top of page

Privacy Statement

Last Updated 21 May 2026

Overview

We are committed to protecting data and ensuring the highest standards of security and confidentiality. This Privacy Statement explains how we handle personal information in alignment with the AICPA SOC 2 Trust Services Criteria for Security, Confidentiality, and Privacy.

This statement explains what information we collect across our public touchpoints, how we safeguard it, and how we handle data under contract as a service provider. We may update this statement from time to time to reflect shifts in our operations or regulatory requirements.

 

What Information We Handle, and What We Do With It

To protect the proprietary nature of our platforms and our clients' operations, we strictly limit and separate the types of personal information we interact with:

 

1. Information We Collect About Our Clients and Users

 

We collect limited business information directly from our clients and licensed users of our website or platforms:

  • Account & Relationship Management: We collect names, corporate titles, and work contact details to manage accounts, handle billing, and communicate updates.

  • Platform Optimization: We log usage details (such as login times and features accessed). This data is used to maintain system performance, ensure security, and improve user experience.

 

2. Data Handled on Behalf of Our Customers (As an Agent)

 

Our corporate customers routinely utilize our secure platforms to process data under contract.

  • Strictly an Agent: In this capacity, we act purely as a Data Processor (agent). We do not own, control, or independently decide how this data is used.

  • Contractual Confidentiality: All customer-provided data is managed in strict accordance with the confidential clauses in our contracts and agreements executed with our clients.

  • No External Sharing: We only handle this data to perform the specific services agreed upon with our clients, and we never share, sell, or disclose this information to unauthorized third parties. Data is securely retained or permanently destroyed following the conclusion of our contractual obligations.

How We Store and Protect Information (SOC 2 Controls)

Regardless of the data type, we apply industry-standard administrative and technical safeguards across our entire on-premises and secure cloud infrastructure to prevent loss, misuse, or unauthorized access:

  • Data Encryption: All information is protected using strong encryption standards, including Transport Layer Security (TLS 1.2+) for data in transit and AES-256 for data at rest.

  • Access Governance: Internal access to data systems is restricted strictly to authorized personnel under the principle of least privilege, guarded by Multi-Factor Authentication (MFA).

  • Continuous Assessment: We maintain continuous security monitoring, logging, and periodic independent vulnerability assessments to proactively defend our environment.

  • Vendor Alignment: Any third-party infrastructure sub-processors we engage must independently maintain appropriate security compliance.

Rights

  • Direct Relationships: If you have provided your business contact details to us directly, you have the right to request access to or correction of that information.

  • Customer Data Deflection: Because we act as an agent and do not own or control the data uploaded by our corporate clients, we cannot directly fulfill individual access, deletion, or correction requests regarding customer-held data. If you believe your information is processed within a client's environment, please direct your inquiry directly to that specific organization (the Data Controller).

 

Contact Us

 

If you have any questions regarding our security architecture, compliance posture, or this Privacy Statement, please contact our Compliance Officer, via our contact form, or at Postal Address: PO Box 17271, Karori, Wellington

bottom of page