LEGAL

Privacy Policy

Last updated: 1 January 2026

Introduction

Intelligent Life Limited (“we”, “us”, or “our”) is a New Zealand company headquartered in Auckland. We develop and operate iUnderwrite, a cloud-native, multi-tenant SaaS underwriting platform used by insurers, reinsurers, and intermediaries across Australia and New Zealand.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the rights you have in relation to your information. It applies to visitors to our marketing website, prospective customers who submit enquiries, and users of the iUnderwrite platform.

We are committed to complying with the New Zealand Privacy Act 2020 and, where applicable to our Australian operations, the Australian Privacy Act 1988 (including the Australian Privacy Principles).

Information We Collect

We collect information in the following ways:

Contact and Enquiry Information

When you submit a demo request, contact form, or other enquiry on our website, we collect the business contact details you provide, which may include:

  • Your name and job title
  • Your business email address and phone number
  • Your company name and country
  • The message or context you choose to share with us

We collect this information solely to respond to your enquiry and to assess whether iUnderwrite may be a suitable fit for your organisation. We do not collect consumer or policyholder personal information through our marketing website.

Platform Usage and Telemetry Data

For customers using the iUnderwrite platform, we collect operational and usage data as part of delivering the service. This includes:

  • Authenticated user identifiers, roles, and tenant identifiers
  • Feature usage logs and audit trails (required for compliance and security)
  • Application performance telemetry (error rates, response times, system health metrics)
  • Session metadata (browser type, operating system, IP address)

Importantly, the underwriting and policyholder data processed through the iUnderwrite platform is owned by and remains the responsibility of the customer organisation (the insurer or intermediary). We process that data on the customer’s behalf under the terms of our subscription agreement.

Cookies and Analytics

Our marketing website uses a small number of cookies to understand how visitors use the site and to improve our content. We use privacy-respecting analytics tooling configured to anonymise IP addresses and avoid cross-site tracking. We do not use advertising or retargeting cookies.

See the Cookies section below for more detail and opt-out options.

How We Use Your Information

We use the information we collect for the following purposes:

  • Responding to enquiries. To contact you in response to a demo request, question, or expression of interest, and to follow up where appropriate.
  • Delivering the platform. To provision and operate your organisation’s iUnderwrite tenant, authenticate users, and maintain service availability.
  • Improving the service. To analyse aggregated usage patterns, identify areas for product improvement, and diagnose technical issues. We use only de-identified or aggregated data for this purpose.
  • Billing and account management. To manage subscription accounts, issue invoices, and handle payment-related communications with authorised contacts at customer organisations.
  • Security and fraud prevention. To monitor for unauthorised access, detect anomalies, and protect the integrity of the platform and its data.
  • Legal and regulatory compliance. To meet our obligations under applicable laws, respond to lawful requests from authorities, and enforce our agreements.

We do not use personal information for automated decision-making that produces legal or similarly significant effects on individuals without human review. We do not sell, rent, or trade personal information to third parties for marketing purposes.

Data Storage and Security

The iUnderwrite platform is hosted on Amazon Web Services (AWS). Customer data is stored in the AWS region agreed at the time of contracting — typically the Asia Pacific (Sydney) region for Australian customers and the Asia Pacific (Auckland) region for New Zealand customers. Data does not leave the contracted region except where required by law or with customer consent.

We apply the following security controls as standard:

  • Encryption of data at rest using AES-256, managed through AWS KMS
  • Encryption of all data in transit using TLS 1.2 or higher
  • Role-based access controls with least-privilege principles applied at both the application and infrastructure layers
  • Multi-factor authentication enforced for all administrative and privileged access
  • Automated vulnerability scanning and dependency auditing in our CI/CD pipeline
  • Logging and alerting through AWS CloudWatch and centralised security monitoring
  • Regular access reviews and offboarding procedures for staff

Our security practices are aligned with SOC 2 Type II principles. We conduct periodic internal reviews and work with customers to meet their own compliance requirements, including where insurers are subject to prudential standards set by APRA or the Reserve Bank of New Zealand.

In the event of a data breach that affects personal information, we will notify affected parties and the relevant Privacy Commissioner in accordance with our obligations under the Privacy Act 2020 (NZ) and the Notifiable Data Breaches scheme under the Australian Privacy Act 1988.

Sharing Your Information

We do not sell personal information. We share information only in the following circumstances:

  • Sub-processors and service providers. We engage a small number of trusted third-party service providers to help us operate the platform and our business — including AWS (infrastructure hosting), payment processors, and support tooling providers. These providers are contractually bound to process information only as directed by us and to maintain appropriate security standards.
  • Customer organisations. Platform data belonging to a customer tenant is accessible to that customer’s authorised administrators and users. We do not share one customer’s data with another customer.
  • Legal requirements. We may disclose information if required to do so by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers. If Intelligent Life Limited is involved in a merger, acquisition, or sale of assets, personal information held by us may be transferred to the acquiring entity, subject to equivalent privacy protections.

Your Rights

Depending on your location and circumstances, you have rights in relation to your personal information. Under the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988, these include:

  • The right to access personal information we hold about you
  • The right to correct information that is inaccurate, out of date, or incomplete
  • The right to ask us to delete information we no longer have a lawful basis to retain (subject to our legal and contractual obligations)
  • The right to complain to the Privacy Commissioner if you believe we have not handled your information appropriately

If you are a user of the iUnderwrite platform through your employer or insurer, please note that your organisation (not Intelligent Life Limited) controls the data held in its tenant. Rights requests relating to that data should be directed to your organisation in the first instance.

To exercise your rights in relation to data we hold directly (for example, an enquiry you submitted), please contact us at privacy@iunderwrite.com. We will respond within the timeframes required by applicable law — generally within 20 working days under the NZ Privacy Act 2020.

You may also lodge a complaint with the Office of the New Zealand Privacy Commissioner at privacy.org.nz, or with the Office of the Australian Information Commissioner at oaic.gov.au.

Cookies

Our marketing website uses a minimal set of cookies. We do not use advertising, retargeting, or social-media tracking cookies.

The cookies we use fall into two categories:

  • Strictly necessary cookies. These are set by our web framework for session management and CSRF protection. They are required for the site to function and cannot be disabled.
  • Analytics cookies. We use privacy-respecting analytics to understand aggregate traffic patterns — for example, which pages are most visited. Analytics data is anonymised and is not used to build individual profiles or shared with advertising networks.

You can opt out of analytics cookies at any time by adjusting your browser’s cookie settings or by using your browser’s private/incognito mode. Most modern browsers also support the Global Privacy Control (GPC) signal, which we honour.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the platform, or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify customers directly by email or in-platform notice.

We encourage you to review this policy periodically. Continued use of our website or the iUnderwrite platform after changes are published constitutes your acknowledgement of the updated policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle personal information, please contact us:

  • Email: privacy@intelligentlife.co.nz
  • Post: Privacy Officer, Intelligent Life Limited, Campus 261, Building 730, Level 2, 261 Morrin Road, St Johns, Auckland 1072, New Zealand

We take privacy enquiries seriously and will acknowledge your contact promptly.