Admitto is operated by Halcyon Technologies, a New Zealand company ("Admitto", "we", "us", "our"). We provide AI-assisted visa eligibility assessment software for New Zealand licensed immigration advisers.
We are an agency under the New Zealand Privacy Act 2020 and comply with its 13 Information Privacy Principles (IPPs). Contact us at privacy@admitto.co.nz for any privacy-related queries.
When you register, we collect your full name, work email address, and IAA licence number. We use this to create and manage your account, verify your IAA licence status, send assessment completion notifications, and communicate about billing and support.
You may enter personal information about your immigration clients into Admitto, including their name, nationality, job title, employer details, English language test scores, and employment information. You enter this information as an immigration adviser in the course of your professional duties. You are responsible for ensuring your clients are aware their information is being processed and for complying with your obligations under the Privacy Act 2020 as the collecting agency.
Passport numbers and dates of birth, if entered, are stored in our database but are never transmitted to any artificial intelligence system. These fields are technically excluded from all AI processing at the code level.
We collect logs of assessment activity including which visa categories were assessed, token usage, and latency. We do not log the content of individual criteria results.
We use client information solely to perform the eligibility assessments you request. We do not use client information for any other purpose, do not sell it, and do not use it to train AI models. All AI processing uses temperature=0 (deterministic mode) to ensure consistent, non-random outputs.
When you run an eligibility assessment, a sanitised version of your client's profile—containing job details, English scores, accreditation status, and nationality, but never passport numbers or dates of birth—is transmitted to Anthropic's Claude API (temperature=0) for processing. Anthropic is based in the United States.
By using Admitto's assessment feature, you expressly authorise this offshore disclosure under IPP 12 of the Privacy Act 2020. You acknowledge that Anthropic's API processes data subject to US law, and that Anthropic maintains enterprise-grade security and does not use API inputs to train its models.
Your adviser account data and client data is stored on Supabase infrastructure located in the Tokyo, Japan region. Supabase acts as our storage agent under section 11 of the Privacy Act 2020. Supabase is SOC 2 Type 2 certified and maintains security safeguards comparable to those required under the Privacy Act 2020.
We implement row-level security (RLS) on all database tables ensuring advisers can only access their own data. All data is encrypted in transit (TLS) and at rest.
Our application is hosted on Vercel's edge network. Assessment completion notifications are sent via Resend (US-based). Only adviser email addresses and assessment summary information are transmitted.
Under the Privacy Act 2020 you have the right to:
To exercise these rights, email privacy@admitto.co.nz. We will respond within 20 working days as required by the Act.
Your immigration clients have the same rights in respect of their personal information that you have entered into Admitto. As the collecting agency, you are responsible for facilitating those requests.
As described above, your data is transferred to Japan (Supabase database) and the United States (Anthropic AI processing, Resend email, Vercel hosting). These transfers are authorised under IPP 12 as you have been informed of these transfers and expressly consent by using the service.
All offshore processors maintain security standards comparable to New Zealand requirements.
We retain your account data and client records for as long as your subscription is active. If you cancel your subscription, we retain your data for 90 days to allow for reactivation or export, after which it is permanently deleted from our systems.
You may request immediate deletion at any time by emailing privacy@admitto.co.nz. Assessment logs (token usage and latency, not assessment content) are retained for 12 months for billing and performance purposes.
If we become aware of a privacy breach that is likely to cause serious harm, we will notify affected individuals and the Office of the Privacy Commissioner as required under Part 7 of the Privacy Act 2020.
Admitto uses session cookies necessary for authentication. We do not use advertising cookies or third-party tracking cookies.
Privacy Officer: Halcyon Technologies
Email: privacy@admitto.co.nz
Website: admitto.co
If you are not satisfied with our response to a privacy concern, you may contact the Office of the Privacy Commissioner at privacy.org.nz or 0800 803 909.
We will notify registered advisers by email of any material changes to this policy at least 14 days before they take effect.