Legal

Privacy Policy

Last updated: 4 April 2026

1. Introduction

AccreditAZ is operated by SecureAZ Limited ("we", "us", "our"). This Privacy Policy describes how we collect, use, and disclose your personal information when you use the AccreditAZ platform and website (collectively, "the Service"). We use your personal data to provide and improve the Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. We process personal data in compliance with the New Zealand Privacy Act 2020.

2. Information We Collect

2.1 Personal Data

When you register for an account or use the Service, we may collect the following personal information:

  • First and last name
  • Email address
  • Phone number
  • Organisation name and role
  • Billing and payment information

2.2 Usage Data

We automatically collect information about how you access and use the Service, including your device's IP address, browser type and version, the pages you visit, the time and date of your visit, time spent on pages, and other diagnostic data.

2.3 Compliance Data

You may upload compliance-related data to the Platform including risk assessments, evidence documents, system security plans, and incident reports. We process this data solely to provide the Service. Your organisation remains the data controller for all compliance data.

2.4 Cookies and Tracking

We use cookies and similar tracking technologies to track activity on the Service and store certain information. These include:

  • Session cookies: To operate the Service and maintain your login session
  • Preference cookies: To remember your settings and preferences
  • Analytics cookies: To understand how the Service is used and improve it

You can configure your browser to refuse cookies, though this may affect your ability to use some features of the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Manage your account and subscription
  • Process payments and send billing information
  • Contact you regarding updates, security alerts, and support
  • Respond to your enquiries and provide customer support
  • Analyse usage patterns to improve the Service
  • Detect, prevent, and address technical issues or security threats
  • Comply with legal obligations

4. How We Share Your Information

We may share your personal information in the following circumstances:

  • Service providers: With third-party companies that help us operate the Service (hosting, payment processing, analytics), who are bound by confidentiality obligations
  • Legal requirements: If required by law, regulation, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets
  • With your consent: For any other purpose with your explicit consent

We do not sell your personal data to third parties.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. When you terminate your account, you may request an export of your data within 30 days, after which we will securely delete it.

6. Data Security

The security of your personal data is important to us. We implement appropriate technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Under the New Zealand Privacy Act 2020, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information (subject to legal requirements)
  • Complain to the Office of the Privacy Commissioner if you believe your privacy has been breached

To exercise these rights, contact us using the details below.

8. Children's Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. If you become aware that a child has provided us with personal data, please contact us immediately.

9. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. We may also notify you via email for significant changes. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: