Privacy Policy
Last updated: 3 April 2026 · Effective date: 3 April 2026
1. Who We Are
Admitto is operated by Halcyon Technologies Limited, a New Zealand company (“Admitto”, “we”, “us”, or “our”). We provide immigration assessment software to New Zealand Immigration Advisers Authority (IAA)-licensed advisers and accredited employers.
This policy explains how we collect, use, disclose, and protect personal information in accordance with the New Zealand Privacy Act 2020 and the Information Privacy Principles (IPPs).
2. Information We Collect
Adviser account data
Full name, email address, IAA licence number, firm name, subscription tier, and billing information. Card details are processed by Stripe — we never store payment card numbers.
Client profile data
Information entered by the adviser on behalf of their client: name, job title, employer, salary, work history, qualifications, and documents uploaded for OCR extraction. This data is entered at the adviser's direction and under their professional responsibility.
Usage and technical data
IP address, browser type, pages visited, error events (via Sentry), and assessment performance metrics. We do not use advertising trackers or third-party marketing cookies.
3. How We Use Your Information
- →Delivering the Admitto assessment service
- →Processing subscription payments via Stripe
- →Sending transactional emails (assessment completion, account notices) via Resend
- →Generating AI-assisted eligibility assessments via the Anthropic API
- →Monitoring system health and diagnosing errors via Sentry
- →Meeting our legal and contractual obligations
We do not sell personal information. We do not use client data for advertising, model training, or profiling unrelated to the service.
4. Offshore Disclosure (IPP 12)
Personal information is stored and processed outside New Zealand by the following third-party sub-processors. Each is bound by contractual data protection obligations.
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Database & auth | Supabase | Japan (Tokyo) | Data storage, authentication, RLS |
| AI processing | Anthropic | United States | Eligibility assessment generation |
| Payments | Stripe | United States | Subscription billing |
| Resend | United States | Transactional email delivery | |
| Error monitoring | Sentry | United States | Error logging and diagnostics |
| Hosting | Vercel | United States | Application hosting and CDN |
5. Data Retention
Adviser account data is retained for the duration of your subscription and for 7 years following account closure, consistent with New Zealand record-keeping norms. Client assessment data is retained for 7 years from the date of assessment. You may request deletion of data not required for legal compliance.
6. Your Rights
Under the Privacy Act 2020, you have the right to:
- →Request access to personal information we hold about you (IPP 6)
- →Request correction of inaccurate information (IPP 7)
- →Ask us to stop using your information in a way that causes harm
- →Lodge a complaint with the Office of the Privacy Commissioner at privacy.org.nz
Contact: privacy@admitto.co
7. Security
All data is encrypted in transit (TLS 1.2+) and at rest. Access follows the principle of least privilege. Row-level security (RLS) is enforced at the database layer — no adviser can access another adviser's client data. Adviser account passwords are managed by Supabase Auth and never stored in plaintext.
8. Contact
Halcyon Technologies Limited · Auckland, New Zealand
privacy@admitto.co