Privacy Policy

Your privacy matters to us

Last Updated: April 2026

This Privacy Policy explains how teanautown.nz ("we", "our", "the Website") collects, uses, stores, and protects your personal information. By using the Website or creating an account, you consent to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address — used for login, password resets, and account communications
  • Display name — shown publicly on your posts and uploads
  • Password — stored as a secure one-way hash (we cannot see your password)

1.2 Content You Submit

When you participate in the community or upload photos, we collect:

  • Community posts and replies — your text contributions to forum discussions
  • Blog comments — comments you leave on blog articles
  • Gallery images — photos you upload, which are resized and optimised for web display
  • Image metadata — titles, descriptions, and categories you provide. Note: EXIF data (including GPS location) is automatically stripped from uploaded images to protect your privacy

If you post as a guest (without an account), we collect the name you provide and your IP address.

1.3 Automatically Collected Information

When you visit the Website, we automatically collect:

  • IP address — used for security, rate limiting, and spam prevention
  • Browser and device information — browser type, operating system, screen size
  • Usage data — pages viewed, time spent, referring URLs
  • Session data — to maintain your login state across pages

1.4 Cookies

We use the following cookies:

  • Session cookie — essential for login functionality and security (expires when you close your browser or log out)
  • Trusted device cookie — if you enable two-factor authentication and choose to trust a device, a cookie is stored for 30 days to skip the 2FA step on that device
  • Cookie consent cookie — remembers your cookie preference for 12 months
  • 2FA prompt cookie — remembers if you dismissed the 2FA setup prompt (30 days)
  • Google AdSense cookies — used to display relevant advertisements (only with your consent)
  • Google reCAPTCHA cookies — used to protect forms from spam and abuse

You can control cookies through your browser settings. Disabling essential cookies will prevent login functionality.

2. How We Use Your Information

  • Account management — to create and maintain your account, authenticate logins, and process password resets
  • Content display — to show your display name on posts, comments, and gallery uploads
  • Moderation — to review submitted content and prevent abuse
  • Email notifications — to send password reset links and account-related communications
  • Security — to detect spam, prevent abuse, and protect the Website
  • Website improvement — to understand how the Website is used and improve the experience
  • Advertising — to display relevant advertisements through Google AdSense
  • Legal compliance — to comply with applicable laws and regulations

We do not use your email address for marketing or newsletters unless you explicitly opt in to such communications in the future.

3. Information Sharing

We do not sell, trade, or rent your personal information. We share information only in these circumstances:

  • Public content — your display name, posts, comments, and approved gallery images are publicly visible on the Website
  • Service providers — we use Hostinger for web hosting and email delivery. Your data is processed on their servers
  • Google services — Google AdSense and reCAPTCHA process data as described in Google's Privacy Policy
  • Legal requirements — if required by law, court order, or to protect our rights and safety

4. Data Security

We implement the following security measures:

  • Passwords are hashed using bcrypt (industry standard one-way encryption)
  • All connections use HTTPS encryption
  • Session cookies are set with HttpOnly, Secure, and SameSite flags
  • CSRF tokens protect all form submissions
  • reCAPTCHA protects registration and login from automated attacks
  • Rate limiting prevents brute-force and spam attacks
  • Uploaded images are validated, resized, and stripped of metadata
  • Database credentials are stored outside the public web directory

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.

5. Data Retention

  • Account data — retained for as long as your account is active. Deleted upon account deletion request
  • Community posts and comments — retained indefinitely as part of the public discussion record. May be anonymised upon account deletion
  • Gallery images — retained while approved. Removed if rejected or upon request
  • IP addresses — retained with posts for moderation purposes. Server logs retained for up to 90 days
  • Password reset tokens — expire after 1 hour and are marked as used
  • Session data — expires when you log out or close your browser

6. Your Rights

6.1 New Zealand Privacy Act 2020

Under New Zealand law, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and personal data
  • Lodge a complaint with the Privacy Commissioner

6.2 European Union (GDPR)

If you are in the EU, you additionally have the right to data portability, restriction of processing, and withdrawal of consent.

6.3 How to Exercise Your Rights

You can:

We will respond to requests within 20 working days as required by New Zealand law.

7. Children's Privacy

The Website is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we will delete it promptly.

8. International Data Transfers

Your data is hosted on servers managed by Hostinger. Some data may be processed by Google (for advertising and spam protection) on servers in the United States and other countries. By using the Website, you consent to these transfers.

9. Third-Party Links

The Website contains links to third-party websites. This Privacy Policy applies only to teanautown.nz. We are not responsible for the privacy practices of other websites.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Changes are effective upon posting. We will update the "Last Updated" date at the top. For significant changes, we may provide additional notice on the Website.

11. Contact

For privacy questions, data requests, or complaints:

Email: info@teanautown.nz
Website: www.teanautown.nz

New Zealand Privacy Commissioner

If you are not satisfied with our response, you may contact:

Office of the Privacy Commissioner
Website: www.privacy.org.nz
Phone: 0800 803 909

Last updated: April 2026

Report Content

Why are you reporting this?