Privacy Policy
Last updated: March 2026
Contents
This Privacy Policy explains how keel, operated by Samuel Sadler (“we”, “us”, “our”), collects, uses, stores, and protects your personal information when you use our property management platform at onkeel.co.nz (the “Service”).
We are committed to protecting your privacy in accordance with the New Zealand Privacy Act 2020 and the Information Privacy Principles (IPPs) it establishes. Where our users are based in Australia, we also comply with the Australian Privacy Act 1988.
1. Overview
keel is a property management platform that helps landlords manage their rental properties, tenants, maintenance, compliance, and finances. In the course of providing this service, we process personal information about property owners, tenants, and tradies.
2. Information We Collect
Account information
- Name, email address, phone number
- Password (stored as a secure hash — we never see your password)
- Billing information (processed by Stripe — we do not store card details)
Property and tenancy data
- Property addresses, details, and documents
- Tenant names, contact information, employment details, and references
- Tenancy agreements, lease terms, rent amounts, and bond information
- Maintenance requests, photos, and communications
- Compliance records and inspection reports
- Financial records including rent payments and arrears
Usage data
- Pages visited, features used, and time spent in the application
- Browser type, device information, and IP address
- Error logs and performance data
Communications
- Messages sent through the keel platform between owners, tenants, and tradies
- Email correspondence with our support team
3. How We Use Your Information
In accordance with IPP 10 (Limits on Use of Personal Information), we use your information to:
- Provide the Service — manage properties, tenancies, maintenance, compliance, and finances
- Communicate with you — send notifications, updates, and support responses
- Process payments — manage subscriptions and billing through Stripe
- Improve the Service — analyse usage patterns to enhance features and fix issues
- Ensure security — detect and prevent fraud, abuse, or unauthorised access
- Comply with law — meet legal obligations including the Residential Tenancies Act 1986
We do not sell your personal information. We do not use your data for advertising.
4. AI Data Processing
keel uses artificial intelligence (currently powered by OpenAI) to provide features such as maintenance triage, message drafting, compliance information, and a general chat assistant. When you use these features:
- Relevant context (such as maintenance descriptions or property details) is sent to OpenAI’s API for processing
- We use OpenAI’s API endpoints that do not retain or use your data for model training
- AI responses are generated in real-time and returned to you — they are not stored by OpenAI
- We log AI usage (tokens used, timestamps) for cost management but do not log the content of AI conversations on third-party servers
For more details, see our AI Disclaimer.
5. Data Sharing & Third Parties
In accordance with IPP 11 (Limits on Disclosure), we share your information only with:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database & authentication | All application data (hosted in Sydney, Australia) |
| Stripe | Payment processing | Email, name, billing details |
| Resend | Transactional emails | Email addresses, email content |
| Twilio | SMS notifications | Phone numbers, SMS content |
| OpenAI | AI features | Contextual data for AI processing (no retention) |
| Vercel | Application hosting | Request logs, IP addresses |
We do not sell, rent, or trade your personal information to any third party.
6. Data Storage & Security
Your data is stored in Supabase’s Sydney (Australia) region. We implement the following security measures:
- Encryption in transit (TLS/HTTPS) and at rest
- Row-Level Security (RLS) ensuring users can only access their own data
- Secure password hashing via Supabase Auth
- Service role keys stored securely as environment variables, never exposed to clients
- Regular security reviews and dependency updates
While we take reasonable steps to protect your information, no method of electronic storage is 100% secure. We cannot guarantee absolute security.
7. Cookies
keel uses cookies for:
- Authentication — maintaining your login session (essential, cannot be disabled)
- Preferences — remembering your settings
We do not use advertising or tracking cookies. We do not use third-party analytics cookies.
8. Data Retention
In accordance with IPP 9 (Retention of Personal Information):
- Active accounts — data is retained for the duration of your account
- Closed accounts — data is retained for 30 days to allow retrieval, then permanently deleted
- Audit logs — retained for 12 months for security and compliance purposes
- Backup data — removed within 90 days of account deletion
9. Your Rights
Under the NZ Privacy Act 2020, you have the right to:
- Access (IPP 6) — request a copy of the personal information we hold about you
- Correction (IPP 7) — request correction of inaccurate or incomplete information
- Deletion — request deletion of your account and associated data
- Data portability — export your data in a standard format
- Complaint — lodge a complaint with the NZ Privacy Commissioner if you believe your privacy has been breached
To exercise any of these rights, contact us at sam@onkeel.co.nz. We will respond within 20 working days as required by the Privacy Act.
10. Children’s Privacy
keel is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. International Transfers
Your data is primarily stored in Australia (Sydney region). Some data is processed by services based in the United States (Stripe, OpenAI, Resend, Twilio, Vercel). These transfers are conducted in accordance with IPP 12 (Disclosure of Personal Information Outside New Zealand) and we ensure that adequate safeguards are in place through our agreements with these providers.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 14 days before they take effect. The “Last updated” date at the top of this page indicates when the policy was last revised.
13. Contact & Privacy Officer
For privacy-related enquiries or to exercise your rights:
- Privacy Officer: Samuel Sadler
- Email: sam@onkeel.co.nz
- Address: keel, New Zealand
You may also contact the Office of the Privacy Commissioner if you are not satisfied with our response.