Privacy Policy

Last updated: 26th May, 2020.

This document sets out what personal information ('we') collect, why it is collected and how that information is used. This document makes clear who has access to your data, how you can expect it to be used and what your rights are. The primary purpose of is to help small businesses keep a record of who has visited their premises and to help visitors keep a record of businesses they have visited. The purpose is to facilitate data collection for businesses who must comply with the New Zealand Government regulations. Further information can be found here: This service is provided in good faith and we take no responsibility for any loss of data or damages caused to businesses or individuals for any reason. We just hope that this service saves lives. This privacy policy should be read together with our terms of use.

What information do we collect?

From businesses we collect: - An email and password combination. - A name (company name) and place (address) for each logbook you create. - The current time whenever a logbook is created. From visitors we collect: - A name. - A phone number. - An email address. - The current time whenever a record is entered into a logbook. Whenever a logbook entry is made, we link the information collected from the user to the logbook.

Why do we collect this information and how is it used?

An email and password combination is collected to secure access to your account. A name and address is collected for each logbook. Whenever a user logs a visit, we include the name and address information in the visit receipt. This is done to remind the user of where they have been. We collect the logbook creation time to organise your logs chronologically in the app. From visitors we collect a name, phone number, email address and the current time. Each record collected is then linked with a logbook operated by a business. This contact information can then be used to inform the visitor of a possible exposure to covid19. All information collected will be used for the sole purpose of contact tracing in relation to covid19.

How long is visitor data stored and who has access?

We will store collected visitor data for up to 2 months on our servers. After the visitor data has been in the system for 2 months, it will be erased. Businesses have the option to export the visitor data as a CSV file. By using our services business owners agree to erase any exported visitor data after 1 month. This implies a maximum possible data retention time of 3 months. We will not be held liable in the event that a business breaches the agreement in the above clause. In addition to storing data within our service, receipts are also generated. These are stored locally on the users device. These receipts will be stored indefinately unless the user chooses to clear their cache. The New Zealand Government will be given access to logbooks upon request. This may be done either by the business providing them with the data or we may provide access ourselves.

Securing access to personal and confidential data

We collect and use an email and password combination to secure access to your data. We recommend using a unique and complex password to improve the security of your account. We will send you a confirmation email to verify you are the owner of the email address. In the event that you forget your password we may also use this email to reset access to your account. Our service is hosted by Heroku who use AWS datacentres. We use HTTPS and SSL to encrypt all data in transit between between the users device and our service. We use industry standard technology to create an encrypted channel when sending your email and password combination to our servers. Once recieved, we store a copy of your email and an industry standard hash and salt of your password. This enables us to verify your password without storing it.

Your rights

You may request that we delete your personal information from our servers at any time. When we receive your request, we will remove your data from our service within 10 business days. For any records that are removed, we will notify the owner of the associated logbook that you have requested to remove the data from our service. The logbook owner is expected to make a manual copy of your data to comply with Government regulations.

Agreement and additional information

You agree that we may update this privacy policy at any time without notice. By continuing to use our service you agree to the latest version of the privacy policy. If you have questions, please email us at [email protected].