How Steward handles your data.

Who we are

Steward is a New Zealand–based product that helps boards prepare for meetings. This policy describes what we collect, how we use it, and the rights you have under the Privacy Act 2020.

What we collect

Three categories: account information you provide (names, email addresses, board role), the documents your organisation uploads (meeting packs, reference documents like charters and budgets), and usage telemetry (sign-ins, audit events, error reports).

How AI processing works

When your organisation uploads a board pack, Steward sends the document content to Anthropic's API to generate the meeting brief. Anthropic retains API inputs and outputs for up to 30 days for safety and abuse monitoring, after which they're automatically deleted. Anthropic does not use this content to train models.

Reference documents (charter, delegations, budget) are also processed through the same path so the assistant can ground its questions in your board's real rules and numbers.

Where your data is stored

Steward runs on Microsoft Azure in the Australia East region (Sydney). That covers the application database (Azure SQL), uploaded documents and their extracts (Azure Blob Storage), and operational secrets (Azure Key Vault). Document content sent to Anthropic for AI processing is handled in Anthropic's infrastructure (US-based) and auto-deletes within 30 days as described above.

How long we keep your data

Documents and extracts stay in Steward as long as your organisation has an active subscription. Deleting a document from the app removes it from our own storage immediately, but the 30-day Anthropic retention window applies in parallel, that copy auto-deletes within 30 days. For urgent removal (e.g. a document uploaded in error), email us and we'll request an expedited delete from Anthropic.

Who can see your data

Your organisation's members see the documents the admin grants them access to. Steward staff can access organisation data when investigating support requests or incidents, we log every such access in your audit trail and you can ask for that record at any time.

Audit logs

Steward records sensitive actions, document uploads and deletes, member invites and removals, dispositions, AI generations. You can request the audit trail for your organisation by emailing us; we're also working on a self-serve view.

Cookies and sessions

Inside the signed-in app, Steward uses a single session cookie to keep you logged in. No third-party analytics, tracking, or advertising cookies run on app pages.

The public marketing site (steward.nz, before sign-in) loads Microsoft Clarity to capture anonymised session recordings and heatmaps, that tells us how visitors interact with the public pages so we can improve them. Clarity sets its own cookies for this purpose and is not loaded inside the signed-in app. See Microsoft's privacy statement for how Clarity handles that data.

Your rights

Under the Privacy Act 2020 you have the right to know what personal information we hold about you, to correct it if it's wrong, and to ask us to delete it. Email hello@steward.nz and we'll respond within 20 working days.