Skip to content
← True Delta

Privacy Statement

Last updated: 2026-07-10  ·  Version 1.1

This page explains what personal information True Delta collects, how we use it, and what rights you have over it.

1. Who we are

True Delta is currently operated by Cohen Allingham as a sole trader, based in Christchurch, New Zealand. A New Zealand company is in the process of being registered. When that registration completes, this statement will be updated promptly to reflect the new entity name and NZBN.

For the purposes of the New Zealand Privacy Act 2020, the data controller is Cohen Allingham trading as True Delta. For the purposes of the EU and UK GDPR where they apply, the same person is the data controller.

2. What personal information we collect

We collect or process information in the following situations.

When you book a call

We use Cal.com to let you book a call. When you book, we collect the details you enter, your name, email address, business name, and anything you choose to tell us about your business, along with the time you select. We use these to contact you, prepare for and hold the call, and manage any engagement that follows.

Aggregate website analytics

We use Vercel Web Analytics to measure aggregate site traffic (pages viewed, country of origin, device category, Web Vitals timings). Vercel Web Analytics does not use cookies. Unique visitors are identified by a hash derived from the incoming request, which Vercel automatically discards after 24 hours. See Vercel’s own description at vercel.com/docs/analytics/privacy-policy.

First-party site analytics

We also run our own first-party analytics, which record each page interaction as a separate event row rather than aggregate totals. The following fields are stored per event:

  • Event name (for example, “page_view”)
  • Timestamp
  • Session id, an anonymous identifier generated fresh in memory on each page load. It is not stored in a cookie, localStorage, or sessionStorage, and is not derived from your IP address or browser fingerprint.
  • Page path
  • Referrer (the URL you came from, if your browser sends one)
  • Marketing source, the value of a ?src= query parameter in the URL, if present

No name, email address, IP address, or other directly identifying information is collected or stored by this system.

Hosting logs

Our hosting provider (Vercel) retains standard request metadata, including IP address, user agent, and timestamps. This is normal infrastructure logging and is required to operate the site.

We do not load third-party advertising trackers, marketing pixels (LinkedIn Insight, Meta Pixel, Google Ads, etc.), or session replay scripts.

3. Why we collect it, and our lawful basis

Under the New Zealand Privacy Act 2020 (Information Privacy Principle 1) we collect booking details to respond to you and arrange the call, and analytics data to understand and improve the website. Both are necessary for those purposes.

Under the EU and UK GDPR (Article 6), where they apply:

  • Processing of booking details is based on legitimate interests (Article 6(1)(f)): responding to inbound business inquiries is a legitimate business interest, balanced against the limited privacy impact of processing the information you yourself chose to send.
  • Processing of analytics data is also based on legitimate interests for operating and improving the site. The analytics are cookieless and collect no personally identifying information; events are stored per interaction rather than as aggregate totals, using an anonymous in-memory session id that resets on each page load.

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects.

4. Who we share it with

The following parties act as processors on our behalf, under contractual safeguards in their respective Data Processing Agreements:

  • Cal.com (cal.com) processes your booking, including your name, email, business name, anything you tell us, and the time you choose, in accordance with their published privacy practices.
  • Vercel (vercel.com) provides hosting and analytics, and retains standard request logs. Vercel is certified under the EU-US Data Privacy Framework.
  • Neon (neon.tech) provides the Postgres database in which first-party analytics events are stored. Analytics data processed by Neon contains no personally identifying information, and Neon stores this data in the United States.

Beyond these processors, we keep your booking details in our own business records so we can follow up and manage the engagement. We do not sell, rent, or share your personal information for marketing purposes.

5. International transfers

Cal.com, Vercel, and Neon store and process data outside New Zealand, including in the United States. Under New Zealand IPP 12, these transfers are permitted because they act as service providers processing data on our behalf, and are bound by their Data Processing Agreements. Under GDPR Article 44 and following, the transfers rely on each provider’s data-transfer safeguards.

6. How long we keep it

  • Booking details are kept for 24 months from the date of last contact with you, then deleted, unless an engagement has resulted, in which case engagement records are kept for as long as required by NZ tax and business records law (typically seven years).
  • Vercel Web Analytics data is retained per Vercel’s own retention practices.
  • First-party analytics events (the per-event rows described in section 2) are retained for 12 months from the date of the event, then deleted.

You can ask us to delete your information earlier than this, subject to any legal records-retention requirement.

7. Your rights

Under the New Zealand Privacy Act 2020, you have the right to:

  • Ask what personal information we hold about you (access, IPP 6)
  • Ask us to correct it (IPP 7)
  • Ask us to delete it (where legally appropriate)
  • Complain to the Office of the Privacy Commissioner (privacy.org.nz)

We will respond within 20 working days of receiving a verified request, as required by the Privacy Act 2020.

Under the EU and UK GDPR, where they apply, you also have the rights of access, rectification, erasure, restriction, data portability, objection, and to withdraw consent where consent was the basis, and to lodge a complaint with your local supervisory authority. To exercise any of these rights, email cohen@truedelta.co.nz. We may need to verify your identity before responding.

8. Cookies

Our own site is designed not to set tracking cookies, and our analytics (both Vercel Web Analytics and our own first-party analytics) are cookieless. The Cal.com booking widget, which loads when you go to book a call, may set cookies or similar storage that are necessary to run the scheduling tool. See Cal.com’s privacy notice for detail. If we add any feature that requires further cookies, we will update this statement and add a cookie notice before activating it.

9. Data breaches

If we become aware of a privacy breach that is likely to cause serious harm, we will notify the Office of the Privacy Commissioner and any affected individuals as soon as practicable, in line with Part 6 of the Privacy Act 2020 (and GDPR Article 33, where applicable: within 72 hours of becoming aware).

10. Changes to this statement

If we change how we handle personal information, we will update this page, revise the “Last updated” date, and bump the version number.

11. Contact

For any question about this statement or your personal information: cohen@truedelta.co.nz

© 2026 Cohen Allingham