OmvaOmva

OMVA Privacy Policy

Last updated: 2 June 2026

1. Overview

This Privacy Policy explains how OMVA LIMITED collects, uses, stores, shares, and protects personal information when people use OMVA, visit OMVA-powered sites, create OMVA accounts, publish sites, request insurance quotes, receive referrals, set up payouts, contact support, use AI features, apply for careers, or interact with OMVA online.

OMVA is based in New Zealand and is available to users worldwide. Because privacy laws differ by country, this policy provides a global baseline and includes additional rights that may apply in places such as New Zealand, Australia, the EU/UK, and California/United States.

2. Who we collect information about

We may collect information about:

  • visitors to omva.co.nz and OMVA-powered sites
  • registered OMVA users and site owners
  • referral partners and affiliates
  • end-customers requesting insurance quotes or using tenant/template sites
  • people communicating with support
  • administrators and team members
  • payout recipients
  • careers applicants
  • marketplace waitlist users and future marketplace participants

3. Information we collect

Depending on how you use OMVA, we may collect:

Account and profile data

Name, email address, phone number, username, avatar, country, timezone, language, account status, plan, role, sign-up source, authentication metadata, and account preferences.

Site owner and business data

Site name, brand name, logo, colors, typography, templates, site content, specialties, custom domains, business details, public contact details, referral codes, published pages, SEO settings, AI-generated drafts, compliance flags, support tickets, and site performance metrics.

End-customer quote/request data

Name, email, phone, location/city, insurance type, desired start date, current insurer/premium if provided, product-specific quote details, selected quote information, referral/policy event information, and related communications.

Product-specific information may include vehicle details, property details, travel details, pet details, business details, date of birth, gender, smoker status, occupation, income, claims history, or other information required by insurers/providers for the relevant product.

Financial, commission, and payout data

Plan/subscription details, billing status, commission records, earnings, referral revenue, payout history, payout eligibility, Wise recipient details, account holder information, bank routing details, IBAN/SWIFT where applicable, country/currency, tax-related information if collected, fraud/compliance review status, and payout audit information.

Payment/subscription data

Billing provider identifiers, subscription status, invoices/receipts, plan changes, payment failures, cancellation records, and tax information where required. Full payment card details are normally processed by payment providers and not stored directly by OMVA.

Analytics, referral, and marketing source data

UTM source, medium, campaign, content and term, referrer, landing page, referral codes, traffic source, device, browser, operating system, approximate location, IP address or derived information, session ID, journey data, product events, quote events, page views, conversion events, and performance analytics.

AI and automation data

Prompts, generated copy, template requests, chat/help messages, palette/copy generation metadata, AI safety outputs, content scanning results, error intelligence, and related usage logs.

Support, moderation, and admin data

Support messages, replies, attachments, account notes, moderation flags, audit logs, admin actions, account restrictions, security logs, error logs, and internal review records.

Careers data

Name, email, phone, city/country, address, work rights, role/company, experience, salary expectation, availability, social/profile links, screening answers, cover letter text, CV/resume uploads, portfolio links, referral source, and recruitment notes.

Technical and security data

IP address, user agent, request headers, cookies, session storage/local storage identifiers, device/browser/OS, timestamps, rate-limit/security logs, error reports, authentication/session events, and fraud prevention indicators.

4. How we use information

We use information to:

  • create and manage accounts
  • provide the OMVA platform
  • build, host, publish, and manage OMVA-powered sites
  • process quote/referral requests
  • connect customers with insurers/providers/partners where relevant
  • display aggregated analytics and performance metrics to site owners
  • manage subscriptions and billing
  • calculate commissions and process payouts
  • verify referral eligibility and prevent fraud
  • provide support and respond to complaints
  • monitor, moderate, and enforce legal/compliance requirements
  • scan content for risky insurance/financial-advice wording
  • operate AI-assisted tools
  • improve templates, platform features, and user experience
  • produce aggregated/non-PII market intelligence and reporting
  • comply with legal, tax, regulatory, security, and recordkeeping obligations
  • process careers applications

5. End-customer data and site owner visibility

Site owners do not receive raw customer personal information by default. OMVA may provide site owners with aggregated or non-PII reporting, such as traffic, conversions, referral counts, commission amounts, performance, product categories, and other numbers.

Customer personal information may be processed by OMVA and shared with relevant insurers/providers/partners where needed for quotes, referrals, contact, fulfilment, policy servicing, support, compliance, or legal obligations.

6. Legal bases and lawful purposes

Depending on the country and context, we may process information because:

  • it is necessary to provide OMVA and perform our agreement with you
  • you consented
  • we have a legitimate business interest that is not overridden by your rights
  • processing is necessary for legal, tax, security, fraud prevention, or regulatory reasons
  • processing is necessary to respond to your request or application

For New Zealand, we process personal information in line with the Privacy Act 2020 and the Information Privacy Principles.

7. Sharing information

We may share information with:

  • insurers/providers/partners where needed for quote/referral/customer flows
  • payment and billing providers
  • payout providers such as Wise
  • hosting, database, storage, and infrastructure providers
  • email and communications providers
  • analytics, error monitoring, and security providers
  • AI service providers where AI features are used
  • professional advisers, lawyers, accountants, auditors, or insurers
  • regulators, law enforcement, courts, dispute bodies, or government agencies where required or appropriate
  • business purchasers or successors if OMVA is involved in a sale, merger, restructuring, or similar transaction, subject to legal requirements

We do not sell raw customer personal information to site owners. Aggregated, anonymised, or de-identified market intelligence may be used or shared where permitted by law and described in this policy. If information can reasonably identify a person, we treat it as personal information.

8. International transfers

OMVA is based in New Zealand but uses global infrastructure and service providers. Your information may be stored or processed in New Zealand, Australia, the United States, the European Economic Area, the United Kingdom, or other locations where our providers operate.

Where required, we take steps to ensure cross-border disclosures are protected through contractual safeguards, processor terms, adequacy mechanisms, standard contractual clauses, or other lawful transfer mechanisms.

9. Cookies and tracking

We use cookies, local storage, session storage, and similar technologies for authentication, security, preferences, referral tracking, analytics, product improvement, error monitoring, chat/help, careers drafts, and marketing attribution. See the Cookie Policy for details.

Where legally required, optional analytics, marketing, or non-essential tracking should only run after appropriate consent.

10. Data retention

We keep information for as long as needed for the purposes described in this policy, including providing the service, complying with law, resolving disputes, enforcing agreements, fraud prevention, tax/accounting records, insurance/referral records, support history, audit logs, and security.

Our general retention approach is:

  • Account data: while the account is active and for up to 30 days after account closure, unless a longer retention period is required for security, disputes, or legal obligations
  • Quote/referral/customer data: up to 12 months for incomplete quote or referral activity, and up to 7 years for completed policy, billing, commission, payout, or compliance records where legal or insurer/provider obligations apply
  • Commission/payout/tax records: up to 7 years
  • Support records: generally up to 24 months after the ticket or conversation is closed
  • Careers applications: generally up to 12 months after the recruitment process ends, unless you ask for earlier deletion and we are able to comply
  • Security/audit logs: generally up to 24 months, and longer where needed for fraud prevention, abuse review, or legal claims
  • Aggregated/de-identified market data: may be retained longer where lawful

11. Security

We use technical and organisational measures designed to protect information, including access controls, role-based permissions, audit logs, secure hosting, encrypted connections, and service-provider security controls. No system is completely secure, and we cannot guarantee absolute security.

12. Your privacy rights

Depending on where you live, you may have rights to:

  • access your personal information
  • correct inaccurate information
  • delete information
  • restrict or object to processing
  • export or receive a copy of your information
  • withdraw consent
  • opt out of certain marketing or tracking
  • complain to a privacy regulator

To make a request, contact support@omva.co.nz.

13. New Zealand privacy rights

If New Zealand privacy law applies, you may request access to and correction of your personal information under the Privacy Act 2020. You may also complain to the New Zealand Office of the Privacy Commissioner.

14. Australia privacy rights

If Australian privacy law applies, you may have rights under the Australian Privacy Principles, including rights relating to access, correction, direct marketing, and overseas disclosure.

15. EU/UK privacy rights

If EU or UK GDPR applies, you may have rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority. You may also have rights relating to automated decision-making, if applicable.

16. California / US privacy rights

If California privacy law applies, you may have rights to know, access, correct, delete, opt out of certain sale/sharing uses, limit certain sensitive personal information uses, and not be discriminated against for exercising privacy rights. OMVA does not knowingly sell raw customer personal information to site owners.

US children's privacy: OMVA does not knowingly collect personal information from children under 13. OMVA account/site owner use is intended for people 18+.

17. Marketing communications

You can opt out of marketing emails where provided. Transactional, account, security, payout, support, and legal notices may still be sent.

18. Children's data

OMVA account holders and site owners must be at least 18. End-customer age eligibility depends on insurer/provider product rules. We do not knowingly allow under-18s to operate OMVA-powered sites or receive payouts.

19. Changes to this policy

We may update this Privacy Policy. If changes are material, we will take reasonable steps to notify users or require re-acceptance where appropriate.

20. Contact

Contact OMVA at support@omva.co.nz.