Privacy Policy
Introduction
Incredible Software Limited ("Incredible.so," "we," "us," or "our") is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, store, and protect personal information when you interact with our website, use our services, or engage with us as a client or training participant.
We are based in New Zealand and comply with the Privacy Act 2020 (New Zealand), the General Data Protection Regulation (GDPR) for our European clients, and the California Consumer Privacy Act (CCPA) for our California-based clients.
1. Who We Are
Incredible builds custom software and AI systems for growing businesses. We connect the tools you already use, automate the manual work that eats your team’s time, and embed AI where it removes real effort. Our work spans custom software builds, AI agents, AI enablement partnerships, and hands-on AI workshops. We pick the right tool for each job, full code where it is needed and no-code where it fits, with the latest AI built in.
2. What Information We Collect
2.1 Information You Provide Directly
- Name, email address, company name, and message content when you contact us through our website forms
- This information is sent directly to our email and is not stored in a database on our website
- Contact information (name, email, phone number, company details)
- Project requirements and business information shared during discovery and scoping phases
- Any information you provide in project documentation, meetings, or communications
- Registration information (name, email, organisation)
- Information collected through our workshop registration and application forms
- Participation and progress information related to training programs
2.2 Information Collected Automatically
Currently, our website does not use cookies or analytics tracking. However, standard web server logs may automatically collect:
- IP addresses
- Browser type and version
- Pages visited and time spent on our website
- Referring website addresses
We reserve the right to implement analytics tools in the future, and will update this policy accordingly.
3. How We Use Your Information
We use your personal information for the following purposes:
- To respond to inquiries and provide information about our services
- To scope, design, build, and deliver custom software and AI systems
- To provide AI enablement, AI agents, and training services
- To communicate with you about projects and services
- To manage client relationships and contracts
- To improve our services and customer experience
- To conduct business analysis and planning
- To comply with legal obligations and respond to lawful requests
- To protect our rights, property, and safety, and that of our clients and others
We process your personal information based on:
- Consent: When you provide information voluntarily through forms or during engagement
- Contract Performance: When necessary to deliver services you have requested
- Legitimate Interests: To operate our business, improve services, and maintain client relationships
- Legal Obligations: When required by law
4. How We Store and Protect Your Information
4.1 Data Storage
We do not host or store client data on our own infrastructure. The applications we build are deployed on established third-party platforms, and we build on your own accounts wherever possible so you retain ownership. Depending on the engagement, this may include:
- Cloud application platforms (for example Glide and Supabase) where applications and associated data are hosted
- Google Workspace for email communications and document collaboration
- Hosting and infrastructure providers for our own website and any applications we operate on your behalf
Contact information from website inquiries is stored in our email system (Google Workspace).
4.2 Data Security
We implement appropriate technical and organisational measures to protect personal information, including:
- Secure transmission protocols (HTTPS/SSL)
- Access controls and authentication
- Using enterprise-tier services with established security practices
- Regular security reviews of our third-party providers
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
5. Third-Party Service Providers
We use the following third-party service providers who may process personal information on our behalf:
- Purpose: Application development platform and hosting
- Data Location: Cloud-based infrastructure (primarily United States)
- Privacy Policy:https://www.glideapps.com/privacy
- Purpose: Email, document storage, and collaboration
- Privacy Policy:https://policies.google.com/privacy
- Purpose: AI-powered scoping, analysis, and product features (used on enterprise plans where your data is not used for training)
- Privacy Policy:https://www.anthropic.com/legal/privacy
When we build applications for clients that integrate with their systems (such as Xero, HubSpot, Workflow Max, or other APIs), data flows directly between those systems and the client’s own environment. We access these environments to build and maintain applications but do not route client data through our own infrastructure.
6. International Data Transfers
As a New Zealand-based company working with international clients, personal information may be transferred to and processed in countries outside New Zealand, including:
- The United States (where many of our service providers operate servers)
- Other countries where our clients are located
When we transfer personal information internationally, we ensure appropriate safeguards are in place:
- We use service providers with robust data protection practices
- For EU/UK data subjects, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses
- We comply with cross-border data transfer requirements under the Privacy Act 2020
7. Data Retention
We retain personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.
- Website inquiries: Until the inquiry is resolved or the relationship ends
- Client project data: For the duration of the project and a reasonable period afterward to provide support
- Training participant data: For the duration of the training program and as needed for certification or follow-up
When personal information is no longer needed, we delete it or anonymise it in accordance with our data retention practices.
8. Your Privacy Rights
8.1 Rights Under New Zealand Privacy Act 2020
You have the right to:
- Access: Request access to the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information in certain circumstances
- Objection: Object to processing of your personal information
- Complaint: Lodge a complaint with the New Zealand Privacy Commissioner
8.2 Additional Rights for EU/UK Data Subjects (GDPR)
If you are in the European Union or United Kingdom, you also have:
- The right to data portability
- The right to restrict processing
- The right to withdraw consent at any time
- The right to lodge a complaint with your local supervisory authority
8.3 Additional Rights for California Residents (CCPA)
If you are a California resident, you have:
- The right to know what personal information we collect, use, and disclose
- The right to request deletion of your personal information
- The right to opt out of the sale of personal information (note: we do not sell personal information)
- The right to non-discrimination for exercising your privacy rights
8.4 How to Exercise Your Rights
We will respond to your request within the timeframes required by applicable law (typically 20 working days under NZ law, 30 days under GDPR, and 45 days under CCPA).
10. Children’s Privacy
Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information promptly.
11. Data Breach Notification
In the event of a data breach that poses a risk to your personal information, we will:
- Take immediate steps to contain and remediate the breach
- Notify affected individuals and relevant authorities as required by law
- Provide information about the breach and steps you can take to protect yourself
Under the Privacy Act 2020, we are required to notify the Privacy Commissioner and affected individuals of privacy breaches that cause or are likely to cause serious harm.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website with a revised "Last Updated" date.
For material changes, we will provide additional notice (such as an email notification or prominent website notice) where appropriate.
13. Third-Party Links
Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit.
14. Business Transfers
If Incredible Software Limited is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
For complaints or concerns about privacy, you may also contact:
- New Zealand Privacy Commissioner:https://www.privacy.org.nz
- EU Data Protection Authorities: For EU residents
- UK Information Commissioner’s Office (ICO): For UK residents
- California Attorney General: For California residents
16. Consent
By using our website, engaging our services, or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.
This Privacy Policy is designed to be comprehensive while accurately reflecting our actual data practices. It provides legal protection while remaining transparent and accessible to users.