Privacy Policy

Version 1.0  ·  Effective 15 June 2026

BoardHQ ("we", "us", "our") is committed to protecting your personal information in accordance with the New Zealand Privacy Act 2020. This policy explains what we collect, why we collect it, and how we keep it safe.

1. Who we are

BoardHQ is a board governance and meeting management platform operated in New Zealand.
Privacy Officer: privacy@boardhq.net

2. What we collect

• Account information — your name, email address, and hashed password.
• Organisation data — the name and details of boards and organisations you belong to.
• Meeting content — agendas, minutes, resolutions, voting records, and action items you create or participate in.
• Documents — files you upload to the platform.
• Usage data — IP address, browser type, pages visited, and timestamps, used for security and diagnostics.
• Consent record — the date and version of this policy you agreed to at registration.

3. How we use your information

• To provide and operate the BoardHQ service.
• To send transactional emails (meeting invitations, account activation, password reset).
• To maintain security, detect abuse, and prevent unauthorised access.
• To comply with legal obligations.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Where your data is stored

Data is stored on servers hosted by Elestio (cloud infrastructure) in the United States. By using BoardHQ you consent to this storage. We apply industry-standard security controls including encrypted connections (TLS), password hashing, and access controls.

5. Third-party services

• Resend — transactional email delivery. Your email address is shared with Resend solely to deliver emails you request.
• Stripe — payment processing for paid subscriptions. Card details are handled directly by Stripe and are never stored on our servers.
• Google Drive — optional integration you may connect. We only access files in the specific folder you authorise.

6. Your data belongs to your organisation

Meeting minutes, resolutions, documents, and other board content you create belong to your organisation, not to BoardHQ. Admins of your organisation can view and manage all content within their workspace. BoardHQ staff access your data only when required for support or legal compliance, and only with your permission.

7. Data retention

We retain your personal data for as long as your account is active or as needed to provide services. If you close your account, personal data is deleted within 30 days, except where we are required by law to retain it. Organisation data (minutes, resolutions) may be retained for up to 7 years to meet legal and audit obligations.

8. Your rights

Under the NZ Privacy Act 2020 you have the right to:

• Access the personal information we hold about you.
• Correct any information that is inaccurate.
• Request deletion of your account and personal data.
• Withdraw consent — though this may mean we can no longer provide the service.

To exercise any of these rights, email privacy@boardhq.net. We will respond within 20 working days as required by the Act.

9. Cookies

BoardHQ uses only essential session cookies to keep you signed in. We do not use advertising or analytics cookies.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email. The version number and effective date at the top of this page always show the current version.

11. Complaints

If you have a privacy concern, please contact us at privacy@boardhq.net first. If we cannot resolve it, you may complain to the Office of the Privacy Commissioner.