Privacy Policy

About Hoist

Hoist Software LTD

• Company Number: 8842848
• NZBN: 9429051507626
• Website: https://hoist.nz
• General Contact: accounts@hoist.nz
• Privacy Inquiries: accounts@hoist.nz

We are a New Zealand company that provides cloud-based workshop management software specifically designed for automotive workshops, mechanics, and related businesses.

What This Policy Covers

This Privacy Policy applies to our website at https://hoist.nz, our web application and dashboard, our mobile applications for iOS and Android, our API and integrations, and any other services we provide.

New Zealand Privacy Act 2020 Compliance

We comply with the Privacy Act 2020 and handle personal information in accordance with the 13 Information Privacy Principles (IPPs). We are subject to New Zealand privacy law and the jurisdiction of the Office of the Privacy Commissioner.

Your Privacy Rights Under New Zealand Law

Under the Privacy Act 2020, you have the right to:

• Know what personal information we hold about you
• Access your personal information
• Request correction of inaccurate information
• Request deletion in certain circumstances
• Complain to the Privacy Commissioner if you believe we have breached the Privacy Act

Your Data vs Your Customers' Data

This Privacy Policy covers two distinct categories of data:

Your Data (Account Data): This is information about you, your business, your workshop, and your staff members who use Hoist. For this information, we are the data controller or “agency” under the Privacy Act 2020.

Your Customers' Data (Customer Data): This is information about your workshop customers that you choose to store in Hoist, such as their names, contact details, vehicle information, service histories, invoices, and payment records. For this information, you are the data controller (“agency”) and we are the data processor.

Information We Collect

Account Registration Information

When you create a Hoist account for your workshop, we collect:

• Workshop business name and trading name
• Business physical address
• Business phone number and email address
• GST number (if registered)
• Business type (sole trader, partnership, limited company, etc.)
• Your full name, email address, and phone number as account owner

Billing and Payment Information

• Billing contact name and email
• Billing address
• Payment method details (we use third-party payment processors like Stripe)
• Transaction records including payment dates, amounts, invoice numbers, and payment status

Usage Data and Service Analytics

• Login frequency and session duration
• Features used and pages viewed
• Actions taken within the Service
• Search queries and navigation paths
• Error messages or issues encountered

Device and Technical Information

• Device type, operating system, and browser
• IP address and geographic location (city/region level)
• Connection type and network performance metrics

How We Use Your Information

To Provide and Operate the Service

• Create and manage your Hoist account
• Authenticate you when you log in
• Store and manage the data you enter
• Process your workshop operations
• Enable multi-user access for your staff
• Synchronize your data across devices
• Backup your data for disaster recovery

To Process Payments

• Process subscription payments
• Generate invoices
• Handle payment failures and refunds
• Maintain financial records for tax compliance

To Communicate With You

• Send account and security notifications
• Provide customer support
• Announce new features and improvements
• Send marketing communications (with your consent)

To Improve the Service

• Analyze how features are used
• Identify bugs and technical issues
• Test new features and improvements
• Optimize performance and reliability

For Security and Fraud Prevention

• Detect and prevent unauthorized access
• Monitor for suspicious activity
• Detect and prevent payment fraud
• Enforce our Terms of Service

How We Share Your Information

We do not sell your personal information to third parties. We may share your information with:

• Service Providers: Third parties who help us operate the Service (hosting, payment processing, analytics)
• Third-Party Integrations: When you connect third-party services (with your authorization)
• Legal Requirements: When required by law, court order, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets

Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for the Service to function (authentication, security, session management)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use Hoist

You can manage cookies through your browser settings, but disabling essential cookies may affect how Hoist works.

Data Security

We implement reasonable technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/SSL)
• Encryption of sensitive data at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection
• Incident response procedures

However, no system is completely secure, and we cannot guarantee absolute security.

Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service. After account closure:

• Your Data is deleted from active systems within 30 days
• Backup copies are deleted within 90 days
• Some data may be retained longer for legal compliance (financial records for 7 years under NZ tax law)
• Aggregated, anonymized data may be retained indefinitely

Your Customer Data

When you store your customers' personal information in Hoist, you are the data controller (“agency”) under the Privacy Act 2020, and we are the data processor. You are responsible for:

• Obtaining appropriate consent from your customers
• Providing them with privacy notices
• Complying with all Privacy Principles
• Responding to customer privacy requests
• Protecting customer information with appropriate security

International Data Transfers

Your data is primarily stored in New Zealand and Australia. It may be processed in other jurisdictions for backup, support, or technical operations. We ensure adequate protection for any cross-border data transfers as required by the Privacy Act 2020.

Children's Privacy

Hoist is designed for businesses and is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at accounts@hoist.nz.

Exercising Your Privacy Rights

To exercise your privacy rights under the Privacy Act 2020:

• Access: You can access most of your information through your account settings. For additional access requests, contact accounts@hoist.nz
• Correction: You can update most information directly in your account. For other corrections, contact us
• Deletion: You can delete your account through settings or by contacting us

We will respond to privacy requests within 20 working days as required by the Privacy Act 2020.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We'll notify you by email at least 14 days before the changes take effect
• We'll post a notice on our website
• We'll update the “Last Updated” date at the top of this policy

Contact Us

For privacy-related questions, concerns, or requests:

• Email: accounts@hoist.nz
• Include “Privacy Request” in the subject line

Hoist Software LTD
Company Number: 8842848
NZBN: 9429051507626

Complaints

If you believe we have breached the Privacy Act 2020, you can:

1. Contact us first to try to resolve the issue
2. If unresolved, complain to the Office of the Privacy Commissioner:

Office of the Privacy Commissioner
PO Box 10094
Wellington 6143
New Zealand
Phone: 0800 803 909
Website: www.privacy.org.nz