PepprBook a pilot →

Privacy Policy

Last updated: 28 March 2026

1. Who we are

Peppr (“we”, “us”, “our”) is operated by Peppr Limited, a company registered in New Zealand (NZBN pending). We build tools that help teams work better by adapting workflows to how people think and process information.

This policy explains how we collect, use, store, and protect your personal information when you use our website (peppr.io) and our product. It applies to website visitors, pilot participants, and end users within organisations that use Peppr.

We are committed to complying with the New Zealand Privacy Act 2020 and the Information Privacy Principles (IPPs) it establishes.

2. What we collect

2.1 Website visitors

When you visit our website or submit our booking form, we may collect:

  • Contact information — your name, email address, company name, and team size.
  • Availability preferences — the time slots you select when booking a pilot.
  • Usage data — anonymised analytics about how you interact with our website, including pages visited, time on page, and referral source. We do not use this data to identify you personally.

2.2 Product users (pilot and beyond)

When your organisation uses Peppr, we process the following data to provide the service:

  • Messaging platform metadata — we access structural metadata from Slack and/or Microsoft Teams, such as message timestamps, channel membership, and response patterns. We do not read, store, or process message content. We only observe the shape of how your team communicates — not what they say.
  • Calendar event data — we access calendar metadata including meeting titles, attendee lists, meeting duration, frequency, and scheduling patterns. We use this to understand meeting load and structure. We do not access meeting notes, attachments, or recordings.
  • Preference survey responses— when team members complete Peppr's preference questions, we store their responses to personalise how the team's workflows are shaped. These responses describe how someone prefers to work — they are not assessments, diagnoses, or clinical data.

3. What we do NOT collect

We want to be explicit about what Peppr never does:

  • We never read, store, or analyse the content of your messages.
  • We never attempt to diagnose, screen for, or identify neurodivergent individuals.
  • We never share individual preference data with managers or other team members.
  • We never require disclosure of any cognitive trait, disability, or diagnosis.
  • We never sell personal data to third parties.

4. How we use your information

We use the information we collect to:

  • Respond to pilot enquiries and schedule conversations.
  • Provide the Peppr service — generating nudges, structuring agendas, and adapting workflows based on aggregated team patterns and individual preferences.
  • Improve and develop our product based on anonymised, aggregated usage patterns.
  • Send you product updates or information about Peppr, but only if you have opted in to receive communications.

5. Data ownership

Your organisation's data belongs to your organisation. Peppr processes it on your behalf to provide the service. Preference data provided by individual team members belongs to those individuals. We do not claim ownership of any customer data.

If your organisation ends its relationship with Peppr, we will delete all associated data within 30 days of the termination date, unless a longer retention period is required by law.

6. Data security

We protect your data using industry-standard measures, including:

  • Encryption in transit (TLS) and at rest.
  • Access controls limiting data access to authorised team members only.
  • Regular security reviews of our infrastructure and codebase.
  • Secure authentication for all integrations (OAuth 2.0 for Slack, Teams, and calendar providers).

7. Data retention

  • Website form submissions — retained for as long as needed to follow up on your enquiry, then deleted within 12 months.
  • Product data (metadata, preferences)— retained for the duration of your organisation's subscription, then deleted within 30 days of termination.
  • Anonymised analytics — retained indefinitely as they cannot be linked back to individuals.

8. Third-party services

We use the following third-party services to operate Peppr:

  • Resend — email delivery for contact form submissions.
  • Vercel — website hosting and deployment.
  • Slack API / Microsoft Graph API— to access workspace metadata with your organisation's authorisation.
  • Google Calendar / Microsoft Outlook API— to access calendar metadata with your organisation's authorisation.

Each of these providers operates under their own privacy policies. We select providers that maintain strong data protection standards.

9. Your rights

Under the New Zealand Privacy Act 2020, you have the right to:

  • Request access to the personal information we hold about you (IPP 6).
  • Request correction of any inaccurate personal information (IPP 7).
  • Ask us to delete your personal information.
  • Withdraw consent for us to contact you at any time.
  • Complain to the Office of the Privacy Commissioner if you believe your privacy has been breached.

To exercise any of these rights, email us at hey@peppr.io. We will respond within 20 working days.

10. Cookies

Our website uses only essential cookies required for the site to function correctly. We do not use tracking cookies, retargeting pixels, or third-party advertising cookies. If this changes in the future, we will update this policy and seek your consent where required.

11. International data transfers

Some of our third-party service providers operate outside New Zealand, including in the United States. Where data is transferred internationally, we ensure that appropriate safeguards are in place in accordance with the Privacy Act 2020 (IPP 12).

12. Children's privacy

Peppr is designed for use by organisations and their employees. We do not knowingly collect personal information from anyone under the age of 16. If we become aware that we have collected data from a minor, we will delete it promptly.

13. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. We will post the updated version on this page with a revised “last updated” date. If changes are material, we will notify affected users by email.

14. Contact us

If you have any questions about this privacy policy or how we handle your data, please contact us: