1. Introduction

This Data Retention Policy explains how CertFetch (“we”, “our”, “us”) stores and retains documents and personal information on behalf of brokers, clients, and subcontractors. This policy aligns with New Zealand’s Privacy Act 2020 and Australia’s Privacy Act 1988.

2. CertFetch Is Not a Regulated Archive

CertFetch is a document management platform. We do not act as a financial service provider or an official records archive. Brokers remain solely responsible for meeting any regulatory record-keeping obligations, including the requirement to retain insurance documents for up to 7 years.

Deleting a document within CertFetch does not remove a broker’s legal responsibility to maintain their own business records outside the platform.

3. How Long We Retain Data

3.1 Insurance Documents & Uploaded Files

Documents stored in CertFetch are retained for as long as the user’s account remains active, unless the user chooses to delete them.

• Clients may delete their own documents at any time.
• Brokers may delete documents they uploaded for their clients.
• Subcontractor uploads are retained until the managing client or broker deletes them.

3.2 Deleted Documents

When a user deletes a document, CertFetch does not retain a backup copy unless required by law. Deleted documents are permanently removed from our active storage.

3.3 Account Information

User account details (name, email, business info) are retained while the account remains active. Upon account closure:

• Personal information is deleted or anonymized where legally allowed
• Documents remaining in the account are deleted

3.4 Activity Logs

Log data (logins, downloads, notifications) may be retained for up to 7 years for security, auditing, and platform integrity.

4. Broker Responsibilities

Brokers are required under New Zealand and Australian regulations to keep certain insurance records for a minimum of 7 years. CertFetch does not fulfill this requirement on their behalf.

Brokers must maintain their own archive systems outside of CertFetch to meet any licensing or compliance obligations.

5. Storage Locations

CertFetch stores documents using:

• AWS S3 (Sydney or equivalent region)
• Encrypted storage with presigned, time-limited access links
• PostgreSQL for metadata and user information

6. User-Controlled Deletion

Users may delete their documents or close their accounts at any time. CertFetch does not prevent deletion based on regulatory retention requirements because those requirements apply to brokers directly, not to CertFetch.

7. Changes to This Policy

We may update this policy periodically. Continued use of CertFetch constitutes acceptance of the updated policy.

8. Contact

For questions regarding data retention, contact: privacy@certfetch.com