Privacy Policy

1. Who We Are

JobNest ("we", "us", "our") is a cloud-based service business management platform operated from New Zealand. We provide scheduling, invoicing, client management, and team coordination tools for service businesses.

This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the New Zealand Privacy Act 2020 and the thirteen Information Privacy Principles (IPPs).

Our Privacy Officer can be contacted at [email protected] for any privacy-related enquiries.

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, and password (hashed). If you sign up using Google, we receive your name, email, and profile picture from Google.

2.2 Business & Client Data

As a business user, you may enter information about your clients, properties, jobs, invoices, quotes, and team members. This can include:

• Client names, email addresses, phone numbers, and physical addresses
• Property details and access codes
• Job scheduling, notes, photos, and checklists
• Invoice and quote line items, amounts, and payment status
• Team member names, contact details, emergency contacts, dates of birth, hourly rates, and employment details

2.3 Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. Stripe's privacy policy governs the handling of payment data.

2.4 Usage & Technical Data

We automatically collect technical data including IP addresses, browser type, device information, and pages visited. We use Sentry for error monitoring, which may capture technical context when errors occur.

2.5 Communications

When you or your clients interact with messages sent through our platform (email, SMS, or WhatsApp), we retain delivery status and response data to provide the service.

3. How We Use Your Information

We use personal information to:

• Provide and operate the JobNest platform
• Process payments and manage subscriptions
• Send transactional emails (confirmations, invoices, password resets)
• Send client communications on your behalf (SMS, email, WhatsApp)
• Synchronise data with third-party integrations you connect (e.g. Xero)
• Monitor and improve platform performance and security
• Respond to support requests
• Comply with legal obligations

We do not sell your personal information to third parties.

4. Third-Party Services

We use the following third-party services to operate the platform. Each processes data in accordance with their own privacy policies:

• Stripe — Payment processing
• Xero — Accounting integration (connected by you)
• Cloudinary — Photo and file storage
• Resend / SMTP — Email delivery
• ClickSend — SMS delivery
• WhatsApp (Meta) — Messaging
• Google Places API — Address autocomplete
• Sentry — Error monitoring and performance
• Neon — Database hosting (PostgreSQL)
• Vercel — Application hosting

5. Data Storage & Security

Your data is stored in secure, encrypted databases hosted by Neon (PostgreSQL). The application is hosted on Vercel. Both providers use industry-standard security measures.

We implement the following security measures:

• Encryption in transit (TLS/HTTPS) for all connections
• Password hashing using bcrypt
• Multi-tenant data isolation — each business's data is logically separated and inaccessible to other tenants
• Role-based access control (RBAC) with granular permissions
• Rate limiting on authentication and public endpoints
• Security headers (HSTS, CSP, X-Frame-Options)
• Audit logging of data changes

While we take reasonable steps to protect your data, no system is completely secure. We encourage you to use a strong password and keep your credentials confidential.

6. Data Retention

We retain your data for as long as your account is active. When you delete records (clients, jobs, invoices), they are soft-deleted and excluded from normal queries. You may request permanent deletion of your data at any time.

If you cancel your subscription and close your account, we will delete your data within 90 days, unless retention is required by law (e.g. tax records under the Tax Administration Act 1994).

7. Your Rights Under the Privacy Act 2020

Under the New Zealand Privacy Act 2020, you have the right to:

• Access — Request a copy of the personal information we hold about you (IPP 6)
• Correction — Request correction of inaccurate personal information (IPP 7)
• Deletion — Request deletion of your personal information, subject to legal retention requirements
• Complaint — Make a complaint to the Office of the Privacy Commissioner if you believe we have breached the Privacy Act

To exercise any of these rights, contact us at [email protected]. We will respond within 20 working days.

8. Cross-Border Data Transfers

Some of our third-party providers process data outside of New Zealand (primarily in the United States and the European Union). In accordance with IPP 12, we only transfer data to jurisdictions or providers that have comparable privacy protections, or where you have authorised the transfer by using the relevant integration.

9. Cookies & Analytics

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. Error monitoring through Sentry may collect technical information when errors occur.

10. Children's Privacy

JobNest is designed for business use and is not intended for individuals under the age of 16. We do not knowingly collect personal information from children.

11. Data Breach Notification

In accordance with Part 6 of the Privacy Act 2020, if we become aware of a notifiable privacy breach that is likely to cause serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as soon as practicable.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice within the platform. The "Last updated" date at the top indicates the most recent revision.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

• Email: [email protected]
• Website: jobnest.co.nz

You may also contact the Office of the Privacy Commissioner if you have concerns about how we handle your personal information.