Skip to main content
Get paid to waitOne line to installCharity at launch · more rewards rolling outNZ-only · opt-inNever reads prompts, content, files or codeGet paid to waitOne line to installCharity at launch · more rewards rolling outNZ-only · opt-inNever reads prompts, content, files or code
dash
How it worksRewardsFor buildersPlayAbout
Join the waitlist

Privacy Policy

Dash by assembl · ASSEMBL NZ LIMITED · last updated 17 June 2026

Dash by assembl is built to be native to the Privacy Act 2020. This policy explains what we collect, what we deliberately do not, and how we look after it. ASSEMBL NZ LIMITED is the agency responsible for personal information handled through Dash. Our Privacy Officer is Kate Hudson, assembl@assembl.co.nz.

1. What we never collect

The Dash SDK is designed so it has no way to read the things that matter most. We never collect, store or transmit:

  • your users’ prompts, inputs or queries;
  • the content, documents, code or files inside the host software;
  • the outputs the host software generates.

That promise is structural, not just a setting. There is no field in the SDK for this data because we do not want it.

2. What we do collect

To run the auction, prevent fraud and pay publishers, the SDK sends us only:

  • the publisher id of the surface serving the impression;
  • the surface type (e.g. web, Electron, CLI) and a coarse, non-identifying context tag;
  • impression, click and dismiss events, and a timestamp;
  • a network-derived IP address, used solely for fraud-prevention and coarse NZ-geography checks (see below).

3. We never store a raw IP — IPP 3A and salted hashing

Consistent with Information Privacy Principle 3A and the data-minimisation spirit of the Privacy Act 2020, we do not retain raw IP addresses. On receipt, an IP is combined with a rotating secret salt and one-way hashed; only that salted hash is stored, and only for the limited fraud-detection window. The hash cannot be reversed back to the original address, and the salt is held separately.

4. Purpose and lawful basis

We use the limited information above only to: run the second-price auction; detect and prevent invalid or fraudulent traffic; calculate and pay publisher revenue; and produce aggregate reporting. We do not build advertising profiles of individuals, and we do not sell personal information.

5. Where your data lives — Sydney residency

Dash’s data is hosted in Sydney, Australiaon our infrastructure provider’s ap-southeast-2 region. Australia provides privacy protections comparable to New Zealand’s. Where any processor is engaged outside New Zealand, we take reasonable steps to ensure comparable safeguards are in place, as the Privacy Act 2020 requires.

6. How long we keep it — retention

  • Operational event and salted-hash data: retained for up to 24 months, then deleted or further aggregated.
  • Financial and payment records (publisher payouts, advertiser invoices): retained for 7 years to meet New Zealand tax and record-keeping obligations.

7. Sharing

We share personal information only with the processors that run the network (hosting, payments) under confidentiality obligations, and where we are required to by New Zealand law. We do not share it with advertisers.

8. Your rights

Under the Privacy Act 2020 you may ask to access or correct personal information we hold about you. Because Dash stores no raw identifiers and no content, the information we can tie to an individual is minimal. Send any request to Kate Hudson at assembl@assembl.co.nz. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner.

9. Changes

We will post any update to this policy here with a new “last updated” date.

These pages are a working draft prepared by assembl. They have not been reviewed by external counsel.

dashby assembl
A reward layer for the wait.
dash.assembl.co.nz
© 2026 ASSEMBL NZ LIMITED · dash. is an assembl venture · Built in AotearoaTermsPrivacyCopyright