Privacy Policy

DriveShine is operated by ANTSAI Pvt. Limited (NZ Company No. 6133667, NZBN 9429043373918), a registered New Zealand limited company based in Auckland (“DriveShine”, “we”, “us”).

This Privacy Policy explains how we collect, use, store and disclose your personal information in accordance with the New Zealand Privacy Act 2020.

When you shop with us or contact us, we collect:

• Order & contact details: name, email address, phone number, delivery address, billing address.
• Order history: products ordered, order totals, payment method used.
• Account credentials: if you create an account, your email and an encrypted password (managed by Firebase Authentication).
• Communications: messages you send us via the contact form or by email.
• Technical data: IP address, browser, device type and analytics data collected when you browse the site.

We do not store full credit card numbers. Card payments are processed directly by Stripe; Afterpay payments are processed directly by Afterpay.

• To process and dispatch your orders.
• To send order confirmations, dispatch notifications and tracking information.
• To respond to your enquiries.
• To prevent fraud and resolve disputes.
• To improve our products, website and customer service.
• To comply with our legal and tax obligations under New Zealand law.

We share your information only with the service providers we need to operate the store. Each is bound by their own privacy and security obligations:

• Stripe — payment processing for card transactions.
• Afterpay — “Pay in 4” payment processing.
• Google Firebase (Google LLC) — secure hosting, authentication, database and order storage.
• Resend — transactional email delivery (order confirmations, contact replies).
• CourierPost / NZ Post — delivery of your physical order.

We never sell your personal information. We may disclose information if required by law or to protect our rights.

Order data is stored on Google Firebase servers, which may be located outside New Zealand (typically Asia-Pacific or the United States). By using our site you consent to this transfer. Google’s storage and security practices comply with industry standards and applicable privacy frameworks.

We keep order records for a minimum of 7 years to comply with New Zealand tax, accounting and consumer law requirements. Account data is kept for as long as your account is active. You can request deletion of your account at any time (see section 8).

We use a small number of essential cookies to keep you signed in, remember your shopping cart, and protect against fraud. We do not currently use third-party advertising or tracking cookies. You can clear or block cookies in your browser settings, but doing so may affect your ability to checkout.

You have the right to:

• Request access to the personal information we hold about you.
• Request correction of any inaccurate information.
• Request deletion of your account and associated personal data (subject to record-keeping obligations above).
• Withdraw consent or object to processing.

To exercise any of these rights, email sales@driveshine.co.nz. We will respond within 20 working days as required by the Privacy Act.

Our website is served over HTTPS with TLS encryption. Payment data never touches our servers — Stripe and Afterpay handle card details directly under PCI-DSS compliance. Account passwords are stored using Firebase Authentication with industry-standard hashing.

If you believe we have breached your privacy, please contact us first at sales@driveshine.co.nz. If you are not satisfied with our response, you can complain to the Office of the Privacy Commissioner at privacy.org.nz.

We may update this policy from time to time. The “last updated” date below will reflect any changes. Material changes will be communicated via email to active customers where appropriate.