LEGAL
PRIVACY POLICY
AT A GLANCE — WHAT THIS POLICY COVERS
What personal information we collect about you and your clients
How and why we use that information
Who we share it with and why
How long we keep it and how we protect it
Your rights under the NZ Privacy Act 2020
How to contact us with privacy concerns
CONTENTS
WHO WE ARE
This Privacy Policy is issued by Bluemint Co Technologies Limited (referred to in this policy as "Bluemint", "we", "us", or "our"), a company incorporated in New Zealand.
Bluemint operates an AI-powered software platform designed for financial advisers to manage client workflows, compliance documentation, applications, and reporting. We are the data controller in respect of personal information collected through our website and platform.
Our registered postal address is: P.O. Box 65613, Mairangi Bay 0754, Auckland, New Zealand.
Privacy enquiries: support@bluemintco.com
SCOPE OF THIS POLICY
2.1 This Privacy Policy applies to:
- visitors to our website at bluemintco.com;
- financial advisers and their team members who subscribe to and use the Bluemint platform;
- individuals who contact us for information, support, or sales enquiries; and
- prospective customers and investors who interact with us.
2.2 This policy does not apply to the personal information that you, as a financial adviser, collect from and hold about your own clients through the platform. That information is your responsibility as data controller.
2.3 This policy should be read alongside our Terms of Use and Cookie Policy.
INFORMATION WE COLLECT
3.1 We collect personal information in two distinct capacities - information about our customers (advisers and their teams) and information about end clients uploaded to the platform by those advisers. The table below summarises what we collect about our direct customers:
| CATEGORY | EXAMPLES | WHY WE COLLECT IT |
|---|---|---|
| Identity Information | Full name, job title, employer | Account creation and verification |
| Contact Information | Email address, phone number, postal address | Communication, invoicing, support |
| Account Credentials | Username, encrypted password, MFA details | Secure platform access |
| Billing Information | Payment card details (tokenised), billing address, invoice history | Processing subscription payments |
| Business Information | Advisory name, FAP licence number, team size, plan type | Account configuration and compliance |
| Usage Data | Features used, login times, actions taken in the platform | Platform improvement, support, security monitoring |
| Technical Data | IP address, browser type, device identifiers, OS | Security, performance, troubleshooting |
| Communications | Emails, support tickets, demo requests, survey responses | Customer support and service improvement |
| Marketing Preferences | Communication preferences, opt-in/opt-out status | Sending relevant communications with consent |
3.2 We do not collect sensitive personal information (such as health, financial, or biometric data) directly from our customers, unless voluntarily provided in a support context.
HOW WE COLLECT INFORMATION
We collect personal information through the following means:
- Directly from you - when you register for an account, complete a demo request form, contact us, respond to surveys, or communicate with our team.
- Automatically - when you access our website or platform, through cookies, log files, and analytics tools that collect technical and usage data.
- From third parties - such as payment processors, identity verification providers, or referral sources, where relevant to providing the platform.
- From your use of the platform - including actions you take, documents you upload, and configurations you set up within your account.
HOW WE USE YOUR INFORMATION
5.1 We use personal information we collect about our customers for the following purposes:
| PURPOSE | DESCRIPTION |
|---|---|
| Providing the Platform | Creating and managing your account, processing your subscription, and delivering the platform services you have subscribed to |
| Billing & Payments | Processing subscription payments, issuing invoices, handling payment disputes, and managing overdue accounts |
| Customer Support | Responding to support requests, troubleshooting issues, and providing onboarding and training |
| Platform Improvement | Analysing usage patterns and feedback to develop new features, fix bugs, and improve performance |
| Security & Fraud Prevention | Monitoring for unauthorised access, detecting suspicious activity, and protecting the integrity of the platform |
| Legal Compliance | Meeting our obligations under applicable laws, including tax, financial services, and privacy legislation |
| Marketing Communications | Sending relevant product updates, feature announcements, and promotional content - with your consent, and you may opt out at any time |
| Business Analytics | Producing aggregated, anonymised reports on platform usage for internal planning and investor reporting |
CLIENT DATA - SPECIAL PROVISIONS
IMPORTANT DISTINCTION
This section addresses personal information about your clients that you upload to or generate within the Bluemint platform. This is fundamentally different from the information we collect about you as our customer.
6.1 When you use the Bluemint platform to manage your clients, you upload and generate personal information about those clients - including their identity, financial position, insurance details, mortgage data, investment information, and related documents ("Client Data").
6.2 In respect of Client Data, you are the data controller and Bluemint is the data processor. This means:
- you determine the purposes and means by which Client Data is processed;
- you are responsible for ensuring your collection and use of Client Data is lawful under the Privacy Act 2020 and any other applicable legislation;
- you are responsible for obtaining all necessary consents from your clients to collect and use their information via the Bluemint platform; and
- Bluemint processes Client Data only on your documented instructions and for the purpose of providing the platform services to you.
6.3 Bluemint will:
- process Client Data only as necessary to provide the platform and as directed by you;
- not share, sell, or use Client Data for any commercial purpose beyond delivering the platform;
- implement appropriate technical and organisational security measures to protect Client Data;
- notify you promptly in the event of any security incident affecting Client Data; and
- on termination of your subscription, make Client Data available for export for 30 days, after which it will be securely deleted.
6.4 You acknowledge that the sensitive nature of financial client data means it is subject to heightened obligations. You must ensure your clients' data is only uploaded to the platform where you have the authority to do so.
LEGAL BASES FOR PROCESSING
We process personal information only where we have a lawful basis to do so under the Privacy Act 2020. Our legal bases are:
- Contract performance - processing necessary to provide the platform services you have subscribed to, including account management, billing, and support.
- Legitimate interests - processing for security monitoring, fraud prevention, platform improvement, and business analytics, where our interests do not override your privacy rights.
- Legal obligation - processing required to comply with applicable laws, court orders, or regulatory requirements.
- Consent - where you have specifically opted in, such as for marketing communications. You may withdraw consent at any time.
SHARING YOUR INFORMATION
8.1 We do not sell personal information to third parties. We may share personal information in the following circumstances:
| RECIPIENT | PURPOSE | SAFEGUARDS |
|---|---|---|
| Cloud hosting providers | Storing and serving the platform and its data | Contractual data processing agreements |
| Payment processors | Processing subscription payments securely | PCI-DSS compliant; data minimisation |
| Analytics providers | Understanding website and platform usage | Anonymised/aggregated data where possible |
| Email & communication tools | Delivering transactional and marketing emails | Contractual data processing agreements |
| Identity & verification services | Verifying user identity where required | Contractual data processing agreements |
| Legal & professional advisers | Legal advice, dispute resolution, compliance | Professional obligations of confidentiality |
| Regulatory authorities | Compliance with legal obligations or court orders | Only to the extent required by law |
| Business acquirers | In the event of a merger, acquisition, or sale of assets | Confidentiality obligations; notice to you |
8.2 All third-party service providers who handle personal information on our behalf are required to maintain appropriate security standards and are contractually bound to use that information only for the purposes for which it was shared.
INTERNATIONAL DATA TRANSFERS
9.1 Bluemint is based in New Zealand and our primary data storage is located in New Zealand and/or Australia. Some of our third-party service providers may be based in, or process data in, other countries.
9.2 Where personal information is transferred outside of New Zealand, we take reasonable steps to ensure it receives an equivalent level of protection, including by:
- transferring only to countries with comparable privacy protections;
- requiring contractual data protection obligations on overseas providers; and
- using providers that maintain recognised international security standards (such as ISO 27001 or SOC 2).
9.3 You acknowledge that by using the platform you consent to international transfers of your information as described in this section.
COOKIES & TRACKING TECHNOLOGIES
10.1 We use cookies and similar tracking technologies on our website and platform. Cookies are small files stored on your device that help us recognise you and improve your experience.
10.2 We use the following types of cookies:
| TYPE | PURPOSE | CAN BE DISABLED? |
|---|---|---|
| Essential cookies | Required for the platform to function - login sessions, security, preferences | No - platform will not work without these |
| Analytics cookies | Understanding how users navigate the website and platform (e.g. Google Analytics) | Yes - via cookie settings |
| Performance cookies | Monitoring platform performance and identifying technical issues | Yes - via cookie settings |
| Marketing cookies | Tracking visits from marketing campaigns and retargeting | Yes - via cookie settings or browser |
10.3 You can manage your cookie preferences through our cookie consent tool or your browser settings. Disabling non-essential cookies will not affect your ability to use the core platform, but may affect website experience.
10.4 For full details of the cookies we use, please refer to our Cookie Policy.
DATA SECURITY
11.1 We take the security of personal information seriously and implement technical and organisational measures appropriate to the nature of the data we hold, including:
- encryption of data in transit (TLS) and at rest;
- multi-factor authentication (MFA) options for platform access;
- role-based access controls limiting who can access data internally;
- regular security assessments and penetration testing;
- secure development practices and code review processes; and
- staff training on data protection and security obligations.
11.2 While we take all reasonable steps to protect personal information, no method of transmission or storage is completely secure. We cannot guarantee absolute security and are not liable for security incidents outside our reasonable control.
11.3 You are responsible for maintaining the security of your own account credentials and for ensuring that your Authorised Users do the same. You must notify us immediately at support@bluemintco.com if you suspect any unauthorised access to your account.
DATA RETENTION
12.1 We retain personal information only for as long as necessary for the purpose for which it was collected, or as required by law. Our retention periods are as follows:
| DATA TYPE | RETENTION PERIOD | REASON |
|---|---|---|
| Account & identity information | Duration of subscription + 7 years | Legal and tax obligations |
| Billing & payment records | 7 years from date of transaction | GST, tax, and financial reporting obligations |
| Client Data (uploaded by advisers) | Duration of subscription + 30 days post-termination | Export window; then securely deleted |
| Platform usage logs | 12 months | Security monitoring and troubleshooting |
| Support communications | 3 years from date of interaction | Dispute resolution and quality assurance |
| Marketing data (opted-in) | Until opt-out or 3 years of inactivity | Consent-based marketing |
| Security incident records | 5 years from incident date | Regulatory and legal obligations |
12.2 After the applicable retention period, personal information will be securely deleted or anonymised in accordance with our data destruction procedures.
DATA BREACH NOTIFICATION
13.1 In the event of a privacy breach that we reasonably believe has caused or is likely to cause serious harm, we will:
- notify affected individuals as soon as practicable after becoming aware of the breach;
- notify the New Zealand Privacy Commissioner where required under the Privacy Act 2020; and
- take immediate steps to contain the breach and prevent further harm.
13.2 Where a security incident affects Client Data that you hold via the platform, we will notify you promptly so that you can meet your own obligations under the Privacy Act 2020 in relation to your clients.
13.3 We maintain an internal privacy breach register and investigate all suspected breaches in accordance with our incident response procedures.
YOUR RIGHTS
14.1 Under the New Zealand Privacy Act 2020, you have the following rights in relation to personal information we hold about you.
| RIGHT | WHAT IT MEANS |
|---|---|
| Right of access | You can request a copy of the personal information we hold about you |
| Right of correction | You can ask us to correct personal information that is inaccurate, incomplete, or misleading |
| Right to withdraw consent | Where processing is based on consent (e.g. marketing), you can withdraw at any time |
| Right to complain | You can lodge a complaint with the New Zealand Privacy Commissioner at privacy.org.nz |
| Right to data portability | You can request an export of your account data in a machine-readable format |
| Right to deletion | In certain circumstances, you can request deletion of personal information we hold about you, subject to our legal retention obligations |
14.2 To exercise any of these rights, please email support@bluemintco.com with your request. We will respond within 20 working days, as required by the Privacy Act 2020. We may ask you to verify your identity before processing your request.
14.3 We may decline a request where permitted by law, but will tell you the reason for any refusal.
14.4 We may charge a reasonable fee for access requests that are unusually complex or require significant effort, but will advise you of any fee before proceeding.
CHILDREN'S PRIVACY
The Bluemint platform is intended for use by financial services professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected personal information from a minor, please contact us immediately at support@bluemintco.com and we will take prompt steps to delete it.
THIRD-PARTY LINKS
Our website and platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal information. The inclusion of any link does not constitute our endorsement of that website or service.
CHANGES TO THIS POLICY
17.1 We may update this Privacy Policy from time to time to reflect changes in our practices, the platform, or applicable law. Where changes are material, we will notify you by email or by posting a prominent notice on the platform at least 14 days before the changes take effect.
17.2 The "last updated" date at the top of this page indicates when the policy was most recently revised. Your continued use of the platform after the effective date constitutes your acceptance of the updated policy.
17.3 We recommend you review this policy periodically. Previous versions are available on request.
CONTACT US
If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal information, please contact us:
PRIVACY ENQUIRIES
Bluemint Co Technologies Limited
Email: support@bluemintco.com
Post: P.O. Box 65613, Mairangi Bay 0754, Auckland, New Zealand
If you are not satisfied with our response, you may lodge a complaint with the NEW ZEALAND PRIVACY COMMISSIONER at privacy.org.nz or by calling 0800 803 909.
This Privacy Policy was last updated on 15 April 2025 and is effective from 20 March 2026. We recommend you retain a copy for your records.