talktojane.ai

Legal

Privacy Policy

Last updated: 16 April 2026

1. Who we are

talktojane.ai is operated by Insight AI Systems Limited, a company incorporated in New Zealand (NZBN 9429050329304), with its registered office at West Melton, Christchurch 7676, New Zealand. Insight AI Systems Limited is the data controller for the purposes of the EU and UK General Data Protection Regulation (GDPR) and the agency for the purposes of the New Zealand Privacy Act 2020.

For any privacy matter — including access, correction, deletion or complaints — contact our Privacy Officer, Alan Booth, at alan@insight-ai-systems.com or +64 21 11 88 480.

2. What information we collect

We only collect information you provide through the demo request form on this site, plus minimal technical data needed to operate the site securely.

  • Identity and contact data: first name, last name, work email address, optional phone number.
  • Professional context: firm name, your role, firm type, country.
  • Enquiry content: the free-text brief you write describing your compliance challenge, and how you heard about us.
  • Technical data: IP address, user agent string and timestamp, captured in standard server logs at the point of submission.

We do not use cookies for tracking, analytics or advertising. We do not collect special-category (sensitive) personal data.

3. Why we collect it and our lawful basis

Under GDPR (Art. 6): we rely on legitimate interests (Art. 6(1)(f)) to respond to a business enquiry you have actively initiated, and on consent (Art. 6(1)(a)) where you voluntarily provide optional information such as your phone number. You can withdraw consent or object to processing at any time by emailing us.

Under the NZ Privacy Act 2020: we collect information directly from you (IPP 2) for the specific, lawful purpose of responding to your enquiry (IPP 1 and IPP 3), and we will not use or disclose it for any unrelated purpose (IPP 10 and IPP 11).

We do not use your information for automated decision-making or profiling, and we never sell, rent or trade your data.

4. Where your data is stored

Form submissions are stored in our managed PostgreSQL database hosted on Supabase infrastructure in the European Union (Frankfurt, eu-central-1). Notification emails are sent via Resend (United States). Both providers are bound by appropriate data-processing agreements and, where personal data leaves the EEA or UK, transfers rely on the European Commission's Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum.

Insight AI Systems Limited operates from New Zealand, which holds an EU adequacy decision for the transfer of personal data, meaning your data is protected to an EU-equivalent standard when accessed by our team.

5. How long we keep it

  • Demo requests that do not become customers: retained for 24 months from submission, then permanently deleted.
  • Demo requests that become customers: retained for the duration of the customer relationship plus 7 years after termination, to meet AML/KYC record-keeping obligations applicable to our clients and our own tax and accounting requirements.
  • Server logs: retained for 30 days, then automatically purged.
  • Email correspondence: retained for 36 months after the last meaningful exchange.

You may request earlier deletion at any time (see Section 7); we will action it unless we are legally required to retain the record.

6. Who we share it with

We share your information only with the following processors, and only to the extent necessary to operate this site:

  • Supabase Inc. — database and authentication hosting (EU).
  • Resend (Drop Inc.) — transactional email delivery (US).
  • Cloudflare, Inc. — edge hosting, DNS and DDoS protection (global).

We do not share your data with any advertising network, data broker or marketing platform. We will disclose information to law enforcement or regulators only where compelled by valid legal process under New Zealand, Australian, UK or EU law.

7. Your rights

Wherever you are located, you may ask us to:

  • confirm what personal data we hold about you and provide a copy;
  • correct inaccurate or incomplete data;
  • delete your data ("right to erasure" under GDPR Art. 17);
  • restrict or object to processing (GDPR Arts. 18 and 21);
  • receive your data in a portable, machine-readable format (GDPR Art. 20);
  • withdraw any consent you have given.

Email alan@insight-ai-systems.com. We will verify your identity and respond within 5 business days, and complete the request within 20 working days (NZ Privacy Act) or 30 calendar days (GDPR), whichever is shorter.

If you are not satisfied with our response, you may complain to:

  • the Office of the Privacy Commissioner (New Zealand) — privacy.org.nz;
  • your local EU data protection authority, or the Information Commissioner's Office in the UK — ico.org.uk.

8. How we protect your data

  • All data in transit is encrypted via TLS 1.2 or higher.
  • All data at rest is encrypted using AES-256.
  • Database access is restricted by row-level security and role-based access control; only the Privacy Officer and named engineers have production access.
  • Authentication uses short-lived JWTs with refresh-token rotation.
  • We maintain an incident response plan and will notify affected individuals and the relevant supervisory authority within 72 hours of becoming aware of a notifiable breach, as required by GDPR Art. 33 and Part 6 of the NZ Privacy Act 2020.

9. Cookies

This marketing site sets no analytics, advertising or tracking cookies. The hosting platform may set strictly necessary cookies for session integrity and security; these do not require consent under the GDPR ePrivacy framework.

10. Children

This service is intended for business users only. We do not knowingly collect information from anyone under 16. If you believe a child has submitted information, contact us and we will delete it.

11. Changes to this policy

We will update the "Last updated" date at the top of this page whenever this policy changes. For material changes, we will additionally email anyone whose data we already hold and, where required, seek fresh consent.