Loopie

Loopie Privacy Policy

Last updated:
Company: Loopie Technology Limited (trading as Loopie), NZ Company No. 9362845
Contact: privacy@loopie.nz / support@loopie.nz
Jurisdiction: New Zealand (Privacy Act 2020)

Introduction and scope

  1. Loopie Technology Limited (we, us, our) understands the importance of protecting Personal Information. This Privacy Policy explains how we collect, use, disclose, store and protect Personal Information when you use our mobile and web applications, our optional OBD device, our website, and related services (Services).
  2. By providing Personal Information or using the Services, you acknowledge this Privacy Policy. If you do not agree, please do not provide Personal Information and discontinue use of the Services.
  3. This Privacy Policy applies in New Zealand and is intended to comply with the Privacy Act 2020 and associated guidance of the Office of the Privacy Commissioner (OPC).

Key principles

  1. We collect the minimum data necessary to deliver Loopie.
  2. We do not collect GPS location, driver-behaviour or telematics location/route data.
  3. We use secure, reputable providers and apply safeguards where data is processed overseas.
  4. You can access and correct your Personal Information and can ask us to delete your account.

Definitions

  1. Personal Information has the meaning in the Privacy Act 2020 (information about an identifiable individual).
  2. NZTA means Waka Kotahi New Zealand Transport Agency.
  3. RUC means Road User Charges as defined in the Road User Charges Act 2012.
  4. Device means a Loopie-branded OBD-II hardware unit that reads or validates odometer data without GPS capability.
  5. MotoCheck means NZTA-authorised data services we may use to validate vehicle information.

What we collect

  1. Identity and contact data: name, email, phone number, and (optionally) address.
  2. Account data: login credentials (passwords stored as salted/hashed), in-app preferences, notification settings.
  3. Vehicle and compliance data: plate number, make/model, RUC vehicle type, odometer entries or readings, NZTA reference numbers and licence details strictly required to facilitate RUC purchases on your instruction.
  4. Transaction data: payment confirmations, dates, amounts, and RUC purchase references. We do not store full payment card details (see clause 10).
  5. Technical and usage data: device model, OS version, app version, crash logs, diagnostic and performance data, limited analytics (pages/screens viewed, feature usage counts).
  6. Support and communications data: messages sent to us, call notes, issue descriptions, attachments you provide.
  7. Professional/recruitment data (only if you apply for a role): CV/resume, employment history, referee details.
  8. Marketing preferences: opt-in/opt-out status, topics of interest you select.

What we do not collect

  1. GPS location (precise or approximate).
  2. Continuous trip logs, route histories, or geofencing data.
  3. Audio, video or in-cabin data.
  4. Sensitive categories unless you voluntarily provide them (we do not ask for health, biometric, or similar data).

How we collect information

  1. Directly from you when you register, add a vehicle, make a purchase, contact support or otherwise use the Services.
  2. From the Device if you pair it (solely odometer readings/validations; no GPS).
  3. From third parties you authorise or where reasonably necessary to provide the Services, including NZTA-approved systems and MotoCheck (vehicle data verification) and payment processors (transaction confirmations).
  4. Automatically via app telemetry and website cookies/analytics (see clause 11).
  5. From publicly available sources (e.g., Companies Office) where appropriate for fraud prevention or account verification.

Why we collect and how we use information

  1. To provide and improve the Services: account creation, authentication, RUC reminders, facilitating RUC purchases through NZTA-approved systems, pairing/operating the Device, troubleshooting, and feature development.
  2. Compliance and verification: validating vehicle status and odometer entries via NZTA-approved services to action RUC transactions.
  3. Payments and billing: processing payments and issuing confirmations (via Stripe or POLi), fraud checks, reconciliation.
  4. Security and integrity: detecting and preventing abuse, spam, fraud and outages.
  5. Customer support: responding to requests, complaints and feedback.
  6. Analytics and product development: aggregated and de-identified statistics to improve performance and usability.
  7. Communications: sending important service messages (e.g., RUC expiry reminders, policy updates).
  8. Marketing (optional): sending news and offers if you opt in; you can opt out at any time (clause 16).

Legal basis and choice (NZ practice)

  1. While New Zealand law does not require a GDPR-style lawful basis statement, we aim to only collect what is reasonably necessary for the purposes described in clause 7.
  2. You may choose not to provide certain data; however, this may limit or prevent use of the Services (for example, we cannot facilitate RUC purchases without certain vehicle and contact details).

Disclosures of Personal Information

  1. NZTA and authorised data services: to validate vehicles/odometer entries and facilitate RUC purchases under NZTA-approved systems.
  2. Payment processors: Stripe Payments New Zealand Limited and POLi Payments Limited for processing payments and fraud prevention.
  3. Hosting, support and operational vendors: reputable cloud hosting, customer support and error-logging providers engaged under confidentiality and data-protection terms.
  4. Professional advisers and auditors: lawyers, accountants and auditors bound by confidentiality.
  5. Corporate transactions: as part of a merger, acquisition or sale of assets, subject to confidentiality and continued protection.
  6. Legal/regulatory: where required or authorised by law, court order, or to respond to lawful requests.
  7. We do not sell Personal Information.
  8. Speed/acceleration data disclosure: we do not disclose or report speed or acceleration readings to NZTA or any other agency or third party, unless disclosure is legally required (e.g., by court order or applicable law).

Payments (Stripe, POLi and bank transfer)

  1. Card payments are processed by Stripe. Stripe may collect and store limited cardholder data directly; we receive tokenised/last-4 metadata and transaction status only. Stripe’s terms and privacy policy apply in addition to this Privacy Policy.
  2. Internet-banking payments may be processed by POLi. POLi’s terms and privacy policy apply in addition to this Privacy Policy.
  3. Bank transfers may be used for certain transactions; we retain remittance details for reconciliation and audit.
  4. We recommend reviewing Stripe and POLi privacy terms before using those payment options.

Cookies and analytics

  1. We use cookies and similar technologies on our website/app to remember preferences, maintain sessions, measure performance and run limited, privacy-respecting analytics.
  2. You can block or delete cookies in your browser settings. Doing so may affect site/app functionality.
  3. Where we use third-party analytics, we configure them to minimise Personal Information and, where practicable, to aggregate or pseudonymise data.

Single sign-on (Apple, Google, Facebook)

  1. If you register or sign in using Apple, Google or Facebook, we receive the fields you authorise (typically name and email; optionally profile picture).
  2. We use this information solely to create and manage your Loopie Account. You can decouple SSO in your account settings (subject to app functionality).
  3. For Facebook sign-ins: you may request deletion of data received from Facebook (clause 19).
  4. Apple/Google/Facebook privacy terms apply in addition to this Privacy Policy.

Optional Device pairing (no GPS)

  1. When you pair a Device, it reads or validates odometer data and may measure supplementary data points such as speed or acceleration to help verify odometer integrity or detect sensor anomalies.
  2. The Device does not contain a GPS module, does not collect or transmit precise or approximate location data, and does not use telematics for route or trip recording.
  3. These readings are processed and stored only as needed to ensure system accuracy, fraud prevention, or to comply with NZTA audit requirements.

Overseas transfers and location of data

  1. We aim to store data in New Zealand where practicable. Some processing may occur in other countries by our sub-processors (e.g., cloud hosting, error logging, email delivery).
  2. Where data is transferred or accessed overseas, we implement safeguards designed to provide comparable protection to the Privacy Act 2020, including contractual protections, vendor due diligence and technical controls (encryption in transit and at rest where appropriate).

Storage, security and retention

  1. We maintain administrative, technical and physical safeguards designed to protect Personal Information against unauthorised access, alteration, disclosure or loss, including access controls, encryption in transit, secure key management, environment hardening, monitoring and staff confidentiality obligations.
  2. No method of transmission or storage is completely secure. If we become aware of a notifiable privacy breach, we will assess and notify you and the OPC where required.
  3. We retain Personal Information only as long as necessary for the purposes described in this Privacy Policy and to meet legal obligations. Typical periods include:
    • (a) Transaction and tax records: up to seven years.
    • (b) Vehicle/RUC history and odometer records needed to evidence compliance or resolve disputes: a reasonable period consistent with regulatory and audit needs.
    • (c) Support tickets and communications: up to three years from closure, unless needed longer for a dispute.
  4. When data is no longer required, we take reasonable steps to securely delete or de-identify it.

Marketing communications

  1. We may send you marketing communications if you have opted in, or where otherwise permitted by law.
  2. You may opt out at any time by using the unsubscribe link in our emails or by contacting us (clause 20).
  3. Service and transactional messages (e.g., RUC reminders, security alerts) are necessary for the Services and are not marketing.

Your rights

  1. Access: you may request access to the Personal Information we hold about you. We will respond within a reasonable time. If we lawfully refuse, we will provide reasons and outline complaint mechanisms.
  2. Correction: you may request correction of inaccurate, incomplete or outdated Personal Information. If we do not agree to a correction, you may request that a statement of correction is attached to the relevant record.
  3. Choices: you may decline to provide certain data, opt out of marketing, disable cookies, or delete your account (clause 19).
  4. Complaints: please contact us first so we can investigate. You may also complain to the Office of the Privacy Commissioner (www.privacy.org.nz).

Children

  1. The Services are not intended for children under 16. If we learn that we have collected Personal Information from a child under 16, we will take reasonable steps to delete it.

Account/data deletion and portability

  1. You may request deletion of your account and associated Personal Information by contacting support@loopie.nz or via in-app controls (where available).
  2. We will action verified deletion requests within a reasonable period (normally within 7–10 Business Days), subject to data we are legally required to retain (e.g., tax records, transaction audit trails).
  3. Where technically feasible, we can provide a copy of your core account data in a commonly used format upon request.

Contacting us and complaints

  1. Privacy queries, access/correction requests, complaints and opt-out requests: privacy@loopie.nz or support@loopie.nz.
  2. Postal correspondence (optional to publish): [Insert postal/registered office if you wish to display it].
  3. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner: www.privacy.org.nz.

Changes to this Privacy Policy

  1. We may update this Privacy Policy from time to time. We will post the updated version in the app/website with a new “last updated” date and, where changes are material, we will provide reasonable notice (e.g., in-app notice or email).
  2. Continued use of the Services after an update takes effect indicates you accept the updated Privacy Policy.

Additional notices and third-party terms

  1. App Stores: If you download our app from Apple App Store or Google Play, their terms and privacy policies apply in addition to this Privacy Policy.
  2. Payments: Stripe and POLi process transactions as independent controllers/processors under their own terms.
  3. Links: Our Services may link to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

NZTA-specific disclosures

  1. We facilitate RUC purchases on your behalf through NZTA-approved systems. To do so, we may need to disclose your vehicle identifiers, odometer entries and related transaction details to NZTA and its service providers.
  2. NZTA may use or retain such information in accordance with its statutory powers and records-management obligations. Where NZTA corrects or adjusts RUC records, those updates may be reflected in our systems.

Data we may generate

  1. We may create aggregated and de-identified insights from usage and transaction data to improve our Services, inform product decisions and identify trends. We will not attempt to re-identify individuals from aggregated data.

Security incidents and breach handling

  1. We maintain incident-response procedures. If we become aware of a privacy breach that it is reasonable to believe has caused or is likely to cause serious harm, we will notify you and the OPC in accordance with the Privacy Act 2020.

International users

  1. The Services are designed for New Zealand users and vehicles registered in New Zealand. If you access the Services from outside New Zealand, you do so on your own initiative and are responsible for compliance with local laws.

Interpretation

  1. If there is any inconsistency between this Privacy Policy and our Terms and Conditions, the Terms and Conditions govern to the extent of inconsistency in relation to contractual rights and obligations; privacy handling remains governed by this Privacy Policy.
  2. Capitalised terms not defined here have the meanings given in our Terms and Conditions.