Compass My Strategy Quest
Pricing Sign In
Privacy

Privacy Policy

Last updated: 20 March 2026

1. Introduction

Kitty from Outer Space Ltd ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use My Strategy Quest (the "Service").

This policy is designed to comply with the Privacy Act 2020 (New Zealand) and the Information Privacy Principles contained therein. We are committed to being transparent about how we handle your personal information.

By using the Service, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

When you use the Service, you may provide:

  • Account information: Email address, name, password (hashed)
  • Profile information: Display name, preferences, settings
  • Content: Domains, outcomes, experiments, obligations, notes, and other artifacts you create
  • Conversations: Messages exchanged with AI companions
  • Payment information: Processed securely by our payment provider (we do not store card details)

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

  • Device information: Browser type, operating system, device type
  • Usage data: Pages visited, features used, time spent
  • Log data: IP address, access times, error logs
  • Cookies: Session cookies for authentication (see Section 7)

2.3 Information from AI Processing

When you interact with our AI companions, your messages are processed by third-party AI providers (such as Anthropic and OpenAI). We send conversation context to generate responses. These providers process data under their own privacy policies and data processing agreements with us.

3. How We Use Your Information

In accordance with Information Privacy Principle 10 of the Privacy Act 2020, we only use your personal information for the purposes for which it was collected:

  • Provide the Service: Operate, maintain, and improve My Strategy Quest
  • AI Features: Process your messages to generate AI companion responses
  • Authentication: Verify your identity and maintain account security
  • Communication: Send service updates, security alerts, and support messages
  • Billing: Process payments and manage subscriptions
  • Analytics: Understand usage patterns to improve the Service (aggregated, non-identifying data)
  • Legal compliance: Meet our legal obligations under New Zealand law

We do not:

  • Sell your personal information to third parties
  • Use your content to train AI models (unless you explicitly opt in)
  • Profile you for targeted advertising

4. Disclosure of Information

We may disclose your personal information to:

  • Service providers: Third parties who assist us in operating the Service, including:
    • Cloud hosting providers (data stored in secure data centres)
    • AI providers (Anthropic, OpenAI) for conversation processing
    • Payment processors for subscription billing
    • Email service providers for transactional emails
    • Analytics provider (PostHog) for anonymised usage analytics
  • Legal requirements: When required by New Zealand law, court order, or government agency
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
  • With your consent: For any other purpose with your explicit consent

5. International Data Transfers

Your information may be transferred to and processed in countries outside New Zealand, including:

  • United States (AI providers, some cloud services)
  • European Union (some infrastructure providers)

In accordance with Information Privacy Principle 12 of the Privacy Act 2020, we only transfer your information to jurisdictions that have comparable privacy protections or where the recipient is bound by contractual obligations to protect your information.

We use Data Processing Agreements with all third-party processors to ensure appropriate safeguards are in place.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Secure password hashing (bcrypt)
  • Regular security assessments and updates
  • Access controls limiting who can access personal information
  • Secure authentication including magic links and password reset flows

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you of any breach in accordance with the Privacy Act 2020.

7. Cookies and Tracking

We use cookies that are essential for the Service to function:

  • Session cookies: Maintain your logged-in state
  • Security cookies: CSRF protection tokens
  • Preference cookies: Remember your settings (theme, etc.)

We use privacy-friendly product analytics (PostHog) to understand how people use the Service. This analytics tool uses browser localStorage (not cookies) and respects the Do Not Track browser setting. No data is shared with advertising networks.

We do not use third-party advertising or tracking cookies. We do not participate in cross-site tracking or targeted advertising networks.

You can configure your browser to reject cookies, but this may prevent you from using the Service.

8. Your Rights Under the Privacy Act 2020

Under the Privacy Act 2020, you have the right to:

  • Access your information (IPP 6): Request a copy of the personal information we hold about you
  • Correct your information (IPP 7): Request correction of inaccurate or incomplete information
  • Know how we use your information: Understand what information we collect and why (this policy)
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time
  • Data portability: Export your data in a machine-readable format
  • Account deletion: Request deletion of your account and associated data

To exercise any of these rights, please contact us at [email protected]. We will respond within 20 working days as required by the Privacy Act 2020.

9. Data Retention

We retain your personal information for as long as necessary to:

  • Provide you with the Service
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

When you delete your account:

  • Your content (domains, outcomes, experiments) is deleted within 30 days
  • Anonymised usage data may be retained for analytics
  • Backup copies are deleted within 90 days
  • Legal records may be retained as required by law

10. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page with an updated "Last updated" date
  • Sending you an email notification for significant changes
  • Displaying a notice within the Service

We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Complaints

If you have concerns about how we handle your personal information:

  1. Contact us first at [email protected]
  2. We will investigate and respond within 20 working days
  3. If unsatisfied, you may lodge a complaint with the Office of the Privacy Commissioner:

13. Contact Us

For any questions or concerns about this Privacy Policy or our data practices, please contact:

Kitty from Outer Space Ltd

Privacy Officer

Email: [email protected]

General enquiries: [email protected]

Location: New Zealand

Return to Home