Akahu Policies

Akahu’s purpose is to empower consumers to gracefully manage and derive value from their data. We want to work with reputable third party developers who deliver on that purpose through their products.

Akahu Policies set our expectations of minimum standards for developers that use our services. We do not audit or monitor your compliance with our policies. And we do not claim to consumers that we can ensure consistent compliance from accredited developers. However, accredited developers must:

  • Comply with these policies during their accreditation. If there is a conflict between the Developer Terms and these policies, the Developer Terms prevail.
  • In the event of any breach of these policies, or possible breach of these policies, immediately advise Akahu by emailing hello@akahu.nz with relevant details.

Consumer Information Policy

Note: We update our policies from time to time. If we update this Consumer Information Policy, we will notify accredited developers by email. If you are required to comply with this Consumer Information Policy (as an accredited developer or as a provider of a service that integrates with an accredited developer and interfaces with consumers) you can object to the change by notifying us in writing at hello@akahu.nz within 14 days of the date that we notify accredited developers of the change. If you object to a change, we will discuss your concerns with you and use reasonable endeavours to resolve the issue. However, this does not relieve you from any contractual obligations to comply with the updated Consumer Information Policy.

We want to ensure that consumers are well informed when making decisions about how to manage and derive value from their data. 

To become an accredited developer, we require a dedicated landing page on your website to explain the relationship between your app and Akahu, and provide enough detail for consumers to choose whether they see value in connecting their data to your app via Akahu. This guide outlines the requirements for the landing page, which must be discoverable from the navigation on your site. 

Describing your product

  • Describe your value proposition. Clearly explain the problem your product solves and/or the specific benefits it delivers.
  • Include a description of the benefits your customers will get from connecting their accounts to your app through Akahu.

Images

  • Include a screen image of your app alongside a relevant Akahu screen image.
  • Include our Akahu logo, ensuring it appears smooth and crisp, and isn’t distorted.

 About Akahu

Include this description of Akahu:

About Akahu

Akahu is New Zealand’s open finance platform.

Akahu makes it simple to access the data that organisations hold about you, and to share that data with trusted third parties.

If you choose to connect accounts to our app, you can manage those connections by visiting my.akahu.nz.

Find out more about Akahu here. [include a link to akahu.nz]

Describe the way your product uses Akahu

  • Describe any data that you collect, and how you use it.
  • Describe whether the connection is one-off or ongoing.

Optional content

  • Showcase the positive impact of your product and Akahu integrations by including testimonials. A demo or a video customer case study can be a great way to show how your product works and explain the benefits.
  • Show people using the product to make it tangible.
  • Any other content that will help your prospective users to decide whether to share their data in order to get the most out of your product.

Privacy and Security Policy

Note: We update our policies from time to time. If we update this Privacy and Security Policy, we will notify accredited developers by email. If you are required to comply with this Privacy and Security Policy (as an accredited developer or as a provider of a service that integrates with an accredited developer and interfaces with consumers) you can object to the change by notifying us in writing at hello@akahu.nz within 14 days of the date that we notify accredited developers of the change. If you object to a change, we will discuss your concerns with you and use reasonable endeavours to resolve the issue. However, this does not relieve you from any contractual obligations to comply with the updated Privacy and Security Policy.

You must ensure that any data exchanged through Akahu and held in your systems is processed and stored securely. Below are the minimum standards that we expect.

OWASP Top 10

Required

All relevant risks identified in the OWASP Top 10 list are appropriately addressed.

CIS Controls

Required

All relevant controls identified in the CIS Controls list are appropriately addressed.

Pen test by an external expert

At Akahu's discretion

Provide evidence to Akahu of a penetration test within 6 months of the date of your accreditation application.

We strongly recommend that you undertake an external penetration test at least every 12 months during your accreditation.