Legal · allusio.tech

Your privacy,
plainly stated.

Allusio is built for film and television professionals. This policy explains what data we collect, why we collect it, and the controls you have over it — without the legalese.

Effective 31 May 2026 Last updated 31 May 2026 Jurisdiction New Zealand Applies to allusio.tech
01

Overview

Allusio ("we", "us", or "our") operates the Allusio platform — a production management and crew coordination system for the screen industry — at allusio.tech. This Privacy Policy applies to all information collected through our website, web application, and any related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

The short version: We collect only what we need to run the platform. We don't sell your data. You can request deletion of your account and data at any time.

02

Information We Collect

Account information

When you create an account, we collect your name, email address, and a hashed password. You may optionally provide a profile photo.

Production data

Information you enter about your productions — including production names, types, crew member names, contact details, roles, and any content you create within the platform — is stored and associated with your account.

Usage data

  • IP address and approximate geolocation derived from it
  • Browser type, operating system, and device type
  • Pages visited, features used, and timestamps of activity
  • Referral URLs and session duration

Communications

If you contact us via email, we retain those communications to assist you and improve the Service.

Third-party sign-in

If you sign in using a third-party provider such as Google, we receive basic profile information — name, email, and profile picture — as permitted by that provider and your privacy settings with them.

03

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and keep your account secure
  • Send transactional emails such as password resets and invite notifications
  • Respond to support requests and communicate with you about your account
  • Detect, investigate, and prevent fraudulent or unauthorised activity
  • Comply with our legal obligations
  • Understand how the Service is used in aggregate, to guide product development

We do not use your data to serve advertising, sell to data brokers, or train machine learning models.

04

Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:

Infrastructure providers

We use Supabase for our database, authentication, and file storage. Supabase runs on AWS infrastructure, and your data may be stored in the United States or other regions. We use Cloudflare for DNS, network routing, and DDoS protection — Cloudflare processes connection metadata (including IP addresses) as traffic passes through their global network.

These providers process data only as necessary to deliver their services and are subject to their own privacy policies.

Within your production

Information you share within a production — such as your name, role, and contact details — is visible to other members of that production. Production owners control membership.

Legal requirements

We may disclose information if required to do so by law, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to protect our rights or the safety of others.

Business transfers

If Allusio transfers its assets or operations, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

05

Data Storage & Transfers

Your data is stored by Supabase on AWS infrastructure. Depending on the project region, data may be stored in the United States or elsewhere outside New Zealand. Your traffic also passes through Cloudflare's global network.

We are based in New Zealand and are subject to the Privacy Act 2020. Where your data is transferred overseas, we take reasonable steps to ensure it receives comparable protection. By using the Service you acknowledge that your data may be processed outside New Zealand.

Supabase is SOC 2 Type II certified. Cloudflare holds ISO 27001 and SOC 2 certifications. We do not own or directly control the infrastructure of either provider.

06

Data Retention

We retain your personal data for as long as your account is active, or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal reasons.

Production data created by other members of a production — such as crew lists you appear in — may be retained by the production owner after you leave.

07

Your Rights

Under the New Zealand Privacy Act 2020, you have the right to request access to and correction of personal information we hold about you. You may also have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request erasure of your personal data
  • Portability — receive your data in a structured, machine-readable format
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at allusioproductionsuite@gmail.com. We will respond within 20 working days as required under the Privacy Act 2020.

If you believe we have breached your privacy, you may also complain to the Office of the Privacy Commissioner at privacy.org.nz.

08

Cookies & Tracking

We use cookies and similar technologies to maintain your session and remember your preferences. We do not use third-party advertising cookies or cross-site tracking pixels.

Types of cookies we use

  • Session cookies — essential for authentication; deleted when you close your browser
  • Persistent cookies — used to remember your preferences across sessions

You can instruct your browser to refuse all cookies or alert you when a cookie is being sent. Some parts of the Service may not function properly without cookies.

09

Security

We take reasonable steps to protect your personal data, including:

  • TLS encryption for all data in transit
  • Encryption at rest via Supabase / AWS
  • Role-based access controls limiting who can access production data
  • Authentication handled by Supabase Auth with bcrypt password hashing

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and the Privacy Commissioner as required by law.

10

Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us at allusioproductionsuite@gmail.com and we will delete that information promptly.

11

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page and, for material changes, notify you via the email address associated with your account.

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

Get in touch

Questions about this policy, data requests, or privacy concerns — we're happy to help.

Allusio · New Zealand
allusioproductionsuite@gmail.com