Akahu Policies

Akahu’s purpose is to empower consumers to gracefully manage and derive value from their data. We want to work with reputable third party developers who deliver on that purpose through their products.

Akahu Policies set our expectations of minimum standards for developers that use our services. We do not audit or monitor your compliance with our policies. And we do not claim to consumers that we can ensure consistent compliance from accredited developer partners. However, accredited developer partners must:

  • Comply with these policies during their accreditation. If there is a conflict between the Developer Terms and these policies, the Developer Terms prevail.
  • In the event of any breach of these policies, or possible breach of these policies, immediately advise Akahu by emailing hello@akahu.io with relevant details.

Consumer Information Policy

Note: We update our policies from time to time. If we update this Consumer Information Policy, we will notify accredited partners by email. If you are required to comply with this Consumer Information Policy (as an accredited partner or as a provider of a service that integrates with an accredited partner's and interfaces with consumers) you can object to the change by notifying us in writing at hello@akahu.io within 14 days of the date that we notify accredited partners of the change. If you object to a change, we will discuss your concerns with you and use reasonable endeavours to resolve the issue. However, this does not relieve you from any contractual obligations to comply with the updated Consumer Information Policy.

We want to ensure that consumers are well informed when making decisions about how to manage and derive value from their data. 

To become an accredited developer partner, we require a dedicated Akahu landing page on your website. This guide outlines the requirements for the landing page, which must be discoverable from the navigation on your site. 

Describing your product

  • Describe your value proposition. Clearly explain the problem your product solves and/or the specific benefits it delivers.
  • Include a description of the benefits your customers will get from connecting their accounts through Akahu.

Images

  • Include a screen image of your app alongside a relevant Akahu screen image.
  • Include our Akahu logo, ensuring it appears smooth and crisp, and isn’t distorted.

 About Akahu

Include this description of Akahu:

<h2>About Akahu</h2>

<p>Akahu is New Zealand’s consumer data sharing platform.</p>

<p>For consumers, Akahu puts you in control of your personal data. Akahu makes it simple to access the data that organisations hold about you, and to share that data with trusted third parties.</p>

<p>For developers, Akahu enables your customers to seamlessly connect their data to your app through its APIs.</p>

<p>Find out more <a href="www.akahu.io" hreflang="en" media="all">here</a>.</p>

Describe the way your product uses Akahu

  • Explain the data that you collect, and how you use it.
  • Describe whether the connection is one-off or recurring (and if recurring, whether it’s time-limited).

Optional content

  • Showcase the positive impact of your product and Akahu integrations by including testimonials. A demo or a video customer case study can be a great way to show how your product works and explain the benefits.
  • Show people using the product to make it tangible.
  • Any other content that will help your prospective users to decide whether to share their data in order to get the most out of your product.

Privacy and Security Policy

Note: We update our policies from time to time. If we update this Privacy and Security Policy, we will notify accredited partners by email. If you are required to comply with this Privacy and Security Policy (as an accredited partner or as a provider of a service that integrates with an accredited partner's and interfaces with consumers) you can object to the change by notifying us in writing at hello@akahu.io within 14 days of the date that we notify accredited partners of the change. If you object to a change, we will discuss your concerns with you and use reasonable endeavours to resolve the issue. However, this does not relieve you from any contractual obligations to comply with the updated Privacy and Security Policy.

You must ensure that any data exchanged through Akahu and held in your systems is processed and stored securely. Below are the minimum standards that we expect.

Pen test by an external expert

Provide evidence to Akahu of a penetration test within 6 months of the date of your accreditation application.

Undertake a penetration test at least every 12 months during your accreditation.

OWASP Top 10

All relevant risks identified in the OWASP Top 10 list are appropriately addressed.

CIS Top 20

All relevant controls identified in the CIS Top 20 Security Controls list are appropriately addressed.