we never see your plain-text password
- The database has access controls; only the application service can read or write your content, on your authenticated behalf
- CoreShift, as our technology partner, operates Sentinel — an internal monitoring tool which scans for software bugs, runtime errors and indicators of potential privacy or security incidents on the platform
- Authorised User passwords are checked against the HIBP leaked-password list at sign-up
If you suspect unauthorised access to your account, contact us immediately and we will lock the account and investigate.
11. How to contact us
For any privacy matter, contact our Privacy Officer:
Keitha Smith
Growth Partners Limited
7 Fairbairn Place, East Tamaki, Auckland 2016, New Zealand
Email: keitha@growthpartners.co.nz
If you’ve contacted us and you’re not satisfied with our response, you can contact the NZ Office of the Privacy Commissioner: PO Box 10094, The Terrace, Wellington 6143 · privacy.org.nz · 0800 803 909
12. Changes to this notice
We may update this notice from time to time. The “Last updated” date at the top will tell you when. For material changes (especially adding a new sub-processor or a new category of data), we will notify the subscribing organisation’s account owner and post a notice in DigitalArchitect®.
© Growth Partners Limited