Privacy Policy

Last updated: 11 January 2026

Our commitment: Your privacy is fundamental to how we operate. We collect only what's necessary, protect it rigorously, and never sell your data. This policy explains exactly what we do with your information.

Contents

1. Information We Collect 2. How We Use Your Information 3. Data Sharing & Third Parties 4. Akahu Integration 5. Data Storage & Security 6. Your Rights 7. NZ Privacy Act Compliance 8. Cookies & Analytics 9. Policy Changes 10. Contact Us

1 Information We Collect

Account Information

When you create a PayDay account, we collect:

  • Email address: For account login, communications, and password recovery
  • Name: To personalise your experience and communications
  • Phone number (optional): For two-factor authentication and important alerts
  • Password: Stored in encrypted form; we never store or see your actual password

Financial Information

To provide our pay-splitting service, we access:

  • Bank account details: Account numbers and names of your connected accounts
  • Transaction history: To detect pay deposits and track splits
  • Account balances: To display in the app and ensure sufficient funds for transfers

Important: We never store your bank login credentials. All bank connections are handled securely by Akahu, our open banking partner. See Section 4 for details.

Device & Usage Information

We automatically collect:

  • Device information: Device type, operating system, and app version
  • Usage data: Features used, session duration, and interaction patterns
  • Log data: Error reports and performance metrics
  • IP address: For security monitoring and fraud prevention

2 How We Use Your Information

Primary Service Functions

  • Detecting when your pay arrives in your connected accounts
  • Automatically splitting your pay according to your configured rules
  • Initiating transfers between your connected accounts
  • Sending notifications about pay detection and completed splits
  • Displaying your account balances and transaction history

Account Management

  • Authenticating your identity and securing your account
  • Processing subscription payments (for Pro users)
  • Responding to your support requests
  • Sending important service updates and security alerts

Service Improvement

  • Analysing usage patterns to improve features and user experience
  • Identifying and fixing bugs or performance issues
  • Developing new features based on user needs
  • Conducting research to improve our pay detection accuracy

Legal & Security

  • Complying with New Zealand legal obligations
  • Detecting and preventing fraud or security threats
  • Enforcing our Terms of Service
  • Responding to legal requests from authorities

3 Data Sharing & Third Parties

We never sell your personal data.

Your information is not sold, rented, or traded to third parties for their marketing purposes.

Service Providers We Work With

We share data only as necessary with these categories of providers:

Akahu (Open Banking Provider)

Handles secure bank connections and transaction data retrieval. See Section 4 for detailed information.

Cloud Infrastructure (AWS New Zealand)

Hosts our application and databases. Data is stored in New Zealand data centres.

Payment Processor (Stripe)

Processes subscription payments for Pro users. We do not store your credit card details.

Analytics (Privacy-Focused)

We use privacy-respecting analytics to understand app usage. Data is anonymised and aggregated.

Legal Disclosures

We may disclose information when required by law or to:

  • Comply with valid legal processes (court orders, subpoenas)
  • Protect the rights, property, or safety of PayDay, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Respond to emergency situations involving potential threats to safety

4 Akahu Integration

PayDay uses Akahu, New Zealand's leading open banking platform, to securely connect to your bank accounts. This section explains how this integration works and what data is shared.

How Akahu Works

  • When you connect a bank, you log in directly through Akahu's secure portal
  • Your bank credentials are entered on Akahu's website, never on PayDay
  • Akahu establishes a secure connection with your bank
  • PayDay receives only the data you authorise (transactions, balances, account details)

Data Akahu Shares With PayDay

  • Account names and numbers
  • Account balances
  • Transaction history (deposits, withdrawals, transfers)
  • Transaction metadata (dates, references, counterparty names)

What Akahu Does NOT Share

  • Your bank login username
  • Your bank login password
  • Your bank's two-factor authentication codes

Learn more: For detailed information about Akahu's security practices, visit our Akahu partnership page or Akahu's security page.

5 Data Storage & Security

Where Your Data Is Stored

  • All data is stored in New Zealand-based data centres
  • We use Amazon Web Services (AWS) Sydney and Auckland regions
  • Backups are encrypted and stored in geographically separate locations within NZ/Australia

How We Protect Your Data

  • Encryption in transit: All data transmitted uses TLS 1.3 encryption
  • Encryption at rest: All stored data is encrypted using AES-256
  • Access controls: Strict role-based access limits who can view data
  • Monitoring: 24/7 security monitoring for suspicious activity
  • Regular audits: Third-party security assessments and penetration testing

Data Retention

  • Active accounts: Data retained while your account is active
  • Transaction history: Kept for 7 years for legal/tax compliance
  • Closed accounts: Personal data deleted within 30 days of account closure, except where retention is legally required
  • Backups: Cycled and deleted according to our retention schedule

6 Your Rights

Under New Zealand's Privacy Act 2020, you have important rights regarding your personal information:

Right to Access

You can request a copy of all personal information we hold about you. We'll respond within 20 working days.

Right to Correction

You can request correction of any inaccurate personal information. Most details can be updated directly in the app.

Right to Deletion

You can request deletion of your account and personal data, subject to legal retention requirements.

Right to Data Portability

You can request an export of your data in a machine-readable format.

Right to Withdraw Consent

You can revoke bank connection permissions at any time through the app or directly through Akahu.

To exercise any of these rights, email privacy@payday.co.nz or use the in-app settings.

7 NZ Privacy Act Compliance

PayDay is committed to full compliance with the New Zealand Privacy Act 2020. Here's how we meet our obligations:

Information Privacy Principles

  • Purpose of collection: We only collect information necessary for providing our services
  • Source of information: Personal information is collected directly from you or through Akahu with your consent
  • Collection from subject: Where possible, we collect information directly from you
  • Storage and security: We take reasonable steps to protect against loss, misuse, and unauthorised access
  • Access and correction: You can access and correct your information as detailed in Section 6
  • Accuracy: We take steps to ensure information is accurate, complete, and up-to-date
  • Retention: We don't keep information longer than necessary
  • Limits on use: We only use information for the purposes it was collected
  • Limits on disclosure: We only disclose information as outlined in this policy
  • Unique identifiers: We don't assign unique identifiers unless necessary for our functions

Privacy Officer

Our Privacy Officer oversees compliance with this policy and the Privacy Act. Contact:

Privacy Officer
Email: privacy@payday.co.nz
Post: PayDay Privacy Officer, PO Box 123, Auckland 1010, New Zealand

Complaints

If you believe we've breached your privacy, please contact us first. If you're not satisfied with our response, you can lodge a complaint with the Office of the Privacy Commissioner:

Office of the Privacy Commissioner
Website: privacy.org.nz
Phone: 0800 803 909

8 Cookies & Analytics

Website Cookies

Our website uses cookies for:

  • Essential cookies: Required for website functionality (login, security)
  • Analytics cookies: Help us understand how visitors use our site
  • Preference cookies: Remember your settings and preferences

Mobile App Analytics

Our mobile app collects anonymised usage data to improve the service:

  • Feature usage patterns
  • App performance metrics
  • Crash reports and error logs

Opting Out

You can control cookies through your browser settings. In the app, you can disable analytics in Settings > Privacy > Analytics. Note that disabling essential cookies may affect website functionality.

9 Policy Changes

We may update this Privacy Policy from time to time. When we make changes:

  • We'll update the "Last updated" date at the top of this page
  • For significant changes, we'll notify you via email or in-app notification
  • We'll provide a summary of what's changed
  • Continued use of PayDay after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically. Previous versions are available upon request.

10 Contact Us

If you have questions about this Privacy Policy or how we handle your information, please get in touch:

Privacy Enquiries

Email: privacy@payday.co.nz

Response time: Within 5 business days

General Support

Email: support@payday.co.nz

Response time: Within 24 hours

Postal Address

PayDay Limited
PO Box 123
Auckland 1010
New Zealand

Related Policies

Terms of Service

User agreement

Security

How we protect you

Akahu Partnership

Open banking info