← Back to Hosti

Privacy Policy

Version 1.1  ·  Effective Date: 11 November 2025  ·  Entity: Hosti Limited, a New Zealand Limited Liability Company (a subsidiary of Stack Mosaic Ltd)

1. Introduction

Hosti and related modules ("we," "us," "our," or "the Platform") are operated by Hosti Limited, a subsidiary of Stack Mosaic Ltd, incorporated in New Zealand and subject to New Zealand's Privacy Act 2020.

This Privacy Policy sets out how we collect, use, store, transfer, and safeguard personal and operational information when you use our Platform. It is written for transparency and legal compliance, and is intentionally comprehensive. If you do not agree with the terms of this Privacy Policy, you should not use the Platform.

2. Scope of this Policy

This Policy applies to all users of the Hosti Platform, including venue operators (bars, restaurants, cafés, caterers, multi-site groups), authorised staff members (managers, bar staff, kitchen staff, administrative staff), organisation-level administrators and accountants, and any third party whose information may be entered into the Platform (e.g. staff rosters, compliance logs).

It covers data collected directly from you, data generated automatically by system telemetry, data uploaded or input by Users, and data received from third parties (e.g. suppliers, payment processors, or integrated services). It does not cover independent websites linked from within the Platform, data collected by third-party services accessed separately from Hosti, or non-digital interactions with Hosti Limited unless explicitly stated.

3. Data Collection

At sign-up we present a brief privacy notice that links to this Policy and summarises what we collect, why, and your key rights.

3.1 Data You Provide Directly

  • User and account details (names, email addresses, phone numbers, user roles, and associated business identifiers such as NZBN or GST number).
  • Venue information (venue name, trading name, addresses, logos, colour schemes).
  • Subscription, billing, and payment details.
  • Inventory inputs, stock levels, recipes, compliance logs, and audit trails.
  • Any content you upload (photos of stock, invoices, documents, custom forms).

3.2 Data We Collect Automatically

To improve performance and maintain audit reliability, we automatically capture telemetry data such as frequency and number of stocktakes per venue, reports generated and whether they were opened or exported, user logins and authentication events, module navigation flows, and device and session data (IP address, browser type, operating system, language setting, screen resolution).

3.3 Data You Upload or Generate

You may upload or generate additional content, including SKU entries and item metadata, menu items linked to recipes, images of stock or invoices, annotations or notes made during stocktakes or reports, and custom documents uploaded into compliance modules.

3.4 Data About Other People

Authorised Users may enter information about staff, contractors, or third parties, including names, roles, shift details, employee IDs, or email addresses. We do not attempt to identify individual end customers or patrons. Data concerning customer purchases is handled at an anonymised, aggregated level.

If you provide personal data about staff or contractors, you confirm you are authorised to do so and that you have obtained the necessary consent or legal basis. Venue operators must ensure a lawful basis to collect staff information and must provide staff with an appropriate privacy notice.

3.5 Device and Location Data

We may collect device and network information, including browser type, operating system, device identifier, IP address, and approximate geolocation (city-level, not precise GPS). We currently do not track full GPS coordinates or real-time user movement. If a future module requests such permissions, you will be explicitly notified and given the option to consent. We do not use invasive session replay tools, heatmaps, or third-party tracking scripts without consent.

4. Persistent Identifiers and User Profiles

Each User of the Platform is assigned a unique internal identifier. This allows us to manage access permissions, maintain audit trails, track session continuity across devices, and support multi-venue users. Future development may include portable user profiles across different product suites. Where this occurs, you will be notified in advance and given control over which data can be linked or shared. We do not sell or expose usage profiles to third parties. We do not use persistent identifiers for behavioural advertising.

5. Use of Data for Product Improvement and Automation

We actively use collected data to maintain, improve, and extend the Platform, including monitoring system performance, identifying bottlenecks or under-utilised features, prioritising development of new features, and analysing usage patterns across venues, sectors, and regions.

We also use anonymised or aggregated data to trigger automated insights and nudges inside the Platform, predict business trends such as stock depletion cycles, and provide benchmarking comparisons against similar venues — while ensuring individual operators cannot be identified.

6. In-App Assistance and Automation

The Platform includes in-app assistance features. Interactions with these features may be logged and analysed for improving contextual accuracy of responses, developing new automation features, identifying recurring patterns of confusion or frustration, and enhancing forecasting and predictive models.

  • We do not use identifiable business data to train third-party AI systems.
  • We do not sell prompt content, conversation transcripts, or logs.
  • Interaction data is used exclusively for internal system improvement.

7. Interaction Logs and Prompt Analysis

We log and categorise in-app support interactions. Logged elements may include the text of prompts, questions and responses, associated timestamps and session identifiers, and frequency and category of interactions. We do not manually monitor conversations unless an issue is flagged or escalated for support. Reviews are conducted in aggregate, not at an individual user level. Logs are secured with access restrictions and audit controls. We do not publish or resell transcripts.

8. Use of Real Data in Testing and Quality Assurance

To ensure the Platform reflects the complexity of real-world hospitality operations, we may use portions of actual customer data in internal testing and QA environments.

  • Redaction and anonymisation: Business identifiers and personal details are stripped or masked wherever possible.
  • Segmentation: Data is subsetted and compartmentalised to prevent the recreation of full customer profiles.
  • Restricted access: Only authorised Hosti Limited personnel directly involved in product development or QA are permitted access.
  • No external use: Real data is never used in sales demonstrations, external training, or marketing collateral unless you provide explicit written permission.

9. Anonymised and Aggregated Data Sharing

We may share or license anonymised, aggregated insights derived from Platform data for purposes such as industry benchmarking and research, policy development and regulatory reporting, insurance or financial risk modelling, commercial partnerships, and academic research. We apply aggregation thresholds to ensure no single business or venue can be identified. We do not share, sell, or license identifiable customer or staff information under any circumstances.

10. Third-Party Services and Analytics

The Platform relies on third-party service providers for infrastructure, analytics, and payment facilitation:

  • Firebase (Google Cloud) — authentication, data storage, database, analytics.
  • Stripe — billing and payment processing.
  • Analytics platforms — Google Analytics, Mixpanel, or equivalent.
  • Error monitoring — Sentry or equivalent.

We select providers that comply with industry-standard security frameworks (e.g. ISO 27001, SOC 2, PCI DSS) and ensure providers are contractually bound as data processors acting only on our instructions. A current list of our core subprocessors is available on request at office@hosti.co.nz. For personal data your organisation enters about staff or third parties, we generally act as a processor on your organisation's instructions.

11. Data Hosting, Storage, and International Transfers

Customer data is stored in Firebase cloud infrastructure (Google Cloud). At deployment, Hosti Limited selects regional hosting (e.g. New Zealand or Australia) where technically and commercially viable. Some data may be hosted in other regions for load balancing, redundancy, or service availability.

Because we rely on global infrastructure and vendors, your personal data may be transferred across borders. We will not disclose personal information to an overseas recipient unless we reasonably believe the recipient is subject to comparable safeguards to the New Zealand Privacy Act 2020, or we have put in place contractual protections such as the EU Standard Contractual Clauses. All transfers are encrypted in transit using HTTPS/TLS.

12. Security and Encryption

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (HTTPS).
  • Encryption at rest: All customer data stored in Firebase is encrypted at rest using AES-256 or equivalent Google Cloud protocols.
  • Access control: Production systems are accessible only to authorised Hosti Limited personnel.
  • Audit logs: We maintain secure audit trails of administrative actions.
  • Penetration testing: We conduct regular vulnerability assessments.
  • Incident response: We maintain a breach response plan covering detection, containment, notification, and remediation.

12.1 Notifiable Privacy Breaches

We assess suspected privacy breaches promptly. If a breach is likely to cause serious harm, we will notify affected individuals and the Office of the Privacy Commissioner as soon as practicable, in accordance with the Privacy Act 2020.

13. Access Controls and User Permissions

The Platform is designed with role-based access controls (RBAC) to ensure data visibility and editing rights are consistent with operational roles. Access levels currently supported include Staff Users, Managers, Venue Admins, and Organisation Admins.

Accounts that fail payment are switched to read-only mode. Only the Venue Admin retains login access. Historical data remains viewable and exportable. New entries, edits, or stocktakes are disabled until payment is restored.

Controller contact (GDPR/UK GDPR): Stack Mosaic Ltd (parent entity) is the data controller. Contact: office@hosti.co.nz

14. Access, Export, and Deletion of Data

We provide built-in export functions so Account Owners and Venue Admins can extract their data at any time, including stocktake history, report outputs, operational logs, and user activity summaries. Data deletion requests can only be initiated by the Account Owner or Venue Admin.

14.1 Retention Principle

We retain personal information only for as long as necessary for the purposes set out in this Policy or as required by law.

14.2 Typical Retention Periods

  • Venue operations records (stocktakes, audit trails): 3 years
  • Billing and tax records: 7 years
  • Authentication and access logs: 12 months
  • Support tickets and communications: 24 months

14.3 Deletion on Request

Account Owners or Venue Admins may request deletion at any time by contacting office@hosti.co.nz or via the in-app account deletion function. For EU/UK residents we will honour erasure requests unless a lawful basis to retain applies.

15. Editing of Stored Information

Once a stocktake has been formally submitted, its records are locked to ensure audit reliability. Significant edits are logged with timestamps and attributed to the specific User.

16. Account Deletion and Data Lifecycle

Account deletion may occur at the direct request of the Account Owner (via in-app deletion or verified written request to office@hosti.co.nz), after 12 consecutive months without subscription payment, or as required by law.

  • Dormancy: Accounts with lapsed subscriptions are placed in read-only mode.
  • Inactivity timer: After 12 months of inactivity, the Account is flagged as dormant.
  • Export opportunity: Prior to permanent deletion, Owners/Admins may export their data.
  • Deletion: At the conclusion of the retention period, we permanently delete account data from live systems and backups, or anonymise it irreversibly.
  • Post-deletion: Certain anonymised operational data (e.g. aggregated benchmarks) may be retained for research and development.

Mobile applications provide an in-app account deletion option, in compliance with Apple and Google requirements. Deleting your account in-app will not cancel recurring payments through app stores — users must cancel subscriptions via their Apple or Google account settings.

A permanent link to this Privacy Policy is available in-app under Settings > Privacy.

17. Cookies and Tracking Technologies

  • Essential cookies — manage login sessions, authentication tokens, and fraud detection.
  • Analytics cookies — measure navigation flows, performance metrics, and aggregated usage statistics.
  • Payment-related cookies — set by Stripe to process secure transactions.
  • Performance trackers — measure form completion rates, click paths, error retries, and feature adoption.
  • Marketing cookies (future) — may be introduced to support campaign measurement. You will be notified if these are enabled.

For EU/UK users, we request explicit consent before setting non-essential cookies. You may withdraw or update your cookie preferences at any time in-app or via your browser. Essential cookies cannot be disabled. We do not use cookies for invasive profiling or behavioural advertising.

18. Legal Basis for Processing

  • Consent — where you voluntarily provide data.
  • Contractual necessity — where processing is required to deliver the services you have subscribed to.
  • Legitimate interests — where processing serves operational improvement, fraud prevention, or system security.
  • Legal obligations — where required to comply with applicable laws.

For EU/UK users, processing is carried out in strict accordance with GDPR Article 6. For California and US state users, processing is carried out in line with CCPA/CPRA obligations.

19. Your Rights and Controls

General Rights (All Users)

  • View and export account data via in-app tools.
  • Update or correct editable profile information.
  • Request deletion after retention thresholds via office@hosti.co.nz.
  • Configure dashboard, module, and notification preferences.

Additional Rights for EU/UK Users (GDPR)

If you are located in the European Union or United Kingdom, you are entitled to access, rectification, erasure, restriction of processing, data portability, objection to processing, withdrawal of consent, and the right to lodge a complaint with your local data protection authority.

Additional Rights for California and US State Residents (CCPA/CPRA)

If you are a resident of California, Colorado, Virginia, Connecticut, or another US state with equivalent laws, you are entitled to the right to know, right to delete, right to opt-out of sale/sharing, right to correct, and right to limit use of sensitive personal information. Requests can be made by contacting office@hosti.co.nz.

20. Children

The Platform is not designed for, nor directed at, children under the age of 16. We do not knowingly collect or process personal information from minors. If we discover that personal data relating to a minor has been inadvertently entered into the Platform, we will securely isolate and flag the record, notify the Account Owner, and permanently delete or anonymise the information. Parents or guardians may contact office@hosti.co.nz to request removal.

21. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notifications or by email to Account Owners. The updated version of this Policy will always be available at www.hosti.co.nz/legal/privacy. Continued use of the Platform after notification constitutes acceptance of the updated Policy.

22. Governing Law and Compliance

This Privacy Policy, and any disputes arising from it, are governed primarily by the laws of New Zealand, including the Privacy Act 2020. We also recognise the extraterritorial application of GDPR (EU and UK), CCPA/CPRA and US state laws, and other local privacy regimes. Nothing in this Policy limits your non-waivable rights under local laws.

23. Contact Information

Hosti Limited appoints a Privacy Officer responsible for compliance with the New Zealand Privacy Act 2020 and for responding to privacy requests.

We are committed to responding to all verified requests within 30 days, unless local law requires a shorter period. Where requests are complex, we may extend the response time by up to a further 60 days, in line with GDPR Article 12.

If you are dissatisfied with our handling of your data, you may lodge a complaint with:

  • NZ: Office of the Privacy Commissioner (www.privacy.org.nz)
  • EU/UK: Your local supervisory authority (edpb.europa.eu)
  • US: Your state Attorney General's office or equivalent agency

24. California Privacy Notice (CCPA/CPRA)

We collect the following categories of personal information from California residents: identifiers (e.g. name, email), commercial information (subscription details), internet/network activity (device and telemetry), and professional or employment-related information (staff roles entered by customers). We use this information to provide and secure the Platform, for analytics, support, and compliance.

Sale/Share: We do not sell or share personal information for cross-context behavioural advertising.

Opt-out: California residents may exercise the "Do Not Sell or Share My Personal Information" right by emailing office@hosti.co.nz with the subject line 'CCPA Opt-Out'.

Non-discrimination: We will not deny services, charge different prices, or provide a different level of services because you exercised your rights.

How to exercise rights: Email office@hosti.co.nz. We will verify your identity and respond within the timelines required by law.