Last updated: 27 April 2026
Steady Finance Limited (we, us, our) complies with the New Zealand Privacy Act 2020 when dealing with personal information. Personal information is information about an identifiable individual.
This policy sets out how we collect, use, disclose, and protect your personal information when you use Steady. It does not limit or exclude your rights under the Privacy Act. For more information about the Act, see privacy.org.nz.
We may change this policy by posting an updated version at steady.nz/legal/privacy. The change applies from the date the updated policy is posted.
We collect personal information from you when you sign up, connect a bank account, use the app, or contact us. We also receive information from Akahu (your bank account data) and from Stripe (subscription billing data).
Specifically, we collect:
We use this information to:
We do not sell your personal information. We share it only with the providers we need to run the Service:
We may also disclose personal information when required by law (e.g. a regulator request or court order), to enforce our Terms, or in the event of a sale or merger of our business — in which case we will require the recipient to treat your data on terms at least as protective as this policy.
Some of our providers (Stripe, Clerk, Anthropic, Supabase, Cloudflare, Sentry, PostHog, Resend, Upstash) store and process data in the United States or other jurisdictions outside New Zealand. Under Information Privacy Principle 12 of the Privacy Act 2020, we only use providers we reasonably believe offer protections comparable to NZ law, either through their own privacy commitments or through their contracts with us.
When you sign up, you authorise us to use these providers to deliver the Service.
Steady uses standard industry security practices:
We will notify you and the Office of the Privacy Commissioner if a privacy breach has caused or is likely to cause serious harm, within the 72-hour window required by the Privacy Act 2020.
You have the right under the Privacy Act 2020 to:
We may charge a reasonable cost for fulfilling unusually large or repeated information requests, but only as permitted by the Privacy Act.
Steady uses strictly necessary cookies that are required to keep you signed in and to remember your preferences. These are always on.
We also use anonymous product analytics via PostHog (pageviews, button clicks, scroll depth — no financial data or personal information). PostHog runs by default under our legitimate interest in improving the product (NZ Privacy Act 2020 IPP 1, 10). You can click “Opt out” on the cookie banner at any time to stop all analytics; the banner reappears if you clear browser storage for steady.nz. Session recording is OFF by default and only enabled if you explicitly accept it on the banner.
If you're in the EU or UK: under GDPR / UK PECR, we ask for explicit opt-in for any non-essential cookies before they're set. Email hello@steady.nz if you believe an EU/UK visit didn't prompt the banner and we'll investigate.
We keep your personal information for as long as you have an account with us, plus the period required by law (e.g. Stripe records of transactions, NZ tax-record retention). When you delete your account, your Data is removed from our live database and from backups within 90 days. Anonymised and aggregated information may be kept indefinitely.
Steady is intended for adults (18+). We do not knowingly collect information from children under 18. If you believe a child has signed up for Steady, email us and we will delete the account.
For privacy questions, requests for access or correction, or to make a complaint, email hello@steady.nz.
This Privacy Policy is adapted from the Kindrik Partners (Simmonds Stewart) free Privacy Policy template (V2.1, 2022) and tailored to Steady's data flows. It is not a substitute for individualised legal advice.