UnitHub

Consumer Information

Your rights and how we protect your financial data

Our Commitment to You

Your Data, Your Control

You decide what data we can access and can disconnect your bank account at any time without losing access to other UnitHub features.

Bank-Grade Security

We use OAuth 2.0 authentication - we never see your bank login credentials. All data is encrypted in transit and at rest.

Transparent Usage

We only use your bank data for rent payment matching and financial reporting. We never sell your data to third parties.

Compliant & Regulated

We comply with New Zealand Privacy Act 2020 and Consumer Data Right principles through our partnership with Akahu.

What is Akahu?

Akahu is a regulated financial data provider in New Zealand that connects your bank account to UnitHub securely. They act as an intermediary, allowing us to access your transaction data with your explicit permission, without ever seeing your bank login credentials.

Akahu is trusted by thousands of New Zealanders and complies with all relevant banking and privacy regulations.

How Bank Integration Works

  1. You Initiate Connection: Click "Connect Bank Account" in UnitHub Settings
  2. Secure Redirect to Akahu: You're redirected to Akahu's secure website
  3. Choose Your Bank: Select your bank from the list of supported institutions
  4. Bank Authentication: Log in directly on your bank's website (we never see your credentials)
  5. Grant Permission: Approve UnitHub's access to transaction data via Akahu
  6. Connection Complete: You're returned to UnitHub with a secure access token

What Data We Access

When you connect your bank account, we access:

  • Account Details: Account name, number (masked), type, and current balance
  • Transaction History: Date, amount, description, and merchant name
  • Transaction Categories: Pre-categorized by Akahu (e.g., rent, utilities)

We do not access:

  • Your bank login credentials (passwords, PINs, security questions)
  • The ability to move money or initiate payments
  • Credit card details or full account numbers
  • Other personal banking services (loans, mortgages, investments)

How We Use Your Bank Data

We use your transaction data for the following purposes only:

  • Automatic Rent Matching: We compare incoming bank deposits with expected rent payments to automatically mark payments as "Paid" when confidence is high (≥80%)
  • Financial Reporting: Generate income reports showing rent received vs expected
  • Payment History: Display reconciled transactions in your dashboard for easy tracking
  • Overdue Detection: Identify missing payments by comparing transactions to lease records

We do NOT use your data for marketing, profiling, credit scoring, or any purpose other than property management services you've explicitly requested.

Your Rights

✓ Right to Access

Request a copy of all bank data we've stored. Available via Settings → Export Data.

✓ Right to Disconnect

Disconnect your bank account at any time from Settings → Bank Integration → Disconnect. This revokes our access token and stops all data syncing.

✓ Right to Deletion

Request deletion of all stored transaction data. Note: We may retain aggregated financial summaries for tax compliance (7 years retention required).

✓ Right to Correct

If we've incorrectly matched a transaction, you can manually override it or request correction.

✓ Right to Complain

File a complaint with the Office of the Privacy Commissioner at privacy.org.nz

Security Measures

We protect your bank data with:

  • OAuth 2.0: Industry-standard secure authentication (same as Google/Facebook login)
  • Token Encryption: Akahu access tokens are encrypted using pgcrypto in our database
  • HTTPS/TLS: All data transmitted over encrypted connections
  • Row-Level Security: Your data is isolated from other users at the database level
  • No Storage of Credentials: We never store your bank username or password
  • Regular Security Audits: We conduct vulnerability assessments and penetration testing
  • Token Expiry: Access tokens expire after 60 days and require reauthorization

Data Retention

We retain your bank transaction data for as long as your bank account remains connected. When you disconnect:

  • The Akahu access token is immediately revoked and deleted
  • Transaction history may be retained for 90 days for dispute resolution
  • Aggregated financial summaries (totals, not individual transactions) are retained for 7 years for tax compliance as required by New Zealand law

Third-Party Sharing

We do not sell, rent, or share your bank data with third parties for marketing purposes.

We only share data when:

  • Required by law (court orders, tax authorities, law enforcement)
  • You explicitly request it (e.g., exporting data to your accountant)
  • Necessary for service operation (Supabase for database hosting, but data is encrypted)

How to Disconnect

To disconnect your bank account:

  1. Log in to UnitHub
  2. Go to Settings → Bank Integration
  3. Click "Disconnect" next to your connected account
  4. Confirm the disconnection

After disconnection, you can still use UnitHub's other features. Bank integration is entirely optional.

Questions or Concerns?

If you have questions about how we handle your bank data, please contact us:

Email: privacy@unithub.ai

Subject: "Consumer Data Inquiry"

For questions about Akahu's services, visit akahu.nz or contact support@akahu.nz

Last Updated: November 7, 2025

Version: 1.0

This Consumer Information Page is provided in accordance with Akahu's accreditation requirements and New Zealand Consumer Data Right principles.