Denizen

Privacy Policy

Last updated: March 5, 2026

1. Introduction

Denizen Coverage Reports ("we", "our", or "us") operates an internal reporting application that aggregates and displays coverage metrics for clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application.

By using our application, you consent to the data practices described in this policy. If you do not agree with the practices described in this policy, please do not use our application.

2. Information We Collect

2.1 User Account Information

  • Email addresses (collected via Google OAuth authentication)
  • User roles and permissions
  • Account creation and last login timestamps

Note: Access to this application is restricted to users with email addresses ending in @notoriety.co.nz. We do not collect passwords as authentication is handled through Google OAuth.

2.2 Client Data

  • Client names and identifiers
  • Client slugs (URL-friendly identifiers)
  • Client logos and branding materials
  • Client status (active/inactive)

2.3 Content and Feature Data

  • Articles, posts, reels, emails, and print features
  • Content titles, publication dates, and source URLs
  • Content status (draft, published, archived)
  • Platform-specific identifiers (Instagram, Campaign Monitor, WordPress, Meta Ads)
  • Email HTML content (for stable rendering of email campaigns)
  • Print-specific metadata (issue numbers, page numbers, print runs)

2.4 Metrics and Analytics Data

  • Google Analytics (GA4): Pageviews, average engagement time, and other website analytics
  • Meta/Facebook: Post engagement metrics, reach, impressions, likes, comments, shares
  • Instagram: Post metrics, reach, impressions, engagement data
  • Meta Ads: Ad spend, impressions, reach, clicks, conversions, CTR, CPC, CPM, video views, and other advertising metrics
  • Campaign Monitor: Email opens, clicks, bounces, unsubscribes, and other email campaign metrics

All metrics are stored as daily snapshots with timestamps indicating when the data was captured.

2.5 Automatically Collected Information

  • Session information and authentication tokens (via NextAuth)
  • Usage patterns and application access logs
  • Error logs and debugging information

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Operation: To provide, maintain, and improve our reporting application
  • Client Reporting: To generate and display coverage reports for clients
  • Analytics and Insights: To analyze content performance across multiple platforms
  • Authentication: To verify user identity and manage access to the application
  • Data Synchronization: To sync data from third-party platforms (Meta, Google Analytics, Campaign Monitor, WordPress)
  • Technical Support: To troubleshoot issues and provide technical assistance
  • Compliance: To comply with legal obligations and protect our rights

4. Data Sharing and Third-Party Services

4.1 Meta/Facebook Integration

Our application integrates with Meta's (Facebook) Graph API to access and display:

  • Facebook Page posts and engagement metrics
  • Instagram posts and insights
  • Meta Ads performance data and metrics

Permissions Used: Our application requests the following Meta API permissions:

  • ads_read - To read advertising account and ad performance data
  • pages_read_engagement - To read Facebook Page posts and engagement
  • read_insights - To read Facebook Page insights and analytics
  • instagram_basic - To read basic Instagram account information
  • instagram_manage_insights - To read Instagram post insights and metrics

Data accessed from Meta is used solely for generating client reports and is stored in our database. We do not share this data with third parties except as described in this policy.

4.2 Other Third-Party Services

  • Google OAuth: For user authentication. Google's privacy policy applies to authentication data.
  • Google Analytics (GA4): We access GA4 data via the Data API to retrieve pageview and engagement metrics. Google's privacy policy applies.
  • Campaign Monitor: We access email campaign data and metrics via Campaign Monitor's API. Campaign Monitor's privacy policy applies.
  • WordPress: We access article content and metadata via WordPress REST API. WordPress privacy policies apply.
  • Supabase: Our database hosting provider. Supabase's privacy policy applies to data storage.
  • Vercel: Our application hosting and image storage provider. Vercel's privacy policy applies.

We do not sell, rent, or trade your personal information to third parties. We only share data with third-party service providers as necessary to operate the application.

5. Data Storage and Security

5.1 Data Storage

  • Database: Data is stored in Supabase (PostgreSQL database) hosted on secure servers
  • Images: Print images and other media files are stored in Vercel Blob storage
  • Application Hosting: The application is hosted on Vercel's infrastructure

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Authentication via Google OAuth (no password storage)
  • Domain-restricted access (@notoriety.co.nz email addresses only)
  • Encrypted data transmission (HTTPS)
  • Database access controls and row-level security policies
  • Secure API token storage (environment variables)
  • Regular security updates and monitoring

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • User Accounts: Retained while the account is active and for a reasonable period after deactivation
  • Client Data: Retained while the client relationship is active
  • Metrics Data: Retained for historical reporting purposes (typically 18-24 months)
  • Content Data: Retained while relevant to active client reporting

You may request deletion of your data at any time (see Section 8: Your Rights).

7. Cookies and Authentication

Our application uses session-based authentication via NextAuth. We use secure HTTP-only cookies to maintain your authentication session. These cookies are essential for the application to function and cannot be disabled.

We do not use tracking cookies or third-party advertising cookies. We do not use cookies to track your activity outside of our application.

8. Your Rights

You have the following rights regarding your personal information:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (see Section 9)
  • Objection: Object to processing of your personal information
  • Data Portability: Request a copy of your data in a portable format

To exercise these rights, please contact us using the information provided in Section 11.

9. Data Deletion Instructions

If you wish to request deletion of your personal data or any data associated with your account, please follow these steps:

  1. Send an email to pablo@thedenizen.co.nz with the subject line "Data Deletion Request"
  2. Include the following information in your email:
    • Your full name
    • Your email address associated with the account
    • Clear statement that you wish to delete your data
    • Any specific data you want deleted (if not all data)
  3. We will verify your identity and process your request within 30 days
  4. You will receive confirmation once your data has been deleted

Note: Some data may be retained if required by law or for legitimate business purposes (e.g., financial records). We will inform you if any data cannot be deleted and the reason why.

10. Children's Privacy

Our application is intended for internal business use only and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Updating the "Last updated" date at the top of this policy
  • Posting a notice in the application (for significant changes)
  • Sending an email notification (for material changes)

Your continued use of the application after any changes constitutes acceptance of the updated policy.

12. Third-Party Privacy Policies

For more information about how third-party services handle your data, please review their privacy policies:

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: pablo@thedenizen.co.nz

Subject Line: Privacy Policy Inquiry

We will respond to your inquiry within 30 days.

14. Governing Law

This Privacy Policy is governed by the laws of New Zealand. Any disputes arising from this policy or your use of the application will be subject to the exclusive jurisdiction of the courts of New Zealand.

← Back to Login