BYROCKET← Back to site
Legal

Privacy Policy

Last updated: 8 July 2026

ByRocket ("we", "us", "our"), operated by Jesse Kill in Wellington, New Zealand, is committed to protecting your privacy. This policy explains how we collect, use, store and protect personal information in accordance with the New Zealand Privacy Act 2020. It covers both visitors to this website and clients using our services, including our AI receptionist, AI integrations and social media services.

What information we collect

Depending on how you use our website and services, we may collect:

  • Contact details: your name, email address, phone number and business name, provided when you submit our contact form or engage our services.
  • Project details: information about your business, website preferences, design inspiration and content you provide during onboarding.
  • Payment information: processed securely through Stripe. We do not store your card details on our servers.
  • Call recordings and transcripts: where the Holly AI receptionist is used, recordings and transcripts of calls (see the dedicated section below).
  • Business system data: where AI integrations are used, the data in the business software we connect to (such as Xero, Tradify, ServiceM8 or Fergus).
  • Social account access: where social media services are used, access to the accounts and content needed to manage them.
  • Usage data: anonymised data about how visitors interact with this website, via Google Analytics and the Meta Pixel, including pages visited, time on site and general location (country and city level).
  • Cookies: small data files stored on your device to help us understand site usage.
Why we collect your information

We collect personal information to:

  • Provide our services: designing, building and running your website, automations, receptionist, integrations and social content.
  • Communicate with you: project updates, concepts, and invoices.
  • Process payments: securely handling transactions through Stripe.
  • Improve our website: understanding how visitors use our site.
  • Measure advertising: the effectiveness of any Meta (Facebook / Instagram) campaigns we run.

We only use your information for the purpose it was collected, unless you give us permission to use it for something else, or the law requires it.

Call recording and the AI receptionist (Holly)

Where you use Holly, our AI receptionist, calls to your business are answered by an AI voice agent. To provide the service, calls are recorded and transcribed.

  • Where recordings are stored: for your own Holly, recordings and transcripts are stored on the connected voice platform (currently Vapi) and are available to you on your own dashboard. If your setup also feeds a CRM, they may be stored there too.
  • ByRocket's own receptionist: if you call ByRocket's own Holly line, that call is recorded and stored in our voice platform and CRM so we can follow up with you.
  • Informing callers: New Zealand law generally allows a party to a call to record it. As a business using Holly, you are responsible for making sure your callers are appropriately informed that calls may be recorded, and for handling those recordings in line with the Privacy Act 2020.
  • Retention and deletion: recordings are kept for as long as needed to provide the service, and can be deleted on request, subject to any legal obligations.
AI integrations and your business software

Where you use a custom AI integration, we connect an AI assistant to the business software you already use (such as Xero, Tradify, ServiceM8 or Fergus). This may involve access to the data in those systems, including your customers' details, jobs, quotes and invoices.

  • Runs under your accounts: the integration connects using accounts and permissions that you control and can revoke at any time.
  • AI providers: to work, requests may be sent to an AI provider (such as Anthropic or OpenAI) to generate a response. We use these providers under their business terms, which do not use your data to train their public models.
  • Actions: for integrations that can take actions in your systems, those actions run through approval controls you set and review.

We only access the systems and data needed to deliver the service you have asked for.

Social media management

Where you use Daily Social or Social + Drone Day, we manage social media content for your business. To do this we may need access to your social accounts, or permission to post on your behalf.

  • You remain the owner of your social accounts, content and audience.
  • We only use that access to deliver the agreed service.
  • Any footage or photos we capture are handled as set out in our Terms of Service.
Your customers' data

Some of our services (such as the Lift-off CRM, Holly, and AI integrations) mean we handle information about your customers on your behalf, for example enquiries, contact details and call records.

  • You are the controller: for that data, you decide how it is used, and you are responsible for having a lawful basis and a privacy policy that covers it.
  • We process it for you: we handle your customers' data only to run the service you have engaged us for, and we do not sell it or use it for our own marketing.
  • On cancellation: we can export or delete your customers' data on request, subject to any legal obligations.
Who we share your information with

We do not sell your personal information. We share data with the third-party services that help us run our business, using the minimum information necessary for each to function:

  • Cloudflare: website hosting and content delivery (global).
  • Resend: transactional email delivery (USA).
  • Stripe: payment processing (global).
  • Vapi and Telnyx: the AI receptionist voice platform and telephony (USA).
  • AI providers (such as Anthropic and OpenAI): generating AI responses for the receptionist and integrations (USA).
  • Business software providers (such as Xero, Tradify, ServiceM8, Fergus): only where you have asked us to integrate with them.
  • Social media platforms (such as Meta / Instagram): where you use our social services.
  • Google Analytics: anonymised website usage analytics (USA).
  • Meta (Facebook): advertising measurement via the Meta Pixel (USA).

Several of these providers are based overseas, which means some data is stored or processed outside New Zealand. Each provider has its own privacy policy and data protection measures.

Cookies and tracking

This website uses:

  • Google Analytics (gtag.js): anonymised data about page views, session duration and traffic sources.
  • Meta Pixel: tracks conversions from our Facebook and Instagram campaigns, including page views and form submissions.

You can disable cookies through your browser settings at any time, though this may affect some functionality. You can opt out of Google Analytics with the Google Analytics Opt-out Browser Add-on, and adjust your Meta ad preferences in your Facebook account settings.

How we store and protect your data

Your data is stored securely using:

  • Encrypted storage: project and service data is stored with encryption at rest.
  • HTTPS: all data transmitted between your browser and our servers is encrypted using SSL/TLS.
  • Access controls: only authorised people can access your data.

We retain your personal information for as long as necessary to provide our services and comply with our legal obligations. If you request deletion, we will do so within a reasonable timeframe unless we are legally required to retain it.

Your rights under the Privacy Act 2020

Under the New Zealand Privacy Act 2020, you have the right to:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct any inaccurate or outdated information.
  • Deletion: request that we delete your personal information, subject to any legal obligations.
  • Complaint: lodge a complaint with the Office of the Privacy Commissioner if you believe your privacy has been breached.

To exercise any of these rights, contact us at [email protected]. We will respond within 20 working days, as required by law.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our services or legal requirements. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

Questions about your privacy?

Contact us at [email protected]. You can also contact the Office of the Privacy Commissioner if you have concerns.