Privacy and Security Center
We want you to feel secure knowing how and where your information in Hail is to be collected and used.
Your privacy and security are important to us.
Learn all about how Hail secures your data with industry-leading architecture, hosting and practices. Plus, discover handy features for protecting and ensuring your content is spot-on and what you can do to keep yourself and your organisation safe. Hail takes all the stress out of publishing on the web.
Privacy Policy
Below you will find our formal privacy policy, which contains all the important details. We’ve done our best to make this as clear as possible for you, and not include legal terms unless we need to.
If you are unclear about any part of this Privacy Policy, please contact privacy@hail.to.
Our Principles
Hail.IM Limited (Hail) is committed to protecting your privacy when using our Products and Services.
We recognise the importance of protecting the privacy of information collected about Users, in particular, information that is capable of identifying a User (Personal Information). Our approach to privacy is built around these three key principles:
- Transparency: We take an approach of being open, honest and transparent in how we use data and personal information.
- Security: We champion industry-leading approaches to securing the personal data entrusted to us.
- Stewardship: We accept the responsibility that comes with processing data.
1. Privacy Policy
Last update: February 2026.
1.1 Hail.IM Limited (Hail, we and us) is committed to protecting the personal information of you as a user of our website or application program (Platform).
1.2 In this privacy policy, we explain: (a) how and why we collect personal information; (b) how that information is stored; (c) how you can access and correct that information; and (d) when we might disclose personal information to other people.
1.3 This privacy policy does not limit or exclude any rights that you have or may have under the Privacy Act 2020 (Privacy Act).
2. Application of this Privacy Policy
2.1 This privacy policy applies whenever we collect personal information from you.
2.2 By accessing and/or using content and/or services offered by us (Services), you consent to the collection, use, disclosure, storage, and processing of personal information in accordance with this privacy policy.
3. Collection of Personal Information
3.1 We may collect the following personal information: (a) Your name, phone number, physical address, postal address, and email address. (b) Your username, password, and profile picture. (c) Metadata obtained through your use of our Platform, including your IP address, computer and connection information, referring web page, standard web log information, language settings, and timezone. (d) Your payment information, such as your credit or debit card details. (e) Any communication with us either directly, via phone or email. (f) Information about the device you use to access our Platform, including device identifier, device type, device plugins, and hardware capabilities. (g) Information obtained by or submitted to us from you through your use (or prospective use) of our Platform and the Services, including information and documents submitted by you, pages viewed, buttons clicked, viewing time, and keyword searches.
3.2 We may receive information about you through our Platform, applications, communication systems, or other communications.
3.3 We may also receive information about you from third parties, including in the following circumstances: (a) We may collect data from your accounts on other platforms that you give us permission to connect to. These platforms include, but are not limited to, Facebook, LinkedIn, and Google. You can stop us from collecting data from those other platforms by removing our access to the platform or by contacting us at support@hail.to; (b) Your payment provider may provide us with information about the payments you make; and (c) We may collect information from public sources.
3.4 If you choose not to provide information when we ask for it, then you may not be able to use the Services.
3.5 For account registration, we only require the following information from users:
- An email address, which must be valid and accessible, to allow for account verification
- A first and last name, which can be any name of the user’s choice and does not need to be accurate, as they can be pseudonyms or de-identified.
We do not require users to provide complete and accurate personal details beyond what is necessary for functionality and verification purposes.
4. Use of Personal Information
4.1 We use the personal information we collect about you: (a) To verify your identity. (b) To communicate with you in relation to the Services. (c) To market our Services to you, including contacting you electronically (for example, by text, email or an online messaging platform). (d) To collect money that is owed by you. (e) To co-operate with any government, industry, legislative or regulatory authorities. (f) To protect and/or enforce our legal rights and interests, including defending any claim. (g) For any other purpose authorised by you and/or the Privacy Act.
4.2 We reserve our right to use data (on an anonymous basis) in relation to your use of the Services for marketing and accounting purposes.
4.3 You may request that we stop sending marketing or promotional messages at any time, by contacting us at support@hail.to.
5. Cookies
5.1 We use cookies (being an alphanumeric identifier that we transfer to your computer’s hard drive so that we can recognise your browser) in order to monitor your use of our Platform.
5.2 You may disable cookies by changing the settings on your browser, although this may mean that you cannot use all of the features of our Platform.
6. Third party platforms
Our Platform provides:
6.1 Hail Assist (AI), the Hail Assist function provides Artificial Intelligence (AI) services in the platform.
6.2 You can elect to opt in to, or opt out of, the availability of the Hail Assist function on our Platform at any time.
6.3 Hail Assist utilises third-party platforms (including OpenAI or other forms of artificial intelligence) to generate written content, translate content and provide responses via a chatbot service.
When you use Hail Assist:
- No personal data is shared with AI vendors unless explicitly entered by the user.
- Responses and Prompts are not stored, retained, or used to train AI models.
- All outputs from Hail Assist are considered DRAFT, and it is recommended that content be reviewed prior to publication.
- Language conversions have been tested and approved for quality; however, users are solely responsible for reviewing all translated content before publication to ensure accuracy and appropriateness.
- Filters are applied to outputs to align with our brand tone and sector-specific context, including checks to minimise inappropriate language, such as profanity. However, final responsibility for content review remains with the user.
- We may change AI providers to ensure performance, security, or alignment with our ethical guidelines. These changes will be reflected in this policy.
6.4 Hail retains anonymised usage logs for diagnostic and performance monitoring only. No access is granted to specific prompt content or user data within prompts.
Note: We recommend users do not share personal, sensitive, or confidential information with Hail Assist. Your use of Hail Assist constitutes agreement with these terms.
6.5 Analytics
Hail uses Matomo to collect statistical information. This provides Hail customers with accurate information on who is accessing their content. Data collected is anonymised, and no personal identifiable information is shared. Data is stored in Amazon Web Services storage in the USA. The privacy policy of Matomo is adhered to at this link.
6.6 Data upload
Hail customers can choose to import contact information into Hail Mail. Hail uses FlatFile data importer. The service allows CSV data files containing a list of usernames (first name and surname) and email addresses to be imported into Hail Mail. Only the email address is required to complete a data import. The privacy policy of FlatFile will be adhered to. No data is stored in FlatFile, and data is kept in Hail.
Third Parties
6.6 Hail uses trusted third-party service providers to operate and deliver the Platform and related services. This includes providers used for:
- Payment processing (Windcave)
- Direct debit services (GoCardless)
- Billing and invoicing management (Xero)
- Cloud hosting, email delivery, analytics, and security services
These third parties may process personal information on Hail’s behalf solely for the purpose of providing their services to Hail and are contractually required to protect personal information in accordance with applicable privacy and security standards.
6.7 We have no control over the organisations operating any third-party platforms and websites, or their content.
6.8 Before you disclose your personal information to a third party we recommend you check its terms and conditions, including any privacy policy.
7. How we store and protect Personal Information
7.1 Our Platform provides a payment function which utilises Windcave, a Payment Card Industry Data Security Standard-compliant payment processor, to perform credit card transactions for the purpose of subscription billing.
7.2 Windcave will store your payment information in accordance with its terms and conditions, including its privacy policy, and will charge your credit card (following our instructions) to pay subscription invoices. We will store the following information so you can identify which credit card you have used: (a) the cardholder’s name; (b) the last two digits of the credit card; and (c) the expiry date of the credit card.
7.3 We will only instruct Windcave to charge your credit card for invoices issued in relation to a subscription to our Services
8. Payment
8.1. Hail uses approved third-party payment and billing providers to process subscription payments and manage invoicing.
8.2. Credit and Debit Card Payments
For credit and debit card transactions, Hail uses Windcave, a Payment Card Industry Data Security Standard (PCI DSS) compliant payment processor. Windcave may store limited card information on our behalf (such as cardholder name, last two digits of the card, and expiry date) to facilitate recurring billing. Hail does not store full card numbers.
8.3. Direct Debit Payments
For direct debit payments, Hail uses GoCardless. When you authorise a direct debit mandate, GoCardless collects and processes bank account details required to establish and manage the payment authorisation. Hail may store limited reference information associated with your mandate (such as mandate ID and account name), but does not store full bank account credentials outside of secure authorised systems.
8.4. Invoice Payments
For invoicing and billing administration, Hail uses Xero. When you elect to pay by invoice, we collect and store billing contact details including organisation name, billing address, invoicing contact name, email address, and phone number. This information may be processed and stored within Xero for accounting, invoicing, reconciliation, and compliance purposes.
8.5. Purpose of Use
Payment and billing information is used solely for the purposes of:
- Processing payments
- Managing subscriptions and renewals
- Issuing invoices and receipts
- Communicating about billing matters
- Meeting legal and accounting obligations
8.6. Data Protection
Hail takes reasonable technical and organisational measures to protect payment-related personal information from unauthorised access, misuse, loss, or disclosure. Payment and billing information is retained only for as long as required to meet contractual, accounting, and legal obligations.
8.7. Third-Party Processing
By using Hail’s payment services, you acknowledge that your payment information will be processed by Windcave, GoCardless, and Xero in accordance with their respective privacy policies and security frameworks. Some payment and billing data may be processed or stored outside New Zealand by these providers, subject to contractual and security safeguards consistent with this Privacy Policy.
9. Disclosure of Personal Information
9.1 Unless expressly authorised to do so by you or under this privacy policy, we will not disclose any of your personal information to any third party except where the disclosure relates to the purposes for which the information was collected (as stated in clause 4 above) or where it may be required by law to do so.
10. Storage of Personal Information
10.1 We will take all reasonable steps to ensure the personal information collected, used or disclosed in accordance with this privacy policy is stored in a secure environment protected from unauthorised access, modification or disclosure.
10.2 When you use our Platform or the Services, your personal information may be transferred to our related companies outside New Zealand (if applicable). We may also engage service providers for the purposes outlined in this policy that are located outside New Zealand, such as service providers that host or maintain any underlying IT system or data centre that we use to provide our Platform and the Services. We take all reasonable steps to ensure that your personal information held outside New Zealand is secure and held in compliance with this privacy policy. For example, when we engage service providers located outside New Zealand, we ensure that our contractual terms require the service providers to protect the information provided to them.
10.3 We will hold personal information collected in accordance with this privacy policy both before and after the provision of Services to you, but only for so long as we are legally entitled to do so, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate period of time to hold your personal information, we consider the amount, nature and sensitivity of your personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting and other requirements.
11. Accessing Personal Information
11.1 You have the right to access and correct personal information held by us by contacting us at privacy@hail.to.
11.2 In particular, you have the following rights in relation to your personal information: (a) To request access to your personal information. (b) To request a correction to your personal information. (c) To request the deletion or removal of your personal information. (d) To object to the processing of your personal information. (e) To request a restriction on the processing of your personal information. (f) To request a transfer or your personal information to you of a third party. (g) To withdraw consent to the use of your personal information.
11.3 In many cases, you may also update the information we hold about you, such as your contact details and password, by logging in and updating the information in your account.
12. Incident Management
12.1 In the event of a major business incident, Hail is committed to promptly and effectively responding to mitigate the impact on information systems, data, and overall business operations. A major business is defined as any unauthorized access, disclosure, disruption, modification, or destruction of information systems or data. Customers are to raise any incidents via support@hail.to.
12.2 Notification and Communication. Upon detection of a cyber incident, the designated Incident Response Team (IRT) at Hail will be activated to assess and respond to the threat. This will be led by the General Manager or a nominated representative.
12.3 Containment, Eradication and Communications. The IRT will take immediate steps to contain and mitigate the impact of the incident. A communication strategy will be implemented to manage both internal and external messaging during and after the incident.
12.4Legal and Regulatory Compliance. Hail will comply with all.
13. Amendments to this Policy
13.1 We reserve the right to make changes to this privacy policy by uploading an updated privacy policy on our Platform. You will be bound by the privacy policy that is in effect at the time you access and/or use the Services. Your continued use of the Services represents your agreement to be bound by the privacy policy as amended. If you do not agree with our amended privacy policy, you must stop using our Services.
14. Severability
14.1 If any part of this privacy policy is not enforceable for any reason, whether under the Privacy Act or any other applicable law, that part will be deleted and the rest of this privacy policy will continue to apply.
15. Artificial Intelligence (AI) Ethics and Use
15.1 Hail is committed to the ethical and responsible use of AI.
Our approach includes:
- Applying industry best practices and regulatory compliance (e.g., Privacy Act 2020) when selecting and configuring AI services.
- Using technical middleware to filter, shape, and test AI outputs before they are made available in our platform.
- Ensuring user choice: Hail Assist is entirely optional and can be enabled or disabled at any time.
- Logging usage data (excluding prompt content) for monitoring and issue resolution.
- Developing and adhering to our own AI Ethics Guidelines to ensure transparency, fairness, and accountability in all AI-supported services.
15.2 Any significant changes to how we use artificial intelligence will be communicated through updates to this privacy policy and, where applicable, direct notice to users.
15.3 Hail disclaims all responsibility and liability for content generated by third-party artificial intelligence platforms, tools, or services accessed through or in connection with our platform, including but not limited to the accuracy, completeness, appropriateness, or legality of such AI-generated content. Users acknowledge that they access and rely on such third-party AI-generated content at their own risk.
Systems Security
Hail is built with modern software to strict industry standards and runs on the most extensive, reliable, and secure global cloud infrastructure. Read on for details on how we keep Hail secure and get an overview of our privacy policies.
We’ll never sell your data
Hail is a monthly subscription-based service, so we don’t rely on any advertising or data revenue. This means we’re completely self-sufficient and will never sell your data, contacts or content.
You own all the content you add and publish with the platform. Plus, we make it completely seamless to add your brand to all published formats, along with all author and photographer details to ensure transparency of ownership.
You have full control of your account
You control what personal information you give us and can request it to be removed from our servers at any time. To sign up, we only require a bare minimum of info, being an account name and email address.
Passwords are encrypted on our server so not even our engineers can access them. And you have the option to sign in with other secure platforms like Google, Facebook and Microsoft, which provide the ability to revoke sign-ins remotely.
The most secure global cloud infrastructure
Hail runs on AWS, Amazon Web Services, recognised as the global leader in cloud computing and renowned for its security and compliance. You can read their security statements here.
Hail’s compliance with third parties
Hail integrates with key third-party platforms, such as Facebook, Instagram, LinkedIn, WordPress, Wonde, Mailchimp, Hero, Kamar and others. In all cases, they have their own strict privacy policies that we must adhere to and stay compliant with.
Whenever the access the third party provides is more than Hail requires, we only sync the bare minimum in order to accurately publish to the integration.
Content Protection
Hail has been designed to keep your content secure and put you in control over where and how it’s shared. Hail uniquely allows you to remove information that has been posted online and ensure that you maintain the highest level of privacy.
Powerful centralised control of your content
All published content can be updated on the fly, at any time and on any device. Plus, if anything inaccurate is ever posted from Hail, you can take it offline with one button. By simply unpublishing an article or image it’ll be removed immediately from everywhere it was shared on the web, including your Hail newsletters and website. And any emails or social posts linking to the article will no longer open.
Protecting your content with Hail
Hail uses SSL certificates to ensure secure, encrypted transmission of information for websites and everything published on our platform.
Have sensitive content that you don’t want accessible by the whole world? With Hail, you can publish to a select group by protecting a publication with a password.
All your content in Hail is backed up daily and we run regular recovery drills to ensure data integrity.
Block search indexing for added privacy
Hail allows you to block your publications from being indexed by Google and other search engines. This means that you’re free to share updates and newsletters the same as always with your community, but don’t need to worry about Google reading and displaying your content and images in their search results.
Content licensing and privacy policies
Hail gives you complete control over how your content is licensed. We provide licenses from Fully Copyrighted to Public Domain and a complete range of Creative Commons licenses to choose from.
Hail’s Settings also allows you to add your own Privacy Policy which will be linked in the footer of everything you publish with Hail. This ensures your organisation is always completely transparent with how it gathers, uses and publishes its content.
Any Questions?
We’re here to help! Just get in touch with our famously friendly support team or check out our Help Centre at your leisure.
What can I do to keep myself and my organisation extra safe?
There are actually many little things you can do that will have a huge impact on security and privacy…
We’ll never sell your data
Be wary of any suspicious emails trying to get you to sign into your account. All emails from us are fully-branded, consistent in appearance and we’ll never ask for your account credentials.
Also, be careful with attachments, some may lead to installing viruses.
When signing into Hail, you should always be on the hail.to domain with the lock symbol signifying that it’s a secure, encrypted connection.
Use strong and unique passwords. Passwords should be at least 12 characters long using a combination of letters, numbers, cases, and symbols. And each website you sign into should have its own so that if it’s hacked and emails/passwords stolen, they can’t be used on other sites.
Make sure all your devices, like laptops, desktops, tablets and phones, are up‑to‑date with the latest version of the operating system, security updates and antivirus software if running Windows.
