This Privacy Statement explains how KinWise Limited (NZBN 9429053340344) collects, uses, discloses, and protects personal information under the New Zealand Privacy Act 2020. It applies to our websites, apps (including the KinWise Family Finance App), and our business-to-business services. We specialise in developing bespoke applications and business intelligence solutions. Our KinWise Family Finance App helps New Zealand households manage their finances together through collaborative budgeting tools.
1. Our Role
For our own apps and websites, KinWise is the agency that determines the purposes and means of processing (akin to a "controller"). For business-to-business services, we usually process personal information on our customer's documented instructions (akin to a "processor"). In those cases, our customer's privacy notice applies and a written Data Processing Addendum (DPA) governs security, sub-processors, audit rights, and data return/deletion on termination. Contact support@kinwise.co.nz for a copy.
2. What Personal Information We Collect
For the KinWise Family Finance App
- Transaction details and account information (from files you import or services you connect)
- User names, email addresses, and household member relationships
- Household roles and permission settings
- Receipt images and voice input data when you use those features
- Activity data from gamification features (stickers, milestones, achievements) for child profiles managed by parents
- Contact information for support and communications
For Business-to-Business Services
- Client or customer contact details
- Business information required to maintain functional relationships
- Usage information and interaction logs
Support and Communication
- Username
- Email address
- Details of your enquiry
3. Where We Collect Information From
Directly from You
- Sign up for the KinWise Family Finance App
- Provide account details and household member information
- Use features like voice-to-text and receipt scanning
- Set up our business-to-business services
- Contact us for support
From Third Parties (Only with Your Authorisation)
- Banks and financial institutions via methods you choose (CSV import, email receipt parsing, or Open Banking when available)
- Other services you connect to KinWise (for example, cloud storage you authorise us to read)
We do not collect information directly from government agencies (such as IRD, StudyLink, or KiwiSaver) unless you explicitly authorise a specific integration that we make available and you choose to use. If such integrations are offered, we will present a clear consent screen describing the information, the purpose, and how to disconnect.
What We Tell You When We Collect Information
- Purpose of collection: to provide household budgeting and financial management services
- How data will be used: sharing expenses, setting budgets, building positive money habits
- Consent and control: privacy settings let you choose what to provide
- Privacy safeguards: we comply with the Privacy Act 2020, use encryption and secure storage, and only share data with consent or as required by law
- Sensitive data protection: banking details and personal identifiers are protected; you can export or delete your data at any time
4. Why We Collect Your Personal Information
We collect personal information only to provide and improve KinWise services, support you, meet legal obligations, and develop features you choose to use. We do not sell personal information or use it for third-party marketing.
Household Financial Management
- Enable household financial management features and shared dashboards
- Facilitate receipt scanning, voice-to-text, and reminders
- Provide personalised insights and AI-powered suggestions
Communication and Support
- Email support and assistance
- Data export features
- Respond to enquiries and resolve issues
Compliance and Privacy
- Comply with the Privacy Act 2020
- Provide security and user control
- Fulfil legal and regulatory obligations
Internal Improvement
- First-party analytics to improve customer experience and design (no third-party advertising cookies)
5. How We Collect Information Fairly and Lawfully
- Compliance with the Privacy Act 2020 (lawful, fair, transparent)
- Purpose limitation: only for approved service-related purposes
- Minimal and relevant data collection (e.g., no bank passwords; bank data only via methods you choose)
- Transparency and informed consent at the time of collection
- User control: manage settings, export/delete data any time
6. Cookies and Analytics
We use essential cookies to operate the service and first-party analytics to understand aggregate usage and improve features. You can control non-essential cookies in your browser. We do not use third-party advertising cookies. See our Cookie Policy for details.
7. How We Protect Your Information
Hosting and Encryption
- Primary hosting in AWS Asia Pacific (Auckland, New Zealand)
- Encryption at rest (AES-256/KMS) and in transit (TLS 1.2+)
Access Controls
- Least-privilege, role-based access; MFA enforced for staff
- Audit logging and session timeouts (10 minutes of inactivity)
- Two-factor authentication available for users
Security Testing and Monitoring
- Regular vulnerability scanning and annual penetration testing
- Logging to identify potential security breaches
- Documented data export and deletion procedures
Payment Security
Subscription payments are processed by a third-party payment provider. Full card numbers (PAN) do not pass through or reside in KinWise systems. The provider is responsible for PCI DSS compliance for card data in its systems.
Secure Backups
- Encrypted cloud backups, automated daily
- Backups roll off within 35 days
8. Where Your Information Is Processed
We host primary customer data in New Zealand (AWS Asia Pacific — Auckland). Some trusted service providers (email delivery, error monitoring, analytics, payments) may process limited personal information outside New Zealand. Disclosures follow IPP12 with contractual and technical safeguards. A list of core service providers and processing locations will be published at a later date.
9. How Long We Keep Information
- Active accounts: kept while active
- After closure: delete or anonymise within 30 days, except:
- Financial records: 7 years (IRD requirements)
- Support tickets & audit logs: 24 months
- Backups: 35-day rolling
Request deletion any time via the app or support@kinwise.co.nz; we'll confirm completion.
10. How You Can Access Your Personal Information
- In-app: view and export (CSV/PDF)
- Formal request: via in-app support or email; we respond within 5–10 business days
11. How You Can Correct Your Personal Information
12. Portability and Data Return
You can export your information from the app in a machine-readable format. Business customers may request a data return on termination in a commonly used format as set out in the DPA.
13. How We Keep Your Information Accurate
- User control via app settings
- Periodic reminders to review details
- Verification of third-party information before use
14. Children and Family Accounts
- Family features are managed by a parent/guardian account
- No standalone child accounts
- Parents control invitations, visibility, and deletion
- Minimum data for age-appropriate features (stickers/badges/achievements)
- Plain-language explanations for rangatahi
If a child created an account without permission, contact us and we will delete it.
15. Unique Identifiers
We assign unique identifiers (e.g., Customer IDs) to manage accounts and roles. They are encrypted, access-restricted, and not disclosed to unauthorised parties. Identifiers received from services you connect (e.g., bank account numbers) are protected to the same standard.
16. Privacy Breaches
We assess all incidents under the Privacy Act 2020. If a breach is likely to cause serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as soon as practicable, including what happened, what information was involved, and steps to reduce harm.
Business Customers — Incident Timeframes
- Acknowledge within 24 hours of becoming aware
- Initial assessment within 72 hours (scope, affected data types, mitigations, next steps)
- Ongoing updates until containment and remediation are complete
17. AI-Powered Features
KinWise uses artificial intelligence to power features such as the KinWise Assistant (chat), voice prompts, Smart Insights, and other tools. This section explains how your information is used in connection with these features.
What Data AI Features Use
- Messages and queries you submit to the KinWise Assistant
- Spending patterns and transaction summaries (used to generate insights)
- Voice input data when using voice prompt features
- Receipt images when using photo snap receipt upload
How AI Data Is Processed
- Your data may be sent to third-party AI service providers to generate responses and insights
- We use contractual and technical safeguards with all AI service providers
- AI service providers are prohibited from using your data to train their models
- Conversation data is retained only as long as needed to provide the service and improve accuracy
Important Limitations
- AI-generated content is general information only and is not personalised financial, legal, or tax advice
- AI may produce inaccurate, incomplete, or outdated information
- You should always verify important information and seek guidance from a qualified professional before making financial decisions
Your Control
- You can turn AI-powered insights off at any time in Settings
- You choose whether to use AI features such as the KinWise Assistant, voice prompts, and receipt scanning
- We do not make solely automated decisions with legal or similarly significant effects
18. Emails and Messages
We only send electronic messages in line with New Zealand's anti-spam rules (Unsolicited Electronic Messages Act 2007). All marketing emails include an unsubscribe link that works for at least 30 days. Service messages (security, billing, changes to terms) may still be required.
19. Accessibility
We aim to meet WCAG 2.1 AA for public-facing interfaces. See our Accessibility Statement.
21. Contact for Privacy Matters
For questions or to exercise your rights, contact the Case Investigations and Support Team at support@kinwise.co.nz or via the app. We aim to respond within 5–10 business days.
22. Changes to This Privacy Policy
We may update this policy to reflect changes in our practices or legal requirements. When we make changes, we update the "Last Updated" date. If the changes are significant, we will notify you via email or in-app. Continued use after changes indicates acceptance.
23. Governing Law
This Privacy Policy is governed by the laws of New Zealand, including the Privacy Act 2020. Any disputes relating to this policy will be subject to the exclusive jurisdiction of the New Zealand courts.
KinWise Limited · NZBN: 9429053340344 · Email: support@kinwise.co.nz · Tagline: Innovate For Good