Legal

Privacy Policy

Effective date: 6 November 2025

Introduction

Incredible Software Limited ("Incredible.so," "we," "us," or "our") is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, store, and protect personal information when you interact with our website, use our services, or engage with us as a client or training participant.

We are based in New Zealand and comply with the Privacy Act 2020 (New Zealand), the General Data Protection Regulation (GDPR) for our European clients, and the California Consumer Privacy Act (CCPA) for our California-based clients.

1. Who We Are

Incredible Software Limited
New Zealand Company

Incredible builds custom software and AI systems for growing businesses. We connect the tools you already use, automate the manual work that eats your team’s time, and embed AI where it removes real effort. Our work spans custom software builds, AI agents, AI enablement partnerships, and hands-on AI workshops. We pick the right tool for each job, full code where it is needed and no-code where it fits, with the latest AI built in.

2. What Information We Collect

2.1 Information You Provide Directly

Website Visitors:
  • Name, email address, company name, and message content when you contact us through our website forms
  • This information is sent directly to our email and is not stored in a database on our website
Prospective and Active Clients:
  • Contact information (name, email, phone number, company details)
  • Project requirements and business information shared during discovery and scoping phases
  • Any information you provide in project documentation, meetings, or communications
Training Participants:
  • Registration information (name, email, organisation)
  • Information collected through our workshop registration and application forms
  • Participation and progress information related to training programs

2.2 Information Collected Automatically

Currently, our website does not use cookies or analytics tracking. However, standard web server logs may automatically collect:

  • IP addresses
  • Browser type and version
  • Pages visited and time spent on our website
  • Referring website addresses

We reserve the right to implement analytics tools in the future, and will update this policy accordingly.

3. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery:
  • To respond to inquiries and provide information about our services
  • To scope, design, build, and deliver custom software and AI systems
  • To provide AI enablement, AI agents, and training services
  • To communicate with you about projects and services
Business Operations:
  • To manage client relationships and contracts
  • To improve our services and customer experience
  • To conduct business analysis and planning
Legal Compliance:
  • To comply with legal obligations and respond to lawful requests
  • To protect our rights, property, and safety, and that of our clients and others

We process your personal information based on:

  • Consent: When you provide information voluntarily through forms or during engagement
  • Contract Performance: When necessary to deliver services you have requested
  • Legitimate Interests: To operate our business, improve services, and maintain client relationships
  • Legal Obligations: When required by law

4. How We Store and Protect Your Information

4.1 Data Storage

We do not host or store client data on our own infrastructure. The applications we build are deployed on established third-party platforms, and we build on your own accounts wherever possible so you retain ownership. Depending on the engagement, this may include:

  • Cloud application platforms (for example Glide and Supabase) where applications and associated data are hosted
  • Google Workspace for email communications and document collaboration
  • Hosting and infrastructure providers for our own website and any applications we operate on your behalf

Contact information from website inquiries is stored in our email system (Google Workspace).

4.2 Data Security

We implement appropriate technical and organisational measures to protect personal information, including:

  • Secure transmission protocols (HTTPS/SSL)
  • Access controls and authentication
  • Using enterprise-tier services with established security practices
  • Regular security reviews of our third-party providers

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Third-Party Service Providers

We use the following third-party service providers who may process personal information on our behalf:

Cloud application platforms (e.g. Glide, Supabase):
  • Purpose: Application development platform and hosting
  • Data Location: Cloud-based infrastructure (primarily United States)
  • Privacy Policy:https://www.glideapps.com/privacy
Google Workspace:
Anthropic:

When we build applications for clients that integrate with their systems (such as Xero, HubSpot, Workflow Max, or other APIs), data flows directly between those systems and the client’s own environment. We access these environments to build and maintain applications but do not route client data through our own infrastructure.

6. International Data Transfers

As a New Zealand-based company working with international clients, personal information may be transferred to and processed in countries outside New Zealand, including:

  • The United States (where many of our service providers operate servers)
  • Other countries where our clients are located

When we transfer personal information internationally, we ensure appropriate safeguards are in place:

  • We use service providers with robust data protection practices
  • For EU/UK data subjects, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses
  • We comply with cross-border data transfer requirements under the Privacy Act 2020

7. Data Retention

We retain personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.

General Retention Guidelines:
  • Website inquiries: Until the inquiry is resolved or the relationship ends
  • Client project data: For the duration of the project and a reasonable period afterward to provide support
  • Training participant data: For the duration of the training program and as needed for certification or follow-up

When personal information is no longer needed, we delete it or anonymise it in accordance with our data retention practices.

8. Your Privacy Rights

8.1 Rights Under New Zealand Privacy Act 2020

You have the right to:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information in certain circumstances
  • Objection: Object to processing of your personal information
  • Complaint: Lodge a complaint with the New Zealand Privacy Commissioner

8.2 Additional Rights for EU/UK Data Subjects (GDPR)

If you are in the European Union or United Kingdom, you also have:

  • The right to data portability
  • The right to restrict processing
  • The right to withdraw consent at any time
  • The right to lodge a complaint with your local supervisory authority

8.3 Additional Rights for California Residents (CCPA)

If you are a California resident, you have:

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information (note: we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

8.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at stephen@incredible.so

We will respond to your request within the timeframes required by applicable law (typically 20 working days under NZ law, 30 days under GDPR, and 45 days under CCPA).

9. Cookies and Tracking Technologies

Our website currently does not use cookies or tracking technologies for analytics or advertising purposes. If we implement such technologies in the future, we will:

  • Update this Privacy Policy
  • Provide clear notice on our website
  • Obtain consent where required by law
  • Provide options to manage cookie preferences

Standard web server logs may collect basic technical information as described in Section 2.2.

10. Children’s Privacy

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information promptly.

11. Data Breach Notification

In the event of a data breach that poses a risk to your personal information, we will:

  • Take immediate steps to contain and remediate the breach
  • Notify affected individuals and relevant authorities as required by law
  • Provide information about the breach and steps you can take to protect yourself

Under the Privacy Act 2020, we are required to notify the Privacy Commissioner and affected individuals of privacy breaches that cause or are likely to cause serious harm.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website with a revised "Last Updated" date.

For material changes, we will provide additional notice (such as an email notification or prominent website notice) where appropriate.

14. Business Transfers

If Incredible Software Limited is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Aiyana Grigsby (Operations Manager)
Company: Incredible Software Limited
Location: New Zealand

For complaints or concerns about privacy, you may also contact:

  • New Zealand Privacy Commissioner:https://www.privacy.org.nz
  • EU Data Protection Authorities: For EU residents
  • UK Information Commissioner’s Office (ICO): For UK residents
  • California Attorney General: For California residents
Get started

Ready to free yourself
from busy work?

A 30-minute discovery call, no pressure. We'll map one workflow with you and tell you honestly whether we can help.