Privacy Notice

Updated: 24 February 2021

Plain English section

This plain English section is here to provide a simple explanation of the most important questions that you might have about Akahu. However this plain English section is not legally binding. The remaining sections of this Privacy Notice below are the legal terms that apply. 

  • Consent: Akahu will obtain your consent before carrying out any instruction regarding your accounts.
  • Privacy: Akahu does NOT sell or rent your data for research or marketing purposes. 
  • Storing your data: If you grant one-off consent to Akahu in relation to your accounts, we will never store your login credentials and will delete any other data you instruct us to retrieve within 30 days. If you grant enduring consent to Akahu in relation to your accounts, we will store your data and your login credentials (in order to carry out your ongoing instructions) until you revoke your consent or request that we delete your data. 
  • Data minimisation: When you instruct Akahu to exchange your data with a 3rd party, we aim to minimise any data shared with that 3rd party. For example, if the 3rd party wants to verify your income, we’ll aim to retrieve your transaction data and filter non-relevant transactions to reduce oversharing.

Introduction

Welcome to Akahu. We take the privacy and protection of your data seriously. We want you to clearly understand how we collect, use, store, disclose, and otherwise process information about you. That's what this privacy notice is for, so please read it carefully and feel free to contact us if you have any questions - our contact details are at the end of this notice. 

In this notice, 'Akahu', 'we', 'us' and 'our' is Akahu Technologies Limited and 'you' and 'your' is you - the person using an app that integrates with our services, or using our services directly.  

You should also read our End User Terms, as they are an agreement between you and us, and include important information about your use of our services. 

We may update this notice from time to time, and the updated notice will apply from the time it is posted to our website. You may view an up-to-date copy of this notice at any time at akahu.io/privacy-notice. If you do not agree to any changes, you must stop using our services.

You may choose not to provide us with information about you, but if you don't, we may not be able to provide any of our services to you, and functionality within third party applications that rely on our services may not be available to you.

Background

To understand what information we collect and how we use it, you first need to understand how our services work.  This is set out in detail in our End User Terms, but we’ve included a summary below.

Akahu is a consumer data sharing platform. We make it simple to access the data that organisations hold about you, and to share that data with trusted third parties of your choice. Our services allow you to connect your data sources (such as a bank account) to Akahu in order to exchange specific data with third party apps (such as a new bank that you want to join) ('Third Party App').

For Third Party Apps: Akahu includes software and tools that app developers use to enable functionality within their Third Party Apps, including to:

  • easily obtain information from accounts you connect to Akahu (such as your bank or electricity provider account);
  • initiate payments in a Third Party App; and 
  • verify your identity.

For you: Akahu provides an interface for you to connect accounts and consent to sharing specified data with Third Party Apps:

  • One-off consent: If you are providing a Third Party App with one-off consent to deal with your data, you will connect the relevant account(s) to Akahu, then Akahu will retrieve or send the specified data on behalf of the Third Party App. For example, you might consent to sharing your name and address from an existing bank account in order to verify your identity with the Third Party App of a new bank that you’re joining. 
  • Enduring consent: If you are providing a Third Party App with enduring consent to deal with your account, you will connect the relevant account(s) to Akahu, then Akahu will repeatedly retrieve or send the specified data on behalf of the Third Party App. For example, you might consent to sharing your bank transaction data on a daily basis with a Third Party App that enriches and categorises your spending. 

Importantly, providers of Third Party Apps that process your data will do so in accordance with their own terms and privacy policies - you should read those terms and policies carefully as we do not control how those providers engage with you or use your data.

The Akahu dashboard

The purpose of Akahu is to empower consumers to manage and leverage their data. In your Akahu dashboard, you can view any enduring consent that you have granted to Akahu and any Third Party Apps. You can also see a log of data requests from each of these Third Party Apps.

In the Akahu dashboard, you can control your preferences, including:

  • revoking any enduring consent that you have provided to Akahu and Third Party Apps;
  • asking us to delete your data that we store.

You can access the Akahu dashboard at my.akahu.io.  If you haven't already created an Akahu account, you'll need to do that first - follow the instructions on the website.

What information do we collect

We may collect the following types of information.

Information you provide such as your identification details (such as your name, email address, phone number, and username), biometrics (including photos you provide as part of identity verification), details of accounts you connect to Akahu (such as login information and credentials for those accounts, which may include tokens, passwords, and security questions and answers), and any written communications with us (such as queries or instructions).

Information we collect from accounts you connect to Akahu, such as:

  • account information, including the provider name, account name, account type, account ownership, branch, account and routing number;
  • financial information, such as balances, payment due dates, transaction details and history, credit limits, and product details;
  • identifiers and information about the account owner(s), including name, email address, phone number, date of birth, address information, and other personal identifiers;
  • information about usage, such as your energy consumption if you link your power company account, or data usage if you link your mobile phone account.

Information we receive from your device -  when you use your device to connect to Akahu, we receive identifiers and electronic network activity information about that device, including IP address, hardware model, operating system, which Akahu features you access, and other technical information about the device. We also use cookies or similar tracking technologies to collect usage statistics and to help us provide and improve our services.

Information we receive from other sources - we also receive information about you directly from Third Party Apps and other third parties, including our service providers and identity verification services.

When you agree to our End User Terms and connect an account to Akahu, you give us the authority to act on your behalf to exchange your data to and from the provider of the accounts you have connected to Akahu.

How we use and disclose your information

Let’s address an important point right at the start - Akahu is designed to carry out your instructions in relation to your data. We don’t sell your data or share it with third parties, other than specifically described below.

We use your information for a number of purposes, including to operate, improve, and protect Akahu, and to develop new services. More specifically, we may use your information:

  • to operate, provide, maintain, and improve Akahu, including to facilitate the exchange of data between Third Party Apps and the account(s) you have connected to Akahu;
  • to protect you, developers, our partners, us, and others from fraud, malicious activity, and other privacy and security-related concerns;
  • to communicate with you;
  • to provide customer support to you or to developers, including to help respond to your inquiries related to Akahu or Third Party Apps;
  • to investigate any misuse of Akahu or Third Party Apps, including criminal activity, or other unauthorised access to our services; 
  • to provide or facilitate verification of your identity; 
  • to comply with laws; 
  • to research and market products and services; and
  • for other notified purposes with your consent.

We may share your information:

  • with providers of Third Party Apps that you have instructed Akahu to share your data with;
  • with our service providers, partners, or contractors in connection with the services they perform for us or Third Party Apps;
  • if we believe that disclosure is appropriate to comply with applicable law, regulation, or legal process;
  • in connection with a change in ownership or control of all or a part of our business;
  • between us and our current and future related companies;
  • as we consider appropriate to protect the rights, privacy, safety, or property of you, Third Party Apps, our partners, us, and others; or
  • for any other notified purpose with your consent.

Sometimes the people we disclose your information to will be located outside New Zealand and may not be subject to laws that provide a comparable level of protection to New Zealand's Privacy Act 2020 (Privacy Act).  By using Akahu or a Third Party App, you are authorising us to transfer your personal information overseas.  We will use reasonable endeavours to ensure people we disclose your information to overseas protect it in a way comparable to the protections under the Privacy Act, such as including provisions in our contracts with them or by checking to ensure they are subject to laws with equivalent protections.

Digital ID verification

Many organisations verify the identity of their customers before they provide services to them. 

To streamline identity verification processes, Akahu enables Third Party Apps to access your data (with your consent) from your connected data sources (such as your bank account) and other sources (such as credit bureaus or government agencies), to help you to verify your identity electronically.   For example, a Third Party App may request your name, date of birth, address, and your driver licence details, which Akahu may help to verify from data sources that you connect to Akahu.

Storage of your information

Your information will be stored in data centres that are owned either by us or our related companies or our external service providers. We currently use Australian-based data centres. We use a range of physical and electronic data security measures to protect information from loss and unauthorised use, access, modification, or disclosure.

Deletion of your information

We will delete your information when we no longer need it for the purposes for which it was collected.

  • When you grant one-off consent: Akahu will delete all of your data related to accessing your account, such as login credentials, immediately after your request has been processed. We will delete all of your other data, such as bank statements that have been retrieved in accordance with your request, from our databases within 30 days of processing the request. 
  • When you grant enduring consent: Akahu will store your data in our databases until your consent expires or is revoked. We will then delete your data within 24 hours of that expiry or revocation. You can use the Akahu dashboard to manage any enduring consent that you have granted to Akahu. You can also instruct us, via the Akahu dashboard, to delete information about you, which we will action as soon as possible.

We will not delete information we are required by law or regulatory obligations to retain.

Our contracts with developers of Third Party Apps require them to delete your information if you instruct us to do so via the Akahu dashboard, however we cannot verify or guarantee that the Third Party App provider will do so.

Access to and correction of your information

You can request access to and correction of personal information we hold about you by contacting us - our details are at the end of this notice.

Under the Privacy Act, in some circumstances we do not have to give you access to or correct your personal information. If that is the case, we will explain why and provide information about how you can complain should you wish to do so.

Complaints

We hope that you won't have any issues with how we process your data, but if you do, you can get hold of us using the contact details at the end of this notice. We'll do our best to work with you to resolve the complaint.

You can also complain to the Privacy Commissioner if you're not happy with how we're handling things - see privacy.org.nz for more details.

How to contact us

We're always keen to hear from you. You can get hold of us at hello@akahu.io.