Legal

Privacy Policy

Last updated: 9 May 2025

Plain English Summary — read this first

  • 1.We collect your email address, and — only if you connect your bank — your account balances and spending category totals. We never see your actual transactions.
  • 2.We use your information to run the savings game and show you your own progress. We do not sell it, share it, or use it to advertise to you.
  • 3.You can delete your account any time. When you do, your personal information is removed within 30 days. Game history is kept for 7 years for dispute resolution (required by law).
  • 4.We share your data with nobody. The only third parties involved are Supabase (account login), Stripe (payments), and Akahu (bank connection) — and each of them has their own privacy policy.
  • 5.Questions? Email privacy@ekko.nz and we will respond within 5 working days.

1. Who we are

EKKO is a product of Immiscible Tech Limited, a New Zealand company. When this policy says “EKKO”, “we”, or “us” it means Immiscible Tech Limited.

We operate under the New Zealand Privacy Act 2020. If you have questions about this policy, email privacy@ekko.nz.

2. What information we collect

Information you give us

  • Email address (required to create an account)
  • Password — stored securely by Supabase. We never see it in plain text.
  • Age verification confirmation (18+ required)

Information from your bank (only if you connect via Akahu)

  • Account names and types (e.g., “ANZ Savings”)
  • Account balances at the time of each Judgment Day
  • Spending category totals (e.g., groceries, utilities) — used to calculate your Usable Money Income

What we do NOT collect

  • Your bank login credentials — ever. Akahu handles authentication directly with your bank.
  • Individual transaction descriptions or merchant names
  • Payment card numbers, CVV codes, or expiry dates
  • Government ID numbers (IRD, passport, driver licence)

Information generated by using EKKO

  • Game results: Judgment Day outcomes, HWM history, lifelines remaining
  • Check-in streaks and XP totals
  • Balance snapshots taken at each Judgment Day (used for the audit log)

3. How Akahu works

Akahu is a CDR-accredited (Consumer Data Right) open banking intermediary. When you connect your bank through EKKO, you authenticate directly with your bank through Akahu’s interface. EKKO never receives, sees, or stores your bank login credentials.

Akahu provides EKKO with read-only access to the account information listed above. EKKO can also initiate transfers between your own connected accounts (e.g., from your Stash to your Arena) — only with your explicit instruction inside the app.

Akahu’s own privacy policy is at akahu.nz/privacy.

4. How we use your information

  • To run your EKKO account and the savings game
  • To calculate your weekly target, Usable Money Income, and Judgment Day result
  • To send you notifications about your game (Judgment Day results, warnings)
  • To process subscription payments via Stripe
  • To maintain an audit log so any game outcome can be explained or disputed
  • To comply with our legal obligations

We do not use your information for advertising, profiling for third parties, or any purpose not listed above.

5. Who we share your information with

We do not sell your personal information. We share it only as required to operate the service:

PartyWhat they receiveWhy
SupabaseEmail, hashed passwordAccount authentication
StripeEmail, subscription tierWeekly billing
AkahuOAuth token onlyBank connection

6. Where your data is stored

Your data is stored in Supabase (PostgreSQL) hosted in the AWS Sydney region (ap-southeast-2) — Australian jurisdiction. New Zealand users’ data is therefore subject to both the NZ Privacy Act 2020 and the Australian Privacy Act 1988, which has comparable protections.

We selected the Sydney region to minimise latency for New Zealand users while avoiding US jurisdiction.

7. How long we keep your information

  • Account data (email, subscription) — retained until you close your account, then deleted within 30 days.
  • Game audit log (Judgment Day results, balance snapshots) — retained for 7 years from the date of each game event. This is required so any outcome can be disputed and verified.
  • Akahu-sourced data (balances, spending categories) — deleted immediately when you disconnect your bank in the app.
  • Payment records — retained as required by the Inland Revenue Act 2005 (minimum 7 years).

8. Your rights

Under the Privacy Act 2020, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to fix information that is wrong
  • Deletion — close your account and have your personal information removed (subject to the 7-year audit log retention for game history)
  • Portability — request your data in a machine-readable format

To exercise any of these rights, email privacy@ekko.nz. We will respond within 20 working days as required by the Privacy Act 2020.

9. Acquisition or change of control

If Immiscible Tech Limited is acquired or merges with another company, your data will only transfer under the same terms as this Privacy Policy. Any material change to how your data is handled requires fresh consent under Privacy Act 2020 Principle 3. You will be notified at least 30 days before any such change takes effect.

10. Complaints

If you believe we have breached the Privacy Act 2020, please contact us first at privacy@ekko.nz. If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner at privacy.org.nz.

11. Contact

Immiscible Tech Limited
New Zealand
privacy@ekko.nz