CertFetch

Legal Information

Privacy Policy

Last updated: 2/4/2026

1. Introduction

CertFetch (“we”, “our”, “us”) provides a secure platform for brokers and clients to store, manage, and share insurance-related documents. This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988 (including the Australian Privacy Principles).

2. Who This Policy Applies To

This policy applies to:

  • Brokers and broker team members
  • Clients and client company users
  • Subcontractors uploading documents via secure links
  • Website visitors, demo users, and prospects

3. Information We Collect

3.1 Personal Information

  • Name, email address, phone number
  • Business or company details
  • Login credentials and verification data
  • Notification and preference settings

3.2 Insurance Documents & Metadata

  • Certificates of Currency
  • Policy schedules and invoices
  • Subcontractor certificates
  • Document metadata such as policy numbers, expiry dates, and notes
  • Version history and document activity

Documents are never overwritten. Replacements create new versions and historical records remain accessible for compliance and audit purposes.

3.3 Usage, Security & Audit Data

To protect the platform and meet security and compliance obligations, we collect limited technical and security-related data, including:

  • IP address
  • Device and browser information
  • Login timestamps and session activity
  • Failed login and authentication attempts
  • Two-factor authentication events
  • Rate-limiting and abuse detection events
  • Document access, download, and share activity

3.4 Marketing & Sales Information

We may collect contact details when you request a demo, join a waitlist, or interact with marketing or sales materials.

4. How We Use Information

  • Authenticate users and manage accounts
  • Enable document upload, storage, sharing, and notifications
  • Enforce role-based access and company isolation
  • Maintain security, auditability, and system integrity
  • Meet legal, regulatory, and insurance record-keeping obligations

5. Data Storage & Security

Files are stored securely using AWS S3 with server-side encryption. Application data is stored in PostgreSQL with strict access controls.

  • HTTPS (TLS 1.2+)
  • bcrypt password hashing
  • Role-based access control
  • Company-level data isolation
  • Presigned, time-limited file access
  • Comprehensive audit logging

6. Sharing of Information

We do not sell personal information. Information is shared only with:

  • Linked brokers or clients, as configured within the platform
  • Trusted service providers (e.g. AWS, DigitalOcean, Resend, Twilio)
  • Regulators or authorities where legally required

7. Administrative & Emergency Access

CertFetch internal staff do not have default access to customer data. Limited administrative access may occur only in exceptional circumstances to provide support or resolve system issues.

Any such access is:

  • Explicitly approved by the relevant company owner
  • Time-limited and scoped to a specific company
  • Read-only
  • Fully audited and logged

8. International Data Processing

Data may be processed or stored in New Zealand or Australia through secure, compliant service providers. By using CertFetch, you consent to these arrangements.

9. Data Retention & Account Deletion

Insurance documents and related audit records are retained for a minimum of seven (7) years to meet regulatory and compliance obligations.

Account deletion is a managed process and does not result in immediate destruction of all data. A grace period applies to allow recovery, notification of linked parties, and orderly cleanup.

Certain records (including audit logs and compliance-related data) may be retained after account deletion where required by law or legitimate business interests.

10. Your Rights

You may request to:

  • Access your personal information
  • Request correction of inaccurate information
  • Request deletion, subject to legal obligations
  • Download your documents
  • Withdraw consent where applicable

Contact us at privacy@certfetch.com.

11. Cookies

CertFetch uses minimal cookies required for authentication, security, and core platform functionality. Optional analytics may be used to improve the service.

12. Subcontractor Uploads

Subcontractors may upload documents using secure, time-limited links. Uploaded documents are visible only to the requesting client and their linked broker.

13. Children’s Privacy

CertFetch is not intended for individuals under the age of 18.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of CertFetch after changes take effect constitutes acceptance of the updated policy.

15. Contact

For privacy-related questions or requests, contact us at privacy@certfetch.com.