Privacy Policy

Last updated: May 2026

1. Introduction

Curvii ("we", "us", or "our") is committed to protecting your privacy. This policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services. By using Curvii, you agree to the practices described in this policy.

We comply with the New Zealand Privacy Act 2020 and applicable data protection laws. If you are based in Australia, we also adhere to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

2. Information We Collect

Information you provide to us:

  • Account registration details (name, email address, company name, phone number).
  • Billing and payment information processed securely through our payment provider.
  • Communications and support queries you send to us.

Information we access via Xero:

  • Financial data from your Xero organisation, including accounts, transactions, invoices, bills, contacts, and reports.
  • Organisation settings and user permissions within your connected Xero account.

We access Xero data solely through the official Xero API using OAuth 2.0. We only request the minimum permissions necessary to deliver our services. You can revoke our access at any time through your Xero dashboard.

Information collected automatically:

  • Usage data (pages visited, features used, time spent).
  • Device and browser information (IP address, browser type, operating system).
  • Cookies and similar tracking technologies for analytics and service improvement.

3. How We Use Your Information

  • To provide, maintain, and improve the Curvii platform and its AI-powered insights.
  • To process your Xero data and generate financial dashboards, reports, and forecasts.
  • To train and improve our AI models (using anonymised, aggregated data only).
  • To communicate with you about your account, updates, and support.
  • To process payments and manage subscriptions.
  • To send you marketing communications (with your consent, which you can withdraw at any time).
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.

4. AI and Data Processing

Curvii uses artificial intelligence to analyse your financial data and generate insights. We process your data through secure AI infrastructure. We do not use your identifiable financial data to train public AI models. Any model training is performed on anonymised, aggregated data sets that cannot be traced back to individual organisations.

5. Data Storage and Security

Your data is stored on secure servers hosted in Australia and New Zealand. We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, and regular security audits. While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure.

6. Data Sharing and Disclosure

We may share your information with:

  • Service providers: Third-party vendors who help us operate our platform (cloud hosting, payment processing, analytics). These providers are bound by confidentiality agreements.
  • Xero: As part of the API integration, certain data flows between Xero and Curvii. This is governed by Xero's own privacy policy and terms of use.
  • Legal requirements: When required by law, regulation, or legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal information or financial data to third parties.

7. Your Rights

Under the New Zealand Privacy Act 2020, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your data (subject to legal retention requirements).
  • Withdraw consent for marketing communications.
  • Lodge a complaint with the New Zealand Privacy Commissioner if you believe we have breached your privacy.

To exercise these rights, contact us at hello@curvii.co.nz.

8. Cookies

We use essential cookies for platform functionality and optional analytics cookies to understand usage patterns. You can manage cookie preferences through your browser settings. Disabling cookies may affect certain features of the platform.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Upon account termination, we will delete your data within 90 days, except where we are required to retain it for legal, tax, or accounting purposes. Anonymised and aggregated data may be retained for analytics and model improvement.

10. International Data Transfers

Your data is primarily stored in Australia and New Zealand. Some service providers may process data in other jurisdictions. We ensure appropriate safeguards are in place for any international transfers in line with applicable law.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or through the platform. Continued use of Curvii after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this privacy policy or wish to exercise your rights, contact us at:

Email: hello@curvii.co.nz

← Back to home