Last Updated: 11.June.2026
Effective Date: 11.June.2026

INTRODUCTION

This Privacy Policy (“Policy”) describes how Thrico by PulsePlay Digital Private Limited (“we”, “us”, or our”), collects, uses, discloses, stores and otherwise handles personal information relating to an identified or identifiable natural person within New Zealand, as well as how we use cookies and similar technologies. It applies to all users of the Thrico.

Our Platform enables organisation to build, manage, and grow branded online communities, offering features including social media, member, connections chat, events, mentorship, gamification, job boards, surveys, polls, a marketplace and more. 

This Privacy Policy (“Policy”) explains how we collect, use, disclose, retain, and protect personal data when you: 

(a) Visit Our Website at (www.thrico.com) (“Site”)

(b) Register for or use the Thrico by PulsePlay digital Platform, web application, or mobile applications (“Platform”)

(c) Interact with us as a Brand Admin, community member, visitor, partner, or job applicant, or 

(d) Communicate with us by any means

This Policy is specifically directed and applicable to the users located in New Zealand. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the term of this Privacy Policy.

1. SCOPE AND APPLICATION

(a) This Privacy Policy applies to all personal information collected, held, used or disclosed by Thrico in connection with New Zealand. As provided under the Policy 2020, any agency doing business in New Zealand is subject to the Act.

(b) The Platform serves a broad range of community types including associations, academic institutions, enterprises, creators, and startups. All personal Information Provided through any of these use cases is governed by this Policy.

2. KEY DEFINITIONS

The Following terms have the meaning set out in the Privacy Act 2020 or as described below:

(a) Personal Information: Personal Information means any information about an identifiable individual, including information that may identify a person directly or in combination with other available data.

(b) Agency: Agency means any person or organisation (including Thrico) to whom the Act applies.

(c) IPP: IPP means an “Information Privacy Principle” as set out in Section 22 of the Privacy Act 2020.

(d) Privacy Officer: Privacy Officer means the designated individual responsible for overseeing privacy compliance within Thrico.

(e) Sensitive Information: Sensitive Information includes health data, biometric data, political opinions, religious beliefs, criminal history, or sexual orientation, which attracts heightened protection under the Act.

3. PERSONAL INFORMATION WE COLLECT

(a) Information you provide directly: We collect Personal information that you voluntarily provide when registering, using or interacting with the Platform, including: 

(i) Full name, username and profile photograph.
(ii) Email address and password (encrypted)
(iii) Mobile number (optional, for notification)
(iv) Professional details such as job title, employer, education history, and skills.
(v) Content you post, including posts, comments, forum message, stories and event details.
(vi) Payment Information (processed via third-party gateways: Stripe or Razor pay- Thrico does not store raw card data)
(vii) Marketplace and job listing details.
(viii) Mentorship, career and entrepreneurship module data.
(ix) Survey and poll responses.

(b) Information collected automatically: When you use our Platform, we automatically collect

(i) Device information (type, operating system, browser, device identifiers)
(ii) IP address and general location data.
(iii) Usage data (pages visited, features used, timestamps, session duration)
(iv) Cookie and tracking technology data (see Section 10-Cookies)
(v) Log data generated through your interaction with our services.

(c) Information from third parties (IPP 3A- indirect collection): Pursuant to Information Privacy Principle 3A, which came into force on “1 May 2026”, where we collect personal information about you from a source other than you directly (for example, from and organisation deploying Thrico for their community, a referral, or a third-party integration), we will take reasonable steps to notify you that:

(i) The information has been collected.
(ii) The name and contact details of our organisation;
(iii) The purpose for which the information was collected;
(iv) Any intended recipients of the information; and
(v) Your rights to access and correction.

4. THE 13 INFORMATION PRIVACY PRINCIPLES-HOW WE APPLY THEM

The Privacy Act 2020 sets out 13 Information Privacy Principles that govern how agencies collect, store, use and disclose personal information. Below we explain how each IPP applies to Thrico.

(a) PURPOSE OF COLLECTIONS (IPP-1)

Thrico only collects personal information that is necessary for a lawful purpose directly related to the operation of our platform- including account management, community engagement, content delivery, analytics, customer support, payment processing, and legal compliance. We do not collect personal information unless it is required for a specific, stated purpose.

(b)  SOURCE OF PERSONAL INFORMATION (IPP-2)

We collect personal information directly from the individual wherever practicable. We use secure, authenticated sign-up processes to ensure information is collected from the correct individual. Where collection from a third party is unavoidable, we comply with IPP 3A (notification obligation).

(c) COLLECTION OF INFORMATION FROM SUBJECT (IPP-3)

At or before the time of collecting personal information directly from you, we will inform you of 

(i) the fact that the information is being collected;
(ii) the purpose for collection;
(iii) the intended recipients;
(iv) whether collection is voluntary or mandatory; and
(v) your right access and correct the information. This notice is delivered through our registration flow, in-app prompts, and this Privacy Policy.

(d) COLLECTION OF INFORMATION FROM THIRD PARTIES (IN FORCE FROM 1ST MAY 2026) (IPP-3A)

When personal information about you is collected from a source other than you, Thrico will notify you of the collection, our identity, the purposes, and your rights as soon as reasonably practicable after collection, unless an exception applies under the Act. 

(e) MANNER OF COLLECTION (IPP-4)

Thrico collects personal information only by lawful and fair means, and not in an unreasonably intrusive manner. We do not deceive individuals about the collection or use of their information.

(f) STORAGE AND SECURITY OF PERSONAL INFORMATION (IPP-5)

Thrico takes all reasonable steps to protect personal information from loss, unauthorised access, use, modification, disclosure, or any other misuse. Our Security measures include: industry-standard encryption in transit and at rest; access controls and role-based permissions; regular security testing and audits; and breach detection and response procedures. In the event of a notifiable privacy breach causing or likely to cause serious harm, we will notify the office of the Privacy Commissioner and affected individuals as required by Sections 113-120 of the Act.

(g) ACCESS TO PERSONAL INFORMATION (IPP-6)

Individual have the night to request access to personal information held by Thrico about themselves. We will respond to access requests within 20 working days of receiving a valid request. We may refuse access only in circumstances permitted under the Act, and will provide written reasons for any refusal. 

(h) CORRECTION OF PERSONAL INFORMATION (IPP-7)

You have the right to request correction of personal information held by Thrico that is inaccurate, out of date, incomplete, irrelevant, or misleading. You may update most profile. Information directly through account settings. Where we decline to correct information, we will attach a notation of the requested correction.

(i) ACCURACY OF PERSONAL INFORMATION (IPP-8)

Before using or disclosing personal information, Thrico takes reasonable steps to ensure the information is accurate, up to date, complete, relevant and not misleading.

(j) RETENTION OF PERSONAL INFORMATION (IPP-9)

We do not keep personal information for longer than is   necessary for the purpose for which it was collected, or as required by applicable law. Our data retention schedules are reviewed periodically to ensure compliance with this principle.

(k) USE OF PERSONAL INFORMATION (IPP-10)

Personal information collected by Thrico is used only for the purpose for which it was collected, or a directly related purpose that the individual would reasonably expect. We do not use personal information for secondary purposes without consent, unless an exception under the Act applies.

(l) LIMITS ON DISCLOSURE OF PERSONAL INFORMATION (IPP-11)

We only disclose personal information to third parties for the purpose for which it was collected, or in circumstances permitted by the Act, such as disclosure required by law or in the public interest. We do not sell personal information to the third parties.

(m) DISCLOSURE OF PERSONAL INFORMATION OUTSIDE NEW ZEALAND (IPP-12)

Thrico may transfer personal information to recipients     outside New Zealand (for example, cloud infrastructure provides and third-party integration). We only transfer personal information overseas where: 

(i) the receiving country provides comparable privacy protections to those under the Act,
(ii) the individual has expressly authorised the transfer or
(iii) adequate agreement with the EU. We will inform users of international data flows and applicable safeguards.

(n) UNIQUE IDENTIFIERS (IPP-13)

Thrico assigns unique user identifier for the efficient operation of the Platform. We do not require individuals to disclose identifiers assigned by other agencies (such as IRD numbers or passport numbers) unless strictly necessary for a specific Platform function and explicitly consented to by the individual.

5. HOW WE USE YOUR PERSONAL INFORMATION

We use personal information collected through the Platform for the following purposes: 

(a) Creating and managing platform features and functionally

(b) Facilitating community engagement, connections, events, discussions, and marketplace activities

(c) Delivering notifications, updates, communications relevant to your account

(d) Processing payment and managing subscriptions

(e) Enabling gamification, rewards, and recognition features

(f) Providing customer support and responding to your queries

(g) Conducting analytics and generating insights to improve platform performance

(h) Detecting and preventing security threats, fraud, and abuse

(i) Complying with legal obligations under applicable New Zealand law

(j) Sending marketing communications (subject to your preferences and the unsolicited Electronic Messages Act, 2007).

6. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES

Thrico may share your personal information with the following categories of third parties, strictly for the purpose of described in this Policy: 

(a) Community Operators: Platform operators and community administrators, organisations that deploy Thrico for their community may have access to member data relevant to their community.

(b) Service providers: Stripe and Razorpay process payment transactions. They are bound by their own privacy policies and PCI-DSS standard.

(c) Analytics Providers: Analytics tools and performance monitoring services used to improve the Platform

(d) Legal Authorities: We may share information when required by law, court order, or governmental authority.

(e) Business Transfers: If Thrico is involved in a Merger, acquisition, or sale, personal information may be transferred as part of that transaction with advance notice affected individuals

We do not sell, rent, trade personal information to third parties for their own marketing purposes.

7.YOUR PRIVACY RIGHTS UNDER THE PRIVACY ACT, 2020

As an individual whose personal information is held by Thrico, you have the following rights under the
Privacy Act, 2020 :

(a) Rights of Access (IPP-6): You may request confirmation of whether Thrico holds personal information about you, and request a copy of that information.

(b) Right of Correction (IPP-7): In certain circumstances, you may request deletion of your personal information where it is no longer necessary, where consent is withdrawn, or where the information has been unlawfully processed.

(c) Right to Object : You may object to certain uses of your personal information, subject to our legitimate operational requirements.

(d) Right to Restrict Processing: You may request restriction of processing in certain circumstances.

(e) Right to withdraw consent: You may withdraw consent for marketing communications at any time.

To exercise any of these rights, please submit a Privacy Act request to our Privacy Officer (See Section 14). We will acknowledge your request within 5 working days and respond substantively within 20 working days of receiving a valid request, as required by the Act.

8. PRIVACY BREACH NOTIFICATION

(a) Under Section 113-120 of the Privacy Act, 2020 , Thrico is required to notify both Office of the Privacy Commissioner (OPC) and affected individuals of any notifiable privacy breach-being a breach that has caused, or is likely to cause, serious harm to one or more individuals.

(b) Our breach response obligations include:
(i) Notifying the OPC as soon as reasonably practicable becoming aware of notifiable breach
(ii) Notifying affected individuals in a manner appropriate to the circumstances
(iii) Maintaining an internal register of all privacy breaches (Whether notifiable or not)

If you believe a privacy breach involving your personal information has occurred, please contact our Privacy Officer immediately at
thrico.dpo@pulseplaydigital.com.

9. INTERNATIONAL DATA TRANSFERS

(a) Thrico’s platform is operated from Office in India and other countries, the personal information collected from New Zealand users may be stored and processed outside New Zealand, including in cloud infrastructure located in the United States, European Union, India, or other Jurisdictions

(b) In accordance with IPP 12, we only transfer personal information outside New Zealand where;
(i) The destination country provides comparable privacy protection (New Zealand has an adequacy agreement with the EU);
(ii) The individual has provided express consent to the transfer with awareness that the destination may not provide equivalent protections; or
(iii) Adequate contractual safeguards (such as data processing agreement incorporating equivalent protections to the Act) are in place with the receiving party.

10. COOKIES AND TRACKING TECHNOLOGIES

The Platform uses cookies and similar technologies (such as web beacons, local storage, and session storage) to operate and improve the platform. In accordance with the transparency requirements of the Privacy Act, 2020 , we describe our cookie practices below:

(a) Essential Cookies: Required for the Platform to function. They enable basic features such as page navigation and account authentication

(b) Analytics Cookies: helps us understand how users interact with the platform (e.g., Google Analytics) data is aggregated and anonymized where possible.

(c) Functional Cookies: Remember your setting and preferences to provide a more personalized experience.

(d) Third party cookies: May be set our third-party integrations to enable features such as social sharing.

You have the right to know what cookies collect data from you, how data is used, and who it is shared with. For targeted advertising purposes, we obtain your consent before deploying such cookies. You may manage your cookie preferences through your browser settings or through the cookie consent tool available on our platform.

11. MARKETING COMMUNICATIONS AND UNSOLICITED ELECTRONIC MESSAGES ACT 2007

(a) Thrico may send you marketing communications about our platform, features, and community-related content. In accordance with the
Unsolicited Electronic Messages Act (UEM Act):

(i) We will only send commercial electronic messages (email, SMS) to individuals who have expressly or inferably consented to receive them;
(ii) All marketing messages will clearly identify Thrico as the sender;
(iii) Even marketing messages will include a clear and functional unsubscribe mechanism; and
(iv) We will unsubscribe requests within 7 (seven) working days.

You may update your communication preferences at any time through your account settings or by contacting our Privacy Officer.

12. CHILDRENS AND MINORS

(a) The Platform is not directed at children under the age of 16. We do not knowingly collect personal information from individuals under the age of 16 years without verifiable parental or guardian consent. If you believe we have inadvertently collected inadvertently collected information from a child, please contact us immediately and will take appropriate steps to delete such information.

(b) Community operators who deploy Thrico for educational institutions (schools, colleges universities) are responsible for ensuring compliance with any additional requirements applicable to collection of information from minors, including obtaining appropriate consents.

13. SECURITY OF PERSONAL INFORMATION

(a) Thrico implements industry-standard technical and organisational measures to protect your personal information form unauthorized access, disclosure, alteration, loss, or destruction.

Our security measures include:
(i) TLS/SSL encryption for all data in transit
(ii) Encryption of Sensitive data at rest
(iii) Role-based access controls limiting staff access to personal information.
(iv) Multi-factor authentication for administrative access
(v) Regular penetration testing and vulnerability assessments.
(vi) A format incident response and breach notification procedure

While we take all reasonable precautions, no transmission over the internet or electronic storage is completely secure. If you become aware of any security vulnerabilities or breach, please notify us immediately to
thrico.dpo@pulseplaydigital.com.

14. CHANGES TO THIS PRIVACY POLICY

(a) We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform or applicable law.
We will notify you of material changes by:

(i) Posting the updated Policy on our website with an updated Effective date;
(ii) Sending an in-app notification or email to registered users where change materially affect your rights

Your continued use of the Platform after the effective date of any revised Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically.

15. OUR PRIVACY OFFICER

(a) As required by the Privacy Act, 2020 , Thrico has designated a Privacy Officer responsible for ensuring the organisation meets its obligations under the
Act. The Privacy Officers responsible include:

(i) Receiving and responding to Privacy Act requests and complaints
(ii) Overseeing the organisation privacy compliance framework
(iii) Providing privacy guidance to staff and management
(iv) Maintaining the register of Privacy breaches
(v) Liaising with Office of the Privacy Commissioner (OPC) as required.

To contact our Privacy Officer:
Thrico/PulsePlay Digital-Privacy Officer
Email: thrico.dpo@pulseplaydigital.com.
Website: https://thrico.com/
Unresolved complaints may be referred to the Human Rights review Tribunal as provided under the Privacy Act 2020