Artisan Ideas Ltd

Solutions for your Software Development Needs

Privacy Statement - Artisan Ideas Ltd & App-Rentice

Effective: March 7th, 2026

Artisan Ideas values the trust you place in us when you use artisanideas.co.nz, webapp.nz, App-Rentice, our Firebase hosting domains (including app-rentice.firebaseapp.com and app-rentice.web.app), and our subdomains within those websites, Mobile Applications (apps) or tools (collectively, our "Websites" or "Services"). This Privacy Policy describes our collection, use, and disclosure of your information and applies to our websites and applications that link to it, regardless of how you access or use them, including through mobile devices, web browsers, or native applications.
If you do not agree to the terms of this Privacy Policy, please do not use our Websites. We may make changes to this Privacy Policy from time to time. We will post any changes to our Websites. Your continued use of our Websites following the posting of any changes will mean you accept those changes.
 
Information We May Collect
We collect, process, share and retain information from you and any devices you may use when you access our Websites, use our services, register for an account with us, provide us information on a web form, update or add information to your account, participate in community discussions, chats, or otherwise correspond with us. The specific information we collect depends upon your use of the Websites, as described below.
Information You Give Us
We receive and store information you enter on our Websites or give us in any other way, including but not limited to:
               Your name
               Phone number
               Email address
Information About Your Interaction With Our Websites
We collect information about your interactions with our Websites, such as the purchases you make or the pages you visit.
Information We Automatically Collect
We receive and store certain types of information whenever you interact with us or our Websites. Our Websites use "cookies," tagging and other tracking technologies. This information includes computer and connection information such as statistics on your page views, traffic to and from our Websites, referral URL, ad data, your IP address, and device identifiers; this information may also include your browsing history, transaction history, and your web log information.
Location Information
We may receive information about your location and your mobile device, including a unique identifier about your device.
Educational Assessment Data
If you use App-Rentice through a training provider, educational institution, or employer-sponsored apprenticeship program, we collect information specific to your training and assessment activities, including but not limited to:
               Qualifications, certifications, and courses you are pursuing
               Unit standards, learning outcomes, and competency assessments
               Assessment records, signoff evidence, and tutor feedback
               Portfolio entries, project work, activity logs, and work evidence
               Evidence media (photos, documents, notes) submitted for assessment purposes
               Tutor/assessor assignments and employer relationships
               Achievement badges, completion status, and progress tracking
               Timesheet records and work hours logged for apprenticeship programs
Educational data is collected to facilitate your training, provide assessments, track your progress, and generate completion records required by educational authorities and qualification bodies. This data may be shared with your educational institution, training provider, employer, assigned tutors/assessors, and relevant qualification authorities as necessary to support your learning and certification.
Educational Institution Relationships: If you are using App-Rentice through an educational institution, training provider, or employer, that organisation acts as a data controller alongside Artisan Ideas Ltd. Their privacy policy also applies to how your educational data is collected, used, and retained. Please review your institution's privacy policy for additional information about their data practices.
Assessment Record Retention: Educational assessment records may be retained for extended periods (typically 7 years or longer) as required by educational regulatory bodies, qualification authorities, and legal compliance requirements, even after your account is closed.
Authentication Tokens and Session Management
When you log in to App-Rentice, we issue JSON Web Tokens (JWT) to authenticate your session. These tokens are stored securely on your device:
               Mobile Devices (iOS/Android): Tokens are stored using Capacitor Preferences, which utilises your device's secure storage (encrypted by your device's operating system, protected by iOS Keychain or Android Keystore).
               Web Browsers: Tokens are stored in your browser's local Storage, subject to standard browser security protections.
               Token Contents: Tokens contain your user ID, role (student/tutor/employer), and session expiration time. They do NOT contain your password.
               Token Lifecycle: Access tokens expire periodically (typically within 15-60 minutes) and are automatically refreshed. Refresh tokens expire after 7 days or when you log out.
               Security: When you log out, all authentication tokens are immediately cleared from your device. We encrypt all token transmission using HTTPS/TLS protocols.
               Session Timeout: For security, your session will automatically expire after 30 minutes of inactivity, requiring you to log in again.
We do NOT store your password after login. Your password is hashed using industry-standard encryption before storage, and we cannot retrieve or decrypt your original password.
Information From Social Media and Other Sites
When you interact with our Websites or services on a social media platform, we may collect the personal information that you make available to us on that page, including your account ID or username. If you choose to log in to your account with or through a social networking service, Artisan Ideas Ltd and that service may share certain information about your activities.
Information From Other Sources
We may supplement the personal information we collect with information from third parties and add it to your account information. Information from third parties may include, but is not limited to, demographic information that is publicly available, additional contact information, group affiliations, occupational information, and educational background.
 
How We May Use Your Information
We use your information to help us personalize and continually improve your experiences on the Websites, including fulfilling your orders and requests for information, analysing and compiling trends and statistics, and communicating with you. For information about how to manage your information and choices you have, see "How to Limit the Use of Your Information" below.
General Uses
We may use your information to:
               Provide, maintain, and improve the Websites for internal or other business purposes
               Fulfil requests for information
               Provide, produce, and ship the products that you order or the services you request
               Provide customer support
               Track and evaluate the use of the Websites
               Communicate with you about your Customer Account, Content Owner Account, profile, changes to our policies or terms
               Send you information about features and enhancements on or to our Websites
               Send you newsletters or other materials
               Send you offers, promotions, or other communications about our products and services, including special or promotional events, including services, products, or events for which we collaborate or co-offer with a third party
               Detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal
               Optimise or improve our products, services and operations
               Perform statistical, demographic, and marketing analysis of users of the Websites and their viewing patterns
We may use the information from one portion of the Websites on other portions of the Websites, and we may combine information gathered from multiple portions of the Websites into a single record. We may also use or combine information that we collect offline or we collect or receive from third-party sources for many reasons, including to enhance, expand, and check the accuracy of our records.
 
How We May Share Your Information
We do not share your personal information with third parties, except as set forth below. We may disclose information that does not specifically identify you, such as aggregate information, device identifiers or other unique identifiers to third parties in any manner we deem appropriate. For information about how to manage your information and the choices you have, see "How to Limit the Use of Your Information" below.
On Sold, Shared or Purpose Built Apps and Websites
Artisan Ideas Ltd creates apps and Websites for use directly by its own customers and users as well as for the use by customers and users of other service providers (including but not limited to) businesses, organisations, associations, educational providers, and individuals. When our Websites and Apps are used in conjunction with the services provided by others, agreement to provide, store, and share your personal information with them will be with the understanding that you have agreed to the terms of their Privacy Policies. We are not responsible for the privacy practices of any Service Providers that use our Websites and/or Apps.
Sub-Processors and Third-Party Services
We engage specific third-party service providers (sub-processors) to help us deliver App-Rentice services. These organisations may have access to limited personal information only as necessary to perform their functions on our behalf. We require all sub-processors to maintain the confidentiality and security of your information and restrict them from using your data for any purpose other than providing services to App-Rentice.
Current Sub-Processors and Third-Party Services:
1           Firebase (Google Cloud Platform)
               Purpose: Application hosting, analytics
               Data Accessed: Usage analytics
               Location: United States (with EU data centers available)
               Privacy Policy: https://firebase.google.com/support/privacy
2           Capacitor/Ionic Framework
               Purpose: Mobile application framework (technical infrastructure only)
               Data Accessed: None - operates locally on your device
               Note: Capacitor does not transmit personal data to Ionic or third parties
3           Crazy Domains
               Purpose: Domain registration, real-time database, cloud storage,  and DNS hosting services
               Data Accessed: Domain registration information, User profiles, educational records, portfolio files, DNS records
               Location: Australia
               Privacy Policy: https://www.crazydomains.com.au/privacy/
4           SiteLock.com
               Purpose: Website security monitoring, malware scanning, DDoS protection, web application firewall (WAF)
               Data Accessed: Website traffic data, security logs, potential threat data
               Location: United States
               Privacy Policy: https://www.sitelock.com/privacy.php
               Note: SiteLock actively monitors and protects against malicious traffic, malware, and security vulnerabilities
5           Email Service Provider – Crazy Domains
               Purpose: Sending account notifications, login alerts, password reset emails
               Data Accessed: Your email address, name, notification content
               Location: Australia
               Privacy Policy: https://www.crazydomains.com.au/privacy/
 
Data Processing Agreements: We maintain formal Data Processing Agreements (DPAs) with all sub-processors handling personal data, ensuring they comply with GDPR, New Zealand Privacy Act 2020, and other applicable privacy laws.
Changes to Sub-Processors: We may change or add sub-processors from time to time. Material changes to this list will be reflected in updates to this Privacy Policy. We will provide notice of significant changes via email or in-app notification.
International Data Transfers: Some sub-processors may process your data outside New Zealand. Where data is transferred internationally, we ensure appropriate safeguards are in place, including:
               Standard Contractual Clauses (SCCs) approved by the European Commission
               Privacy Shield certification (where applicable)
               Adequacy decisions by relevant data protection authorities
Sale, Assignment or Change of Control
We may change our ownership or corporate organisation while providing the Websites. We may transfer to another entity or its affiliates some or all the information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any business, other change of control transaction or financing. Under such circumstances, we would request the acquiring party to follow the practices described in this Privacy Policy. Nevertheless, we cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Privacy Policy.
Law Enforcement, Legal Process, and Emergency Situations
We may also use or disclose your personal information if required to do so by law or on the good-faith belief that such action is necessary to (a) conform to applicable law or comply with legal process served on us or the Site; (b) protect and defend our rights or property, the Websites or our users, or (c) act to protect the personal safety of us, users of the Website or the public.
 
Tracking and Interest-Based Advertising
Although Interest-Based Advertising is not currently implemented, like many websites, we may use tracking technologies such as cookies, web beacons and similar technologies to record your preferences, track the use of our Websites and exposure to our online advertisements. We may also use these technologies to monitor traffic, improve the Websites, and make it easier to use and more relevant.
We may partner with third party advertising companies who also use these tracking tools to provide advertisements on our Websites or other websites. These third parties may use these technologies to collect information about you when you use the Websites. They may collect information about your online activities over time and across different websites and other online services. They may also use persistent identifiers to track your Internet usage across other websites in their networks beyond the Websites. They may use this information to provide you with interest-based advertising or other targeted content. While we do not knowingly provide these entities with information that personally identifies you, such third parties may, with sufficient data from other sources, be able to personally identify you, unknown to us. To learn more about the third-party collection and use of your information, please visit the Network Advertising Initiative and/or the Digital Advertising Alliance.
Some content or applications, including advertisements, on the Websites may be served by unaffiliated third parties. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement, you should contact the responsible advertiser directly. We are not responsible for the content or privacy practices on any website not operated by Artisan Ideas Ltd to which our Websites link or that link to our Websites.
Your browser or device may include "Do Not Track" functionality. Artisan Ideas Ltd information collection and disclosure practices, and the choices that we provide to customers, will continue to operate as described in this Privacy Policy, whether or not a Do Not Track signal is received.
 
Data Retention
We retain your personal information only as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.
Active Accounts: While your account is active, we retain your personal information to provide you with App-Rentice services, maintain your educational records, and comply with legal obligations.
Deleted Accounts: When you request account deletion:
       • Most personal data is deleted within 30 days of your request
       • Educational assessment records, signoff documentation, and qualification evidence may be retained for 7 years (or longer) as required by educational regulatory bodies, accreditation authorities, and legal compliance requirements
       • System access logs and security incident records may be retained for up to 2 years for fraud prevention and legal compliance
Backups: Deleted data may remain in our backup systems for up to 90 days before being permanently purged. Backups are encrypted and inaccessible for routine use.
Inactive Accounts: Accounts inactive for more than 3 years may be archived or deleted, with advance notice sent to your registered email address.
Legal Holds: We may be required to retain certain information beyond normal retention periods due to legal holds, litigation, investigations, or regulatory requests. In such cases, we will retain the minimum necessary information for the minimum required period.
Specific Retention Periods:
               User account profiles: Duration of active account + 30 days after deletion (unless legal hold applies)
               Educational assessment records: 7 years after completion (or as required by your institution/qualification body)
               Portfolio evidence and media files: 7 years after completion (or as required by your institution)
               Login activity logs: 2 years
               Email communications: 2 years
               Support tickets and correspondence: 3 years
 
How We Protect Your Information
We take the security of your personal information seriously and implement technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, and destruction.
Technical Security Measures
1              Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS 1.2 or higher, including login credentials, personal information, and educational records.
2              Encryption at Rest: Sensitive data stored in our databases is encrypted using industry-standard encryption algorithms (AES-256).
3              Password Security:
·             User passwords are hashed using bcrypt with multiple rounds of salting
·             We NEVER store plain-text passwords
·             We cannot retrieve or decrypt your original password
·             Password requirements: Minimum 8 characters (recommended 12+), with uppercase, lowercase, number, and symbol
4       Authentication Security:
·            JSON Web Token (JWT) based authentication with automatic expiration
·            Session timeout after 30 minutes of inactivity
·            Account lockout after 5 failed login attempts (15-minute lockout period)
·            Rate limiting to prevent brute-force attacks
5       Access Controls:
·            Role-based access control (RBAC): Students, tutors, employers, and administrators can only access data relevant to their role
·            Principle of least privilege: System access restricted to minimum necessary permissions
6       Network Security:
·            Web Application Firewall (WAF) provided by SiteLock.com
·            DDoS protection and traffic filtering via SiteLock.com
·            Firewall protection and intrusion detection systems
·            Regular security patching and software updates
·            Real-time malware scanning and vulnerability monitoring (SiteLock)
·            Automated threat detection and blocking of malicious traffic
Administrative Security Measures
1               Staff Training: Employees with access to personal data receive regular privacy and security training.
2               Background Checks: Employees with access to sensitive educational data undergo background screening where legally permitted.
3               Access Logging: All access to personal data is logged and monitored for suspicious activity.
4               Incident Response Plan: We maintain a documented security incident response plan to address potential data breaches quickly and effectively.
5               Regular Security Audits: We conduct periodic internal security assessments.
6               Continuous Website Security Monitoring: SiteLock.com provides 24/7 automated security monitoring, including:
·       Daily malware and vulnerability scans
·       Real-time threat detection and blocking
·       Web application firewall (WAF) protection
·       Automatic security alerts for suspicious activity
Physical Security
Our cloud infrastructure providers (Google Cloud/Firebase) and domain hosting provider (Crazy Domains) maintain physical security controls including:
               24/7 monitored data centers
               Biometric access controls
               Environmental controls (fire suppression, climate control)
               Redundant power and network infrastructure
Data Breach Notification
In the unlikely event of a data breach involving your personal information, we will:
1           Notify affected users within 72 hours of discovery (as required by GDPR and NZ Privacy Act)
2           Notify your educational institution (if applicable)
3           Report the breach to relevant authorities (e.g., NZ Privacy Commissioner, ICO)
4           Provide details about what data was affected and steps we're taking to mitigate harm
5           Offer recommendations for protecting your account and personal information
Your Responsibility
While we implement strong security measures, you also play a critical role in protecting your information:
            Choose a strong, unique password and do not reuse passwords across multiple sites
            Do not share your login credentials with others
            Log out when using shared or public devices
            Keep your device operating system and browser updated
            Use encryption and secure networks when accessing App-Rentice (avoid public WiFi for sensitive activities)
            Report suspicious activity immediately to daniel@artisanideas.co.nz
Limitations: No system is 100% secure. While we implement industry best practices, we cannot guarantee absolute security of data transmitted over the internet or stored electronically. You use App-Rentice at your own risk and are responsible for maintaining the security of your credentials and devices.
 
Your Privacy Rights and Data Access
We take steps to ensure that the personal information we collect is accurate and up to date, and we provide you with the ability to access, correct, and control your information.
Account Access and Self-Service
You can access, review, and update much of your personal information by logging into your App-Rentice account. This includes your contact details, profile information, and account preferences.
Your Legal Rights
Depending on your location, you may have the following rights under privacy laws (including GDPR and the New Zealand Privacy Act 2020):
1               Right to Access: Request a copy of all personal information we hold about you, including educational records, assessment data, and account history.
2               Right to Correction: Request that we correct or update inaccurate or incomplete personal information.
3               Right to Deletion (Right to be Forgotten): Request deletion of your personal information, subject to legal exceptions (e.g., assessment records we are required to retain for regulatory compliance).
4               Right to Data Portability: Request your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV export) for transfer to another service.
5               Right to Restrict Processing: Request that we limit how we process your personal information under certain circumstances.
6               Right to Object: Object to processing of your personal information for direct marketing purposes or other legitimate interests.
7               Right to Withdraw Consent: Withdraw previously given consent for processing your information (where consent was the legal basis for processing).
How to Exercise Your Rights (Data Subject Access Request - DSAR)
To exercise any of these rights, please contact us at:
            Email: daniel@artisanideas.co.nz
            Subject Line: "DSAR Request - [Your Name]"
            Include: Your full name, account email, specific request, and any relevant details
Response Timeline: We will respond to your request within 30 days (or as required by applicable law). For complex requests, we may extend this period by an additional 30 days and will notify you of any delay.
Identity Verification: To protect your privacy and security, we may require you to verify your identity before processing your request. This may involve confirming your account email, answering security questions, or providing government-issued identification.
Limitations
We may not be able to accommodate certain requests if:
            Fulfilling the request would violate legal obligations (e.g., retaining assessment records required by educational authorities)
            The request would reveal information about another person
            Deletion would compromise ongoing investigations or legal proceedings
            We cannot verify your identity adequately
No Fee: We do not charge a fee for most data access requests. However, we reserve the right to charge a reasonable administrative fee for repetitive, excessive, or manifestly unfounded requests.
Complaints
If you are not satisfied with how we handle your request or believe we have violated privacy laws, you have the right to lodge a complaint with:
            New Zealand Privacy Commissioner: privacy.org.nz
            Your local data protection authority (if located in the EU or other jurisdiction)
 
How to Limit the Use of Your Information
In many instances, you have choices about the information you provide and limiting how we use your information. These choices, and any related consequences, are described in detail below.
Personal Information
You may choose not to provide your personal information, such as your name, address, or phone number, but then you might not be able to take advantage of our site and/or app features.
Emails, Newsletters, and Other Communications
When you create an account through our Websites, you are required to provide us with an accurate e-mail address through which we may contact you. Registration through our Websites or apps constitutes your express acknowledgement that Artisan Ideas Ltd may use your e-mail address to communicate with you about product offerings from us. While you cannot opt-out of receiving notifications and other communications regarding your account, you can opt-out of receiving newsletters and promotional emails and other marketing communications from us by using the "unsubscribe" feature in our marketing e-mails and newsletters.
Location Tracking
Most mobile devices allow you to control or disable the use of location services by any application on your mobile device through the device's settings' menu. If you disable the use of location services you'll be required to manually enter your location if the Websites request it.
Online Tracking and Interest-Based Advertising
At this time, we do not use third-party advertising networks to deliver interest-based ads on App-Rentice. We use cookies and similar technologies primarily for core functionality, security, performance, and analytics. If we introduce third-party advertising or interest-based advertising in the future, we will update this Privacy Policy before doing so, including details about the advertising partners involved, what data is collected, and how you can opt out.
Mobile Device Opt-Out Options:
            Apple: http://support.apple.com/kb/HT4228
            Android: http://www.google.com/policies/technologies/ads/
            Windows: http://choice.microsoft.com/en-US/opt-out
Please note that opting-out of advertising networks services does not mean that you will not receive interest-based advertising from third parties that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms.
 
Children's Privacy
Our Services are not intended for users under the age of 13. Accordingly, we will not knowingly collect or use any personal information from children that we know to be under the age of 13. If you are under 18, your parent or guardian should review this privacy policy. Artisan Ideas Ltd may collect educational data about minors as part of school/training provider relationships. We will not use your data for marketing purposes without explicit parental consent.
 
Questions or Report a Problem
For questions about our Privacy Policy, to make choices about receiving promotional communications, to update your personal information, or to place an order, you can contact us at:
Email: daniel@artisanideas.co.nz
Mailing Address: Artisan Ideas Ltd 18 Marine Parade, Christchurch New Zealand
 
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. When we make changes, we will update the "Effective" date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
For material changes that significantly affect your rights, we will provide prominent notice (such as email notification or a notice on our homepage) prior to the change becoming effective.
 
2026 Artisan Ideas Ltd. All rights reserved.
Last Updated: March 7, 2026