Last updated: 5 July 2026
Who we are
This policy explains how Druidry Aotearoa collects, uses, stores, and protects your information when you use druidry.org.nz (the “platform”). Druidry Aotearoa is the platform itself — the individual Groves, Seed Groups, and other groups who use it (for example, the Grove of the Summer Stars or the Tōtara Seed Group) are independent organisations, not subsidiaries of Druidry Aotearoa, but this single policy covers everyone’s use of the platform regardless of which group they belong to.
We are based in New Zealand and this policy is written with reference to the Privacy Act 2020 (NZ).
What we collect
We collect information you give us directly, and information that becomes known to us through your participation in a Grove, Seed Group, or Group. In plain terms, this falls into six categories:
- Login and account information — your username, name, display name, and any public pseudonym you choose to set.
- Grove contact information — your name, membership status, grade or initiation level, Druid teaching order affiliation (if any), and the groups you belong to. This also includes event venue information — where an event is hosted at a private home, we record a venue name (for example, a property name) rather than a street address.
- Profile information you choose to provide — a profile picture, if you add one (this is entirely optional), and information shared with us if you choose to sign in using a third-party identity provider (currently Google; we may support others, such as Apple or Discord, in future).
- Event and camp information — event registrations, role signups, and any dietary or accessibility needs you tell us about.
- Content you provide — blog posts and comments you choose to publish on the platform.
- Technical and security information, generated automatically — a record of changes made to your data (an audit trail), and limited technical information (such as device or connection information) captured by our error-monitoring tools when something goes wrong.
Why we collect it
- The minimum information needed to create and use an account (such as your username, email, and name) is collected solely to provide the platform’s core functionality.
- Everything else is optional.
- We do not sell your information, to anyone, ever.
- We do not use your content (such as blog posts) for any purpose beyond the platform itself — for example, in marketing — without your explicit consent.
- Technical and audit information may be used internally to understand how the platform is used and to keep it secure. We do not share this information with third-party analytics or advertising services (such as Google Analytics). We do not report on it to anyone outside our administrators.
- When you join a Grove, Seed Group, or Group, your relevant information is shared with that group’s administrators, for the purpose of administering the group (for example, running camps, tracking initiations, organising working bees, or coordinating festivals).
Who has access to your information
Different people involved in running Druidry Aotearoa have different levels of access, scoped to what they need:
- Platform administrators have access across the whole platform, for operating and supporting it.
- Content moderators can view posts and comments awaiting review, and hide flagged content, for moderation purposes — they do not have broader access to contact information.
- Grove, Seed Group, and Group administrators have access to their own group’s (and any child groups’) information, for administering that group.
- Group coordinators have narrower access still — read-only contact information plus event management, limited to their specific area of responsibility.
- Other members may see limited information about you — such as your display name, or, if you belong to the same Grove, Seed Group, or Group, your name — depending on your and their membership status. We do not show your email address to other members.
- Separately, the person who hosts and maintains the platform’s underlying technical infrastructure has direct access to it for maintenance and support. This is broader than any in-app role above, and is currently held by one person.
- Group, Grove, and Seed Group administrators may use their own additional tools (for example, email newsletter services) to help administer their group. These tools are independent of Druidry Aotearoa and outside our control — but administrators remain bound by New Zealand law, including the Privacy Act 2020, in how they handle your information wherever it’s held. See our Terms & Conditions for more.
- Anyone, including people who are not logged in, can see content you choose to publish publicly (posts and comments set to public visibility, rather than restricted to your channel or group). You can set a public pseudonym to use instead of your real name or display name on anything you publish publicly.
Where your information is stored
Your information is processed and stored in more than one place:
- Core platform data (your account, contact, event, and content information) — Sydney, Australia
- The web application itself — Sydney, Australia
- Error and crash reports (technical information only; we take care to avoid including personal information in this data) — Frankfurt, Germany
- Transactional emails (for example, invitations and password resets) — United States
- Sign-in via Google, if you choose to use it — Google’s global infrastructure
Because some of this processing happens outside New Zealand and Australia, this is a disclosure of an overseas transfer of your information under the Privacy Act 2020.
Retention — how long we keep your information
- If you are not a member of any Grove, Seed Group, or Group and have not logged in for a year and a day, our practice is to archive or dispose of your login details.
- If you are a member, we retain your login details for as long as you belong to any Grove, Seed Group, or Group. Once you have left, or been removed from, all of them, the same year-and-a-day period applies before we archive or dispose of your login details.
- We retain your name and a record of your participation (such as grades, roles, and event attendance) indefinitely, to preserve the accuracy of the Grove’s history — even after you leave or ask us to remove other information about you.
- If you are aged 15 to 17 and create your own account, we ask you to confirm you are old enough, or that a parent or guardian consents. We do not ask for or store your date of birth — only that confirmation, and when it was given. We dispose of that confirmation once enough time has passed that everyone who could have given it is now definitely an adult.
Your rights
- You can delete your own login details at any time, from your profile page. This does not delete your Grove contact record, group memberships, roles, grades, or event history.
- You can ask us to remove other information about you — such as your email address, phone number, physical address, or dietary/accessibility preferences — from your Grove record. We will retain your name and a record of your participation, as described above.
- You can contact us at any time using the details below with questions or requests about your information.
If you are a minor
Children who attend Grove activities with a parent or guardian may be recorded in our system by that parent or guardian, or by a Grove administrator, without needing an account or login of their own.
If you are old enough to create your own account (see Retention, above, for our minimum age), you may do so with a parent or guardian’s consent.
Photos
Members may post camp and event photos as part of blog content, stored on our platform infrastructure in Australia, subject to the same visibility rules (internal or public) as the post itself.
You can indicate a preference about being named or shown in photographs outside the platform. We ask members posting photos to respect this preference; it is not currently enforced automatically by the system. We will honour your preference for anything we publish ourselves, but we cannot control what an individual member does with a photo once it leaves the platform.
We do not use facial recognition or any other biometric identification technology on photos.
Security
We take reasonable technical and organisational measures to protect your information, including multi-factor authentication and passkey support for all accounts, database-level access controls that restrict what each type of user can see, and encrypted connections. Our infrastructure providers maintain independent security certifications. No system can guarantee complete security, but we take this seriously — including going beyond what’s typical for a community organisation of our size.
If something goes wrong
If we become aware of a privacy breach involving your information that is likely to cause serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as soon as practicable, in line with the Privacy Act 2020.
Changes to this policy
We may amend this policy from time to time. The date at the top shows when it was last revised. If you keep using Druidry Aotearoa after a change, that means you accept the updated policy.
Contact us
For any question or request relating to this policy or your information, contact us at privacy@druidry.org.nz.