Cradle

Privacy Policy

Last updated: 21 January 2026|Version: 70fe8455

This Privacy Policy explains how Cradle Limited (“Cradle”, “we”, “us”, “our”) collects, uses, discloses and protects personal information.

This Privacy Policy applies to:

  • visitors to our websites;
  • customers who contract with us; and
  • individuals whose personal information is processed through our services.

This Privacy Policy does not limit or exclude any rights you have under applicable privacy laws.

1. Compliance With Privacy Laws

We comply with applicable privacy and data protection laws, including:

  • the New Zealand Privacy Act 2020;
  • the Australian Privacy Act 1988;
  • the EU General Data Protection Regulation (GDPR); and
  • the UK GDPR.

2. Controller And Processor Roles

2.1 When Cradle acts as a controller

Cradle acts as a data controller where we collect and process personal information for our own purposes, including:

  • operating our websites;
  • managing customer relationships;
  • billing and payments;
  • marketing and communications; and
  • improving and securing our services.

This Privacy Policy applies to that processing.

2.2 When Cradle acts as a processor

Where our customers upload or otherwise provide personal information to the Cradle service for use as part of their business communications (“Customer Data”), our customers act as the data controller, and Cradle acts as a data processor (or service provider).

That processing is governed by:

  • the Cradle Terms of Use; and
  • the Data Processing Agreement (DPA), which forms part of the contract between Cradle and the customer.

If you have questions about Customer Data processed on behalf of a customer, you should contact that customer directly.

3. Personal Information We Collect

3.1 Information collected directly

We may collect personal information including:

  • name, email address, phone number;
  • business name, address and registration details;
  • login and account credentials;
  • billing and payment information;
  • communications with us; and
  • information you choose to provide.

Payment card information is processed by third-party payment providers. We do not store full card details.

3.2 Information collected automatically

When you use our websites or applications, we may collect:

  • IP address and device identifiers;
  • browser and operating system information;
  • usage data, logs and diagnostics; and
  • cookies and similar technologies.

See Section 10 (Cookies) below.

3.3 Information from third parties

We may receive personal information from:

  • authentication providers (e.g. Google or Microsoft);
  • publicly available sources; and
  • third parties authorised by you.

4. How We Use Personal Information

We use personal information to:

  • provide and operate our services;
  • verify identity and manage accounts;
  • communicate with customers and users;
  • bill and collect payments;
  • improve, secure and develop our services;
  • conduct research and analytics on an anonymised and aggregated basis;
  • comply with legal obligations; and
  • protect our legal rights.

5. Emergency Calling Notice

Cradle provides a cloud-based VoIP service. It is not a replacement for a traditional fixed-line or mobile telephone service.

Emergency calling availability varies by country, configuration and third-party carrier capability. Emergency calls made using VoIP services may not connect, may be delayed, or may not provide accurate location information.

We strongly recommend that users rely on a mobile phone or alternative telephone service for emergency calls.

Further information is set out in our Terms of Use.

6. Disclosing Personal Information

We may disclose personal information to:

  • service providers and subprocessors who support our services;
  • payment processors;
  • professional advisers;
  • regulatory or law enforcement authorities where required by law; and
  • third parties in connection with a business transaction.

We require service providers to protect personal information appropriately.

7. International Data Transfers

Personal information may be processed in New Zealand and other countries where we or our service providers operate.

Where required by law, we implement appropriate safeguards for international transfers, including reliance on:

  • adequacy decisions; or
  • standard contractual clauses or equivalent mechanisms.

8. Data Retention

We retain personal information only for as long as necessary to:

  • provide our services;
  • meet contractual obligations;
  • comply with legal requirements; or
  • resolve disputes.

Customer Data processed under the DPA is retained and deleted in accordance with the Terms of Use and the DPA.

9. Security

We implement appropriate technical and organisational measures to protect personal information from unauthorised access, loss or misuse.

No system is completely secure. You are responsible for keeping account credentials confidential.

10. Cookies And Tracking

We use cookies and similar technologies to:

  • operate our websites;
  • analyse usage;
  • improve performance; and
  • support marketing activities.

Details about the cookies we use and how to manage them are set out in our Cookie Policy, which forms part of this Privacy Policy.

11. Your Rights

Depending on your location, you may have rights to:

  • access personal information;
  • request correction or deletion;
  • object to or restrict processing; and
  • withdraw consent.

Requests can be made to privacy@cradle.io. We may need to verify your identity.

12. GDPR And UK GDPR – Lawful Basis For Processing

If you are located in the European Union or the United Kingdom, we process personal information only where we have a lawful basis to do so, including:

  • Contractual necessity – where processing is required to provide our services;
  • Legitimate interests – such as improving our services, securing our systems, and communicating with customers (except where overridden by your rights);
  • Consent – where required for cookies, marketing, or certain analytics activities; and
  • Legal obligations – where processing is required by law.

Where processing is based on consent, you may withdraw that consent at any time.

Your Rights Under the GDPR and UK GDPR

If you are located in the EU or UK, you may have the right to:

  • access your personal information;
  • request correction or erasure;
  • restrict or object to processing;
  • withdraw consent;
  • data portability; and
  • lodge a complaint with a supervisory authority.

You can exercise these rights by contacting privacy@cradle.io.

13. Changes To This Policy

We may update this Privacy Policy from time to time. Updated versions will be published on our Website.

Material changes will take effect in accordance with our Terms of Use.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, contact:

privacy@cradle.io

Cookie Policy

Last updated: 21 January 2026

1. Introduction

We use cookies and similar technologies on our websites and related services. This Cookie Policy explains what cookies are, how we use them, and how you can manage your preferences.

This Cookie Policy forms part of our Privacy Policy.

Where required by law, we only place non-essential cookies after obtaining your consent through our cookie banner or preference tool.

2. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. Cookies allow a website to recognise your device and store information about your preferences or past actions.

Cookies may be:

  • session cookies, which expire when you close your browser; or
  • persistent cookies, which remain until deleted or expired.

Cookies may be first-party (set by us) or third-party (set by external service providers).

3. Types Of Cookies We Use

3.1 Strictly Necessary Cookies

These cookies are essential to enable core website functionality, including security, authentication and accessibility.

If you disable these cookies, parts of the website may not function correctly.

3.2 Functionality Cookies

These cookies allow us to remember your preferences (such as language or region) and provide enhanced features.

They do not track your activity across other websites.

3.3 Performance and Analytics Cookies

These cookies help us understand how visitors interact with our websites so we can improve performance and usability.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC.

Google Analytics uses cookies and similar technologies to collect information such as:

  • IP address (which may be anonymised);
  • browser type and version;
  • pages visited and time spent;
  • interaction and usage data.

The information generated by these cookies is transmitted to and stored by Google on servers in various jurisdictions. Google may process this information in accordance with its own privacy practices.

We use Google Analytics to:

  • analyse website usage;
  • improve website performance; and
  • understand user engagement.

You can learn how Google uses data from sites that use its services here:
https://policies.google.com/privacy

You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on:
https://tools.google.com/dlpage/gaoptout

3.4 Tag Management

Google Tag Manager

We use Google Tag Manager to manage and deploy tracking and analytics tags.

Google Tag Manager does not itself collect personal information. However, it may load other tools (such as Google Analytics or advertising tags) that do collect personal information, as described in this Cookie Policy.

3.5 Marketing and Advertising Cookies

These cookies are used to deliver advertisements relevant to you and to measure the effectiveness of marketing campaigns.

Google Ads and Advertising Features

We use Google Ads and Google Analytics Advertising Features, which may include:

  • remarketing;
  • demographic and interest reporting;
  • Google Display Network (GDN) impression reporting.

These features use cookies to show ads based on your prior visits to our website.

You can opt out of personalised advertising by Google by visiting:
https://adssettings.google.com

HubSpot Tracking

We use HubSpot for marketing analytics, forms and customer engagement.

HubSpot may set cookies and use tracking technologies to collect information such as:

  • pages visited;
  • form submissions; and
  • interaction with marketing communications.

This information helps us understand how users engage with our content and improve our marketing activities.

HubSpot processes data in accordance with its Privacy Policy:
https://legal.hubspot.com/privacy-policy

4. How To Manage Or Disable Cookies

You can manage or delete cookies through your browser settings. Instructions are available at:
https://www.aboutcookies.org

You may also opt out of interest-based advertising via:

Please note that disabling cookies may affect the functionality of our websites and services.

5. Third-Party Websites

If you follow a link from our website to a third-party website, that website will have its own cookie and privacy policies. We encourage you to review those policies before providing personal information.

6. Changes To This Cookie Policy

We may update this Cookie Policy from time to time. Updated versions will be published on our Website.

Version Information

Document hash: 70fe8455569994785c694be38db1564f8b8ad0fc64a0436fdde22eb95a50c616

This hash uniquely identifies this version and is recorded when you accept our terms.