CertFetch

Legal Information

Privacy Policy

Last updated: 12/7/2025

1. Introduction

CertFetch (“we”, “our”, “us”) provides a platform for brokers and clients to securely store, manage, and share insurance documents. This Privacy Policy outlines how we collect, use, store, and protect your personal information in accordance with the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988 (including the APPs).

2. Who This Policy Applies To

This policy applies to brokers, clients, subcontractors, and website visitors.

3. Information We Collect

Personal Information

  • Name, email, phone, business details
  • Login details and verification codes
  • Notification preferences

Insurance Documents & Metadata

  • Certificates of Currency
  • Policy schedules and invoices
  • Subcontractor certificates
  • Version history and document activity

Usage & Activity

  • Login times, IP address, device/browser info
  • Document access, download, and share tracking

Marketing Data

Provided when signing up for demos or landing pages.

4. How We Use Information

  • Authenticate users and manage accounts
  • Enable document upload, storage, sharing, and notifications
  • Improve platform functionality and security
  • Meet legal and insurance record-keeping obligations

5. Data Storage & Security

Documents are securely stored on AWS S3 (Sydney region) with presigned URLs and server-side encryption. Application data is stored in PostgreSQL with strict access controls.

  • HTTPS (TLS 1.2+)
  • bcrypt password hashing
  • Role-based access (broker/client/master)
  • Audit logs for document activity

6. Sharing of Information

We never sell personal information. We only share it with:

  • Your linked broker or client (as configured)
  • Service providers (AWS, DigitalOcean, Resend, Twilio)
  • Authorities if legally required

7. International Transfers

Data may be processed in Australia or New Zealand through secure, compliant service providers. By using CertFetch, you consent to these transfers.

8. Data Retention

Insurance documents and activity logs are retained for a minimum of 7 yearsto comply with AU/NZ regulations. Marketing data may be removed upon request.

9. Your Rights

You may request to:

  • Access your personal information
  • Request correction or deletion
  • Disable notifications
  • Download your stored documents
  • Withdraw consent

Email: privacy@certfetch.com

10. Cookies

CertFetch uses minimal cookies for login sessions, security, and optional analytics.

11. Subcontractor Uploads

Subcontractors can upload certificates using secure time-limited links. Uploaded documents are only visible to the requesting client and their broker.

12. Children’s Privacy

The platform is not intended for individuals under 18.

13. Changes to This Policy

We may update this Privacy Policy periodically. Continued use of CertFetch constitutes acceptance of the updated version.

14. Contact

For privacy requests or questions, email us at privacy@certfetch.com.