Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
- Overview
Common Mistakes With Website Terms Privacy Setup for Brand Strategy Agency
- Using overseas templates without New Zealand updates
- Combining website terms and privacy into one vague page
- Forgetting what is actually on the website
- Assuming an enquiry form is low risk
- Displaying client logos and work samples without clear rights
- Overpromising in case studies and testimonials
- Leaving privacy responsibilities to software providers
- Thinking website terms solve client disputes
FAQs
- Does a brand strategy agency in New Zealand need both website terms and a privacy policy?
- Can I copy a privacy policy from another agency website?
- Do website terms protect my agency’s intellectual property?
- Can I publish client logos and case studies if I worked on the project?
- What if my website uses booking tools, analytics or overseas software?
- Key Takeaways
If you run a brand strategy agency, your website often does more than advertise your services. It collects enquiries, showcases client work, offers downloadable resources, tracks visitor behaviour and sometimes books discovery calls or takes payments. The problem is that many agencies treat legal website documents as an afterthought. Common mistakes include copying overseas privacy wording, using generic website terms that do not fit a service business, and collecting personal information through contact forms without clearly explaining what happens next.
For New Zealand agencies, that creates real risk. A weak privacy policy can cause problems under the Privacy Act 2020. Poor website terms can leave gaps around intellectual property, disclaimers, acceptable use and limits on liability. If you feature testimonials, case studies or before and after brand work, marketing claims also need to line up with the Fair Trading Act 1986.
This guide explains what a proper website terms privacy setup for brand strategy agency work should cover, what to check before you rely on website wording, and where founders often get caught before they invest in branding, publish client results or accept online enquiries.
Overview
A brand strategy agency website usually needs at least two separate legal documents, website terms and a privacy policy. They do different jobs, and both should match how your agency actually collects data, markets services and presents client work online.
- Whether your website terms cover use of content, disclaimers, third party tools, intellectual property and liability limits
- Whether your privacy policy explains what personal information you collect, why you collect it, how you store it and who you share it with
- Whether your enquiry forms, mailing list sign ups and analytics tools match what your privacy wording says
- Whether testimonials, case studies and portfolio claims could create Fair Trading Act issues
- Whether your website wording aligns with your client contracts, proposal terms and service scope
- Whether you have clear permission to display client names, logos, designs or campaign results
What Website Terms Privacy Setup for Brand Strategy Agency Means For New Zealand Businesses
For a New Zealand brand strategy agency, website terms and privacy documents are not filler. They are part of the legal framework that supports your sales process, your online marketing and your handling of client and prospect data.
Many agency owners assume website terms are only for ecommerce stores. That is not right. A service business website still creates legal risk. A visitor may rely on information published on your site, submit sensitive project details through a form, download a template, book a call or use your content without permission. Your website terms help set the rules for those interactions.
Your privacy policy deals with a different issue. It tells people how your agency handles personal information. In New Zealand, the Privacy Act 2020 applies where your business collects, uses, stores or discloses personal information. For most agencies, that can include:
- Names, phone numbers and email addresses submitted through contact forms
- Business details provided by prospective clients
- CVs or job application information if you recruit through your site
- Newsletter sign up information
- Analytics data, cookies and similar tracking information
- Client contact details stored in customer relationship management systems, mailing tools or cloud software
Website terms and privacy serve different purposes
Your website terms are mainly about site use and risk allocation. Your privacy policy is mainly about transparency and lawful handling of personal information. Businesses often mix them together or treat one as a substitute for the other. That is where founders often get caught.
For example, a short footer note saying you respect privacy is not the same as a privacy policy. A generic website disclaimer also does not explain how your agency collects and uses personal information. If your site uses enquiry forms, booking tools or mailing list sign ups, you may also need a short privacy collection notice at the point of collection so the wording reflects those functions.
Why this matters more for brand strategy agencies
Brand strategy agencies often handle commercially sensitive information before a client even signs. Prospective clients may disclose product plans, launch timing, market positioning issues, customer data themes or budget information through an online form or discovery process. If your site invites that information, your privacy position should be clear from the start.
There is also an intellectual property angle. Agencies regularly publish brand assets, campaign examples, portfolio images and written insights. Website terms can help state who owns your site content, what visitors may or may not copy, and whether downloads are for personal or internal business use only.
Another issue is marketing accuracy. If your website says a rebrand increased conversion by a particular percentage, improved retention or delivered a certain revenue lift, you need a reasonable basis for those claims. The Fair Trading Act 1986 prohibits misleading and deceptive conduct and false or misleading representations in trade. This matters before you publish headline client results or broad claims about likely outcomes.
Website legal documents are not the same as client contracts
Your website terms do not replace your client services agreement. They are not a shortcut for project scope, fees, revision rights, confidentiality, ownership of deliverables or payment terms. Those points belong in your written terms and client contract.
Still, the documents should line up. If your website promises something broad, but your proposal or contract says something narrower, that mismatch can create disputes. Before you sign a contract with a new client, make sure your public website messaging and your private contract terms tell the same story.
Legal Issues To Check Before You Sign
The best time to fix website legal issues is before you rely on your site to generate leads, collect information or support your sales process. Once a dispute starts, it is much harder to explain away generic wording.
Are your website terms tailored to a service business?
Website terms for a brand strategy agency should reflect what your site actually does. If your site only acts as a brochure and contact point, the terms may be simpler than for a site offering paid workshops, downloadable resources or online booking.
Your terms often need to cover:
- Ownership of website content, copy, graphics, templates and downloads
- Limits on copying, reusing or republishing your material
- General information disclaimers, especially where content is educational and not tailored advice
- Rules for submitting content, comments or enquiries through the site
- Acceptable use, including restrictions on interference, misuse or unlawful behaviour
- Third party platforms, plugins and embedded tools
- Liability limits and exclusions, to the extent permitted by law
- How disputes, updates and governing law are handled
If you offer free guides, brand questionnaires or strategy checklists, the terms should also deal with download conditions and any limits on reliance. This is especially useful where a lead magnet is educational and not intended as bespoke strategic advice.
Does your privacy policy match your real data handling?
Your privacy policy should describe your actual practices, not an ideal version of them. If you say you only use information to respond to enquiries, but you also add leads to a marketing list or use data for audience targeting, your wording needs to say so clearly.
A New Zealand privacy policy for an agency website commonly covers:
- What personal information you collect
- How you collect it, such as forms, booking tools, cookies or direct contact
- Why you collect it, such as responding to enquiries, providing services, recruitment or marketing
- Whether you use analytics, advertising tools or third party software providers
- Whether information may be stored overseas through cloud providers
- How people can request access to or correction of their personal information
- Who to contact about privacy questions or complaints
If your agency uses overseas software, data storage or email marketing tools, cross border handling should be considered carefully. New Zealand privacy law can still matter even when information is processed through offshore providers, and some arrangements may also call for a data processing agreement.
Do you have permission to use client material on the site?
You should not assume a client engagement automatically gives you the right to display logos, designs, strategy outcomes or internal project details on your website. This is a separate permission issue.
Before you invest in branding your own agency around high profile client work, check:
- Whether your client contract gives you a marketing use right
- Whether that right applies to names, logos, screenshots, campaign assets and deliverables
- Whether there are confidentiality restrictions that limit what you can publish
- Whether claims about results are accurate and can be supported
- Whether a departing client can require removal later
This point matters a lot for agencies in early growth mode. Founders often rely on portfolio credibility to win work, but a missing permission clause can turn a showcase case study into a dispute.
Are your marketing statements legally safe?
Statements about outcomes, rankings, awards, experience or client results should be supportable and presented carefully. The main risk is not just deliberate exaggeration. It is also casual wording that implies guaranteed outcomes.
Examples that deserve a review include:
- Claims that your process will increase sales or conversion
- Statements that you are the best, leading or number one, if that cannot be substantiated
- Testimonials edited in a way that changes their meaning
- Before and after project claims without context
- References to trade mark, legal or regulatory outcomes if you are not providing legal services
If your site offers strategic guidance around naming, packaging or market positioning, be careful not to imply that a brand name is legally available unless proper checks have been done. Before a client registers a domain or print packaging, they may rely heavily on your wording.
Do your internal documents line up with your site?
Your website is often the first step in the contract chain. A prospect reads your site, submits an enquiry, receives a proposal, signs your terms and starts a project. If each stage says something different, friction builds fast.
Check alignment between your website and:
- Your proposal templates
- Your master services agreement or client terms
- Your confidentiality arrangements
- Your IP ownership clauses
- Your cancellation and payment terms
- Your onboarding forms and privacy notices
A consistent document set reduces the chance that a client says they relied on broader website promises than what the signed contract actually provides.
Common Mistakes With Website Terms Privacy Setup for Brand Strategy Agency
The most common mistake is treating website legal documents as generic admin. For agencies, they affect lead generation, portfolio use, marketing claims and client expectations from day one.
Using overseas templates without New Zealand updates
Many businesses paste in wording built for the UK, Australia, Europe or the US. That can create obvious issues. The terminology may not match New Zealand law, the privacy rights described may be inaccurate, and the governing law clause may point to the wrong country.
A borrowed template can also miss local business realities, such as how your agency handles information under the Privacy Act 2020 or how your marketing claims are assessed under the Fair Trading Act 1986.
Combining website terms and privacy into one vague page
One short page trying to cover both site use and privacy often ends up doing neither properly. Visitors need clarity on what rules apply to site use, and what happens to their personal information. Splitting the documents usually makes each clearer and more practical.
Forgetting what is actually on the website
Founders often review legal wording without reviewing the site itself. That leads to gaps. For example, your privacy policy may not mention analytics cookies, but your site tracks users. Or your website terms may say nothing about downloads, even though you offer brand planning resources.
Before you sign off on website legal documents, walk through the site page by page and list every place data is collected or third party tools are used.
Assuming an enquiry form is low risk
Contact forms seem simple, but they often collect more than basic contact details. A prospect might upload a brief, share campaign data, identify key staff, mention customer problems or disclose confidential launch plans. That is still information your business is responsible for handling appropriately.
This matters even more if form submissions go to shared inboxes, external freelancers or software systems that your agency has not fully mapped.
Displaying client logos and work samples without clear rights
This is one of the fastest ways to create tension with clients. A project may have been delivered successfully, but the client may still object to public use of their logo, internal strategy extracts or unpublished visual concepts.
Do not rely on a verbal promise or assume silence means consent. Get clear contractual permission, and make sure it covers the type of use you actually want.
Overpromising in case studies and testimonials
Case studies are powerful, but they need context. If a result depended on the client’s ad spend, product changes, internal team capability or seasonality, a stripped back headline may be misleading. The same goes for testimonials that suggest every client should expect the same outcome.
Leaving privacy responsibilities to software providers
Using reputable software helps, but it does not remove your agency’s responsibilities. If you collect personal information through your own site, you still need to explain that collection and choose providers thoughtfully. A software subscription is not a substitute for a privacy policy.
Thinking website terms solve client disputes
Website terms can support your position, but they are not your main client contract. If scope, payment, revision rights or ownership are unclear, the dispute usually turns on your signed service agreement, proposal wording and project communications, not just the website footer.
FAQs
Does a brand strategy agency in New Zealand need both website terms and a privacy policy?
Usually, yes. Website terms set rules for site use and help manage risk. A privacy policy explains how you collect, use and store personal information. They do different jobs.
Can I copy a privacy policy from another agency website?
No, that is risky. It may not reflect your actual data handling, and it may be based on another country’s law or a different business model. Your policy should match your own forms, tools and processes.
Do website terms protect my agency’s intellectual property?
They help, but they are only part of the picture. Website terms can state that your copy, graphics, downloads and other content are owned by you and cannot be reused without permission. Separate client contracts and IP clauses are still important.
Can I publish client logos and case studies if I worked on the project?
Not automatically. You should check your contract and any confidentiality commitments first. It is best to have express permission covering logos, samples, outcomes and promotional use.
What if my website uses booking tools, analytics or overseas software?
Your privacy policy should explain those tools in a way that reflects reality. You should also consider where information is stored, who can access it and whether overseas processing affects your privacy compliance.
Key Takeaways
- A proper website terms privacy setup for brand strategy agency work in New Zealand usually requires separate website terms and a privacy policy.
- Your website terms should address content ownership, disclaimers, acceptable use, downloads, third party tools and liability issues relevant to a service business.
- Your privacy policy should accurately describe what personal information your agency collects, why it collects it, how it is stored, and how people can access or correct it.
- Client logos, portfolio samples, testimonials and case studies should only be used with clear permission and careful, supportable wording.
- Website statements should align with your proposals and client contracts so prospects are not relying on broader public promises than your signed agreement actually provides.
- Generic or overseas templates often miss New Zealand legal context and the practical realities of agency marketing and lead generation.
If you want help with website terms, privacy policies, client contract alignment, intellectual property permissions, you can reach us on 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.








