Draft — pending NZ-qualified legal review. The text below is a substantive working draft based on docs/compliance-notes.md and Privacy Act 2020. Final wording will be reviewed by a NZ-qualified lawyer before public launch. Until then, treat it as our best-effort statement of intent rather than a finalised contract.

Privacy Policy

Effective 1 May 2026 · Last reviewed draft 1 May 2026

ClearHold is operated in New Zealand and is subject to the Privacy Act 2020. This policy explains what personal information we collect, why we collect it, what we do with it, and the rights you have over it.

1. What we collect

  • Account: your name, email address, and password (hashed).
  • Property data: addresses, purchase dates, loan details, estimated values, and chattels that you enter.
  • Transactions: rental income and expense records you enter or import via Akahu bank sync.
  • Billing: Stripe payment records. We don't store card details — Stripe handles that.
  • Usage: minimal server-side analytics (page views, errors). No third-party trackers in-app.

1A. Information we collect indirectly

Some information about you reaches ClearHold from third parties rather than from you directly. The Privacy Act 2020 (IPP 3A, in force 1 May 2026) requires us to make you aware of this. The third parties below are services you have separately authorised — but the data they pass back to ClearHold is information about you that we are receiving indirectly, and you have rights over it.

  • Akahu (NZ): when you connect your bank, Akahu retrieves transaction records from your bank under a read-only consent you grant inside Akahu. ClearHold then receives those transactions (date, amount, description, counterparty, account identifier). Purpose: to categorise rental income and deductible expenses for your tax records. You can revoke Akahu access at any time, which stops further indirect collection — historical records already in your account remain editable and deletable through the standard rights below.
  • Stripe (USA / NZ): when you pay or update billing, Stripe sends ClearHold confirmation records (subscription status, invoice references, last-4 of card brand for support). Purpose: to keep your subscription state current and produce receipts. We never receive full card numbers.
  • Google Maps Platform (USA): when you enter a property address, ClearHold's server proxies a request to Google to retrieve a Street View / static-map image and a geocode (latitude / longitude). Purpose: to display the property image and pin the property location. The geocode is stored on the property record. Your IP is not sent to Google — the request is server-side.
  • Addy Solutions (NZ): address-autocomplete suggestions are returned to ClearHold as you type. Purpose: to validate the property address. The data we keep is the address you select, not the search history.

For each of these, you have the same rights described in section 4 below — to access the information we hold, correct it, or have it deleted. The processors we use are listed in section 3. We are the agency you can contact about indirect collection: see section 10.

2. How we use it

We use your information to provide the ClearHold service: store your records, prepare the figures that feed into your IR3R, send you transactional emails (receipts, activation, renewal reminders), and support you when you ask us for help. We don't sell, rent, or market your data to third parties.

3. Who we share it with

We use a small set of trusted service providers to run ClearHold:

  • Railway (USA) — hosting and database.
  • Stripe (USA/NZ) — payment processing.
  • Postmark (USA) — transactional email delivery.
  • Akahu (NZ) — optional bank transaction sync, read-only. You authorise Akahu directly.
  • Google Cloud (USA) — Maps / Street View images for property photos (requested by IP only).
  • Addy Solutions (NZ) — NZ address autocomplete.

Some of these providers host or process data outside New Zealand. We have reviewed their privacy practices and chosen providers who meet standards comparable to NZ's.

4. Your rights

Under Information Privacy Principles 6, 7, and 9 of the Privacy Act 2020, you have the right to:

  • Access the personal information we hold about you. Sign in and visit your Account page to download a complete JSON export of your records at any time. You may also request the same data by email and we'll send it within 20 working days.
  • Correct it if it's wrong. Most fields are editable inline in the app; if a record won't update, email us and we'll fix it.
  • Delete your account from the same Account page, or by emailing us. We mark the account immediately, sign you out, and delete personal records 90 days later (the 90-day window lets you change your mind without losing the records). Billing records are retained per Tax Administration Act 1994 s 22 — typically 7 years.
  • Complain to the Office of the Privacy Commissioner at privacy.org.nz if you believe we've mishandled your information.

5. Retention

We keep your data while your account is active. When you ask us to delete your account, personal records (properties, transactions, bank-connection metadata, loans, chattels, category rules, ring-fenced loss balances) are exportable for a 90-day grace window, then permanently deleted. Billing records — Stripe customer ID, subscription history, refund history — are retained for at least 7 years to satisfy our obligations under the Tax Administration Act 1994.

6. Security

All traffic to and from ClearHold is encrypted in transit using HTTPS. Passwords are hashed with bcrypt and never stored in plain text. Bank access is read-only via Akahu's open-banking OAuth flow — we never see your bank password and cannot move money. Production data is hosted on Railway, with daily automated backups. Access to the production environment is restricted to the operator and is logged.

7. Notifying you of a serious privacy breach

Under Part 6 of the Privacy Act 2020, if we suffer a notifiable privacy breach — a breach where there is a real risk of serious harm — we will notify you and the Office of the Privacy Commissioner as soon as practicable, and in any event within 72 hours of becoming aware of it. The notification will tell you what happened, what data was involved, what we're doing about it, and what you can do to protect yourself.

8. Children

ClearHold is built for adult landlords managing tax for their own rental properties. We do not knowingly collect information from anyone under 16. If you believe a minor has signed up, email us and we'll delete the account.

9. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email to your account address at least 14 days before they take effect. Continued use of the Service after the effective date means you accept the updated policy.

10. Questions or requests

Email hello@clearhold.nz. We'll respond within 20 working days as required under the Act. For more detail on our data-handling design, see our Privacy Impact Assessment (public document).

Questions? hello@clearhold.nz