Adviseraide Limited ("Adviseraide") recognises the importance of safeguarding your personal and business data. As a provider of a Software-as-a-Service (SaaS) platform, we are committed to protecting the privacy and security of the information you entrust to us.
This Privacy & Security Policy explains what data we collect, how we use and protect it, and your rights regarding your information. By using Adviseraide's platform, you acknowledge that your data will be handled as outlined in this policy.
Data Collection and Processing
We only collect and process the minimum amount of customer data necessary to deliver and improve our services. This includes:
Account Information: Details you provide when registering or maintaining an account, such as your name, company/organisation name, email address, and billing information.
Service Usage Data: Information related to your use of our platform, including login activity, usage analytics, log files, and metadata. We gather these to monitor system performance, improve user experience, and ensure security (for example, detecting suspicious login attempts).
Customer Content: Any files, documents, client records, or other data that you upload to or store in our system as part of using our service. This content is considered confidential and is treated with the utmost care.
Communications: Correspondence you send to us, such as emails or support tickets, and feedback or survey responses. We retain these to address your inquiries, improve our services, and for training purposes.
All data is collected and processed in accordance with applicable privacy regulations, including the New Zealand Privacy Act 2020 and the European General Data Protection Regulation (GDPR) where relevant. We do not collect any more data than is necessary, and we do not use data for any purpose that is not described in this policy.
How We Use Your Data
Adviseraide uses the data we collect strictly to provide, maintain, and enhance our services. The main purposes for which we use your data include:
Providing Services: To operate the Adviseraide platform and deliver the features you expect, such as storing your documents, running analyses, or managing your client information as you direct.
Support and Communication: To communicate with you about your account, provide customer support, send important updates or security alerts, and respond to your questions or feedback.
Improvement and Analytics: To analyse usage patterns and performance metrics so we can improve our platform's functionality, reliability, and user experience. (For example, we may track how often a feature is used to decide on future enhancements.) These analytics are mostly aggregate and do not focus on individual user behavior, except as needed to troubleshoot issues or optimise the service for you.
Security and Fraud Prevention: To monitor for suspicious activities, enforce our terms of service, prevent unauthorized access, and maintain the overall security of our platform.
No Unnecessary Access or Usage: Importantly, Adviseraide does not use, access, or look into the content of the data you store on our platform except in if it’s absolutely necessary for providing you with technical support, and even then only with your permission (see Data Access Only With Your Consent below). We do not mine your data for marketing or any secondary purposes, and we do not share it with advertisers or unrelated third parties. Your data remains your own, private to you and those you choose to share it with through our platform.
Data Ownership and Storage
Your Data Belongs to You. Adviseraide acts as a custodian or data processor on your behalf. This means that all the information, documents, and content you upload into our system are owned by you or your organization. We do not claim ownership over your data. You have full control over it, including adding, editing, or deleting it as needed.
Storage Location: We store all customer data securely on industry-leading cloud servers located in Australia. Specifically, our primary infrastructure is hosted with Microsoft Azure and AWS in their data center region throughout Australia . (Many large enterprises and government organizations also utilize these Australian data centers, which adhere to world-class security and privacy standards.) Storing data in Australia ensures that your information remains within a stable legal jurisdiction known for strong data protection laws, and it also offers low-latency access for our Australasian and New Zealand customers.
Secure Infrastructure: The data centers we use are protected by robust physical and electronic security measures. They are ISO 27001 certified and compliant with other global security standards for cloud services. In addition, all data stored with us is encrypted at rest on the servers. We rely on Microsoft's state-of-the-art security protocols, meaning your data is safeguarded by the same level of security that Fortune 500 companies and banks trust for their cloud storage.
High Availability and Redundancy: To ensure your data is always available when you need it, we implement backup and redundancy strategies. Your data is regularly backed up to multiple, geographically separated locations. Currently, we maintain encrypted backups in three secure locations in Australia. This redundancy protects against any single point of failure and forms part of our disaster recovery plan. Even in the unlikely event of an outage or disaster in one region, your data would remain safe and retrievable from another location. All backup locations are chosen for their strong security and reliability.
Data Sharing and Disclosure
Adviseraide maintains a strict policy against sharing personal or business data with third parties, except in very limited circumstances necessary to operate our service or meet legal obligations:
No Selling of Data: We never sell your information to any third party. We do not monetize your personal or client data in any way.
No Unapproved Sharing: We do not share your data with any third parties for their own purposes. Your client information, documents, and personal details are not accessible to any outside person or organization.
Service Providers (Sub-Processors): We may share certain data with trusted third-party service providers only to the extent necessary to run our platform. For example, as mentioned, we use Microsoft Azure and Amazon AWS as our cloud infrastructure provider, which means Azure and AWS systems will hold the data you store with us. Similarly, we might use an email service to send you notifications, or a payment processor to handle billing information. In all cases, these providers are bound by strict confidentiality and data protection obligations. They cannot use your data for anything other than providing services to Adviseraide.
Other than the exceptions above, no one outside of Adviseraide and you (the customer) has access to your data. Even within Adviseraide, access is tightly controlled (see Data Security Measures below). We consider your data to be private and confidential at all times.
Data Security Measures
Adviseraide employs a multi-layered approach to security, combining industry best practices, modern technology, and independent oversight to protect your information from unauthorized access or loss. Below are some of the key security measures we have in place:
Encryption in Transit and At Rest: All data that you send to our platform or download from it is encrypted in transit using HTTPS/TLS protocols. This means that when data moves between your device and our servers (or between our servers internally), it’s protected from eavesdropping by strong encryption. Additionally, all your data is encrypted at rest in our databases and storage. We use industry-standard encryption algorithms, ensuring that even if someone were to obtain physical drives or intercept network traffic, they could not read your information without the proper decryption keys.
Access Controls & Permission Restrictions: Access to systems that store or process customer data is strictly controlled. Only authorized personnel with a legitimate business need such as select support staff can access production environments. We apply the principle of least privilege, ensuring team members are granted only the access necessary to perform their specific roles. All access to sensitive systems is logged, monitored, and reviewed regularly. Even authorized employees cannot view customer content or documents unless permitted by you and only for the purpose of providing support or fulfilling your request.
Data Access Only With Your Consent: In the course of providing support or maintaining our systems, there may be rare situations where limited access to your account data is required for example, to investigate and resolve an issue you have reported. In such cases, access is only performed with your explicit consent. Our support engineers can view only the minimum information necessary to resolve the issue, and all such access is logged and monitored. Without your express authorization, our team cannot access, browse, or retrieve your personal or client data. This ensures that you remain in full control over when and how your data is accessed.
Two-Factor Authentication (2FA): We offer two-factor authentication (2FA) as an additional layer of protection for your account. When 2FA is enabled, you’ll need to verify your login by entering a secondary code sent to your registered email, in addition to your password. This helps secure your account even if your password is compromised. To enable 2FA, please contact our support team at support@adviseraide.com . Our team will assist you in activating this feature. We strongly recommend that all users take advantage of 2FA to enhance the security of their accounts.
Independent Security Testing (Annual Penetration Tests): To ensure our security measures are not just effective on paper, we engage independent security experts to conduct rigorous penetration testing and security assessments at least once every year. These third-party security audits probe our application, APIs, and infrastructure for any weaknesses or vulnerabilities. If any issues are identified, we address them promptly. Conducting these annual security tests (and resolving any findings) provides additional assurance that our defenses are up-to-date and aligned with industry best practices.
Backup and Recovery Procedures: As mentioned under Data Storage, we take regular backups of all critical data and store them securely in multiple locations (with encryption and strict access controls). Our backup process is automated and tested periodically to ensure that, in the event of data loss or corruption, we can restore your information promptly. These backups are kept isolated from the main system to prevent unauthorized access. We also have a detailed disaster recovery plan in place, which outlines how we would restore operations quickly in case of a major incident.
Monitoring and Alerts: Our operations team uses advanced monitoring tools to watch for any irregular behavior or potential security incidents across our servers and application. If something unusual occurs (for example, a spike in failed login attempts or a server error), our team is alerted immediately so we can investigate and take action. We also employ rate-limiting and other automated defenses to detect and block malicious activities such as brute-force login attempts or denial-of-service attacks.
Customer Responsibilities
While Adviseraide works hard to protect your data, data security is a partnership between us and you. We ask our customers to also take steps to safeguard their accounts and any personal data they handle. As a user of Adviseraide’s platform, you are responsible for:
Protecting Your Account Credentials: Keep your username and password secure. Do not share your login details with any unauthorized persons. We recommend using a strong, unique password for your Adviseraide account and updating it periodically. If you suspect your password has been compromised, change it immediately and/or contact our support team.
Managing Internal Access: If you have multiple users or team members on your Adviseraide account (for instance, if your organization has several advisers or staff using the platform), use the built-in permission controls to give each person the appropriate level of access. Regularly review who has access to what data, and promptly remove access for people who no longer need it or who have left your organization.
Data Accuracy: Keep the data you store with us accurate and up-to-date. If you discover any inaccuracies in your personal information or client data, correct them promptly. This helps ensure that, for example, we can reach you with important notices and that the data you hold meets any accuracy obligations under privacy laws.
By following these practices, you contribute to the overall security of your data and our platform. We are always happy to assist you in understanding and using any security features we provide.
Data Retention and Deletion
We retain customer data only for as long as it is necessary to fulfill the purposes outlined in this policy or as required by law. Below are our practices regarding data retention and how we handle deletion:
Active Accounts: For as long as you have an active account with Adviseraide, we will retain the data you store on our platform so that we can provide the service to you. This includes all your uploaded documents, records, and account information. We also keep records of your transactions, support communications, and other interactions with us as needed for operational continuity, customer support, and to comply with legal or financial record-keeping requirements.
Inactive Accounts: If your account becomes inactive (for example, if your subscription expires or you stop using the service), we may retain your data for a 6 month period in case you reactivate your account. We do this to make it easier for you to continue where you left off. However, we will eventually delete or anonymize data from long-inactive accounts after a 6 month retention period.
Customer Control of Data: At all times, you have control over your data. You can delete individual pieces of data (such as a document or a client entry) from within the platform whenever you want, and this will remove that data from our active databases. (Please note that deleted data might still exist in our encrypted backups for a short period until those backups are rotated out, but we have processes to ensure that backup data is also purged in due course.)
Data Deletion on Request (Right to Erasure): You have the right to request deletion of all your personal data from our systems (sometimes called the “right to be forgotten”), as well as deletion of any client data you have stored with us. If you decide to stop using Adviseraide and want your data removed, you can contact our support team with a deletion request. For security, we will verify that the request is coming from the authorized account owner (for example, we may ask you to send the request from your registered email or complete a verification step). Once verified, we will work with you to export your data, if you need a copy for your records, and then permanently delete your data from our systems. We strive to complete such deletion requests promptly – in most cases, we will finalize the removal within one to two week of confirming your request. After deletion, we will ensure no trace of your personal or client data remains in our production environment. This includes deleting any associated backups, logs, or records that could identify you.
Account Cancellation or Termination: If you choose to cancel your Adviseraide account (or if it is terminated due to inactivity or other reasons), our standard procedure is to first allow you to download any data you want to keep. We can assist you with exporting your data in a common, readable format. After you have retrieved what you need, we will then delete your stored data from our platform. As mentioned above, we aim to remove data within about two weeks after account cancellation is confirmed. During any short interim period before deletion is fully complete, your data remains protected by our security measures and is not accessible on the platform.
No Residual Data: When we say deletion, we mean complete deletion. Once the data removal process is finished, your information will no longer exist in our live databases. Backups that contained your data will be securely destroyed or overwritten shortly thereafter as part of our normal backup rotation cycle.
Confirmation of Deletion: Upon completing a full account deletion or data removal request, we can (upon request) provide written confirmation that your data has been purged from our systems. This can be useful for your own record-keeping or compliance needs, for example to demonstrate that you have honored a client’s request under privacy law to delete their information.
Please note that once data is deleted from our systems, it cannot be recovered. If you request deletion of your account or any content, be sure that you have exported any information you might need later, because we will not be able to retrieve it after the fact.
Your Rights and Access to Your Data
We believe you should have full transparency and control when it comes to your personal data. Under privacy laws and our own commitment to user rights, you have the following rights regarding the information you have with Adviseraide:
Right to Data Portability: You have the right to obtain your data in a portable format. We will assist you in exporting your data (for instance, in CSV or JSON format for structured records, and original file formats for documents) so that you can transfer it to another service if you wish.
Right to Deletion: As detailed in the section above, you have the right to have your data deleted from our platform. This can be specific (like deleting certain documents or records you’ve stored with us) or complete (closing your account and removing all associated data).
Right to Correction: If any of your personal information is incorrect or outdated, you have the right to correct or update it. Much of your basic account information can be edited by you directly in your account settings. For any information you cannot update yourself, you can contact us and we will make the correction promptly (for example, if there’s an error in data that we maintain, such as a misspelling of your name in our records).
Right to Withdraw Consent: In cases where our processing of your data is based on your consent (for example, if you explicitly opted in to receive marketing emails or you agreed to participate in a beta feature that involves sharing some data), you have the right to withdraw that consent at any time. We make it easy to unsubscribe from any non-essential communications, and withdrawing consent will not affect your access to the core services we provide.
Compliance with Privacy Laws and Industry Standards
Adviseraide is designed with privacy compliance in mind. We adhere to the New Zealand Privacy Act 2020 and its Information Privacy Principles when handling personal data. For clients or end-users located in other jurisdictions, we also strive to meet the requirements of those regions (such as the GDPR for users in the European Union, or the Australian Privacy Principles for Australian data subjects). In practice, we aim to uphold the highest standard of privacy and data protection globally.
We also perform regular internal reviews and annual independent audits of our privacy and security practices to ensure we remain compliant with evolving laws and standards. If there are significant changes in privacy regulations that affect our service or your rights, we will update our practices and this policy accordingly, and inform you of the changes.
Updates to This Policy
We may update this Privacy & Security Policy from time to time to reflect changes in our services, technology, legal obligations, or other factors. If we make significant changes, we will notify you in advance by posting the updated policy on our website and, for major changes, by sending a notice to the primary email address associated with your account. We encourage you to review this policy periodically to stay informed about how we are protecting your information.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy & Security Policy or any aspect of how your data is handled, please feel free to contact us: support@adviseraide.com