Privacy policy
We treat the information you give us as something held in trust — kaitiakitanga over data, not just compliance with it. This page is written to be read, not hidden behind.
Who we are
KaiProva is a verification standard for pastoral beef, operated by KaiProva Labs Tāpui Limited (“KaiProva,” “we,” “us,” “our”). KaiProva lets farmers, processors, and buyers record verifiable evidence about the lifecycle of finished beef animals — identity, weighs, transfers, and processing — against a published Protocol.
This policy explains what personal information we collect, why we collect it, how we look after it, who we share it with, where it is held, and the rights you have over it. It applies to both New Zealand and Australian users. If anything here is unclear, email our privacy officer, Daniel Carson, at privacy@kaiprova.com.
What this policy covers
This policy covers the KaiProva website and platform at kaiprova.com and its sub-paths — the public site, the activation pledge form, /app, /admin, and partner pages. It covers the activation pledge (the short pre-launch form by which a farmer registers interest and the scale of supply they could bring), account creation and platform use by farmers and farm-business administrators (and later processor, buyer, and dairy-company users), the operational data uploaded into the platform, and the telemetry we collect to keep the service running and safe.
It does not cover third-party services we link to or that you separately authorise — for example OSPRI’s NAIT system, Gallagher Animal Performance Plus, or AgResearch — each of which runs under its own privacy terms.
What we collect, and why — field by field
Our starting position is to collect as little as we need, and to be able to say why for every field.
3.1 — The activation pledge. The pledge is a short, voluntary form. It is how a farmer tells us they are interested and roughly what scale of dairy-beef supply their operation could bring.
| Field | Why we collect it |
|---|---|
| Email address | To confirm your pledge, send your regional visibility summary, and — only if you opt in — occasional KaiProva updates. It is also how you would later claim a full platform account. |
| Farm name | To label your pledge back to you and avoid counting the same operation twice. Not published. |
| Country (NZ / AU) | To apply the right privacy regime and biosecurity system to your data, and to place your pledge in the correct national tally. |
| Region | To place your pledge on the regional visibility map — which is only ever shown as an aggregate of many operations. |
| Herd size | To estimate the scale of verified-beef supply a region could support. Used only in aggregate. |
| Bobby-calf count | The heart of what KaiProva exists to change — calves currently treated as waste. Used to size the regional opportunity, only in aggregate. |
| Dairy processor / company supplied | To understand which processors and dairy companies a region’s supply flows through, so our engagement conversations with them are informed. A processor or dairy company never sees your individual pledge. |
3.2 — Account, organisation and property records. When you create a full account we collect your account identity (email; and if you use Google sign-in, the name and profile image on that account — we never require a phone number or postal address); your organisation record (organisation name and business identifier — NZBN in New Zealand, ABN in Australia, where supplied); your property records (name, region, and biosecurity identifier — NAIT ID in New Zealand; PIC and NLIS association in Australia — plus any ownership-proof documents you attach); and membership records (each person’s role, invitation status, and Property scope). We collect these because the verification claim is anchored to a legal entity, a real property, and public biosecurity identity — not to a self-declared form.
3.3 — Operational data about animals. Identifiers (visual tag IDs, NAIT- or NLIS-anchored EIDs), date of birth, sex, breed, mob assignments, transfer events, weigh history (date, average liveweight, head count), attrition events, and the upload batches the records arrived in. We use this to apply the Protocol’s eligibility rules and carry a verified claim through to processing.
3.4 — Files you upload. CSVs, weigh-data exports, ownership-proof documents and similar. We store the file content, a hash of the file, the filename, and metadata about who uploaded it and when.
3.5 — Audit log. An append-only record of consequential actions — sign-ups, member invitations, transfers, kill-record closures, settlement events, claim-state changes — each recording the actor, the action, the affected record, and a timestamp. This log is append-only by design: we never edit or delete rows in it, because the integrity of the verification claim depends on it. How this interacts with deletion is set out in section 9.
3.6 — Technical, analytics and abuse-prevention data. Your IP address (to keep the service available and to detect and block abuse — rate-limiting, scraping, and credential-stuffing signals); device and browser information, referring page, pages visited and actions taken (through our analytics provider, PostHog — see section 13); and error and server logs (to diagnose faults).
How we collect it
We collect information directly from you (when you pledge, sign up, create an organisation, add a Property, invite a colleague, or upload a CSV); from devices and integrations you choose to connect (for example Gallagher Animal Performance Plus weigh records when you authorise that integration — integrations are off by default and require opt-in); and automatically through your use of the service (analytics events, audit-log entries, and server logs).
We do not purchase contact lists, scrape farmer data from third parties, or enrol animals on your behalf without your action.
Why we collect it, our purpose and your consent
We collect personal information for the lawful purpose of operating the KaiProva verification standard and the platform that runs it. Specifically, we use it to operate the platform; to verify claims against the Protocol; to build regional visibility and have informed processor conversations (only ever in the aggregated, suppressed form described below); to maintain the audit log; to keep the service available and safe; and to communicate with you about your account and material changes.
Consent and legal basis. In New Zealand we collect and use personal information under the authorised-purpose framework of the Privacy Act 2020. In Australia we rely on consent and the related-purpose tests in the Australian Privacy Principles. Where processing is optional — the Gallagher integration, or marketing updates — we rely on your opt-in consent, which you can withdraw at any time.
We will not use your operational data for marketing. We do not sell personal information. We do not use your operational data, your weighs, your animal records, or any identifiable information about your farm or your animals to train AI models — our own or anyone else’s. Any AI used inside the platform operates only on results we have already computed deterministically; it never sees your raw data and never sends it to an external model provider.
How we publish regional numbers — safely
Pledge data feeds a public regional visibility map and informed engagement with dairy processors and companies. In both cases, your individual pledge is never published and never disclosed to a processor or dairy company.
We only ever show or share aggregate figures, and only for a region once at least five distinct organisations have pledged in it. Below that threshold a region shows a band or “enrolling” — never a number that could be traced back to you. Self-reported pledge numbers and biosecurity-verified numbers are always kept separate and never added together. This is an engineered safeguard, not a courtesy.
Who we share it with
KaiProva runs on a small number of trusted technology providers, under contract. We share data with them only to the extent needed for them to provide their service to us.
| Provider | What they do for us | Where data is held |
|---|---|---|
| Supabase | Database hosting, authentication, file storage | Sydney, Australia |
| Railway | Application hosting (the kaiprova.com server) | United States |
| PostHog | Product analytics and error monitoring | United States (US Cloud) |
| Cloudflare | DNS and edge delivery / caching | Global edge network |
| Google (only if you use Google sign-in) | Identity verification | Google’s global infrastructure |
| Gallagher Animal Performance Plus (only if you connect it) | Weigh-record integration | Gallagher’s infrastructure |
We do not share your personal information for marketing or advertising, or for any purpose other than operating the service — except where you have explicitly authorised us (for example, sharing a verified claim with a named processor or buyer you have a contract with), or where we are legally required to.
What partners see — and no more. A dairy company or processor evaluating regional supply sees aggregate, suppressed figures only — never an identified pledge. A processor scheduled to take an animal sees the cadence and eligibility record for that animal. Auditors, processors, and buyers with a verification reason can see the verified chain of custody for animals they are commercially attached to; under the Protocol’s first-sighting transfer rule, the operator identity on a prior organisation’s weighs is stripped from the view shown to a receiving organisation, with the full chain visible only to roles that have a verification reason to see it.
Where your data is held, and cross-border transfer
The main operational store is Supabase, in Sydney, Australia. For Australian users, this is domestic storage. For New Zealand users, your data is stored across the Tasman. Under the Privacy Act 2020, where an overseas provider holds information solely to store or process it on our behalf as our agent (as Supabase does), that is treated as us continuing to hold the information — not as an “overseas disclosure.” We remain fully accountable for what our providers do, and we bind them by contract to protect your information to standards comparable to the Privacy Act.
Analytics and application hosting use providers in the United States (PostHog and Railway). For both NZ and Australian users this is an offshore transfer. We bind these providers by contract and take reasonable steps to ensure they do not handle your information in a way that would breach the Australian Privacy Principles or New Zealand’s comparable-safeguards expectation; under Australian APP 8 we remain accountable for their handling of your information.
Analytics specifics. PostHog identifies a user by account ID and email only after sign-in; anonymous browsing of public pages does not create a person record. Session replay is on for our marketing pages and the demo (with all form inputs masked) and off on the live /app farmer surface, where real operational data is on screen.
By using KaiProva you acknowledge your information is stored and processed in Australia and the United States as described. If you would prefer your data not be transferred or stored outside New Zealand, contact us before creating an account and we will discuss what is possible.
How long we keep it
Verification-anchored audit-log rows — kill-record ingestion, re-enrolment, cross-Org transfers, Property add/remove, claim-state changes, settlement events — are kept for as long as the verification claim they support has value, which may be indefinite. Rewriting or deleting this history would void the standard.
All other records are kept for a minimum of seven years from creation, after which we may delete or anonymise them. Longer retention applies where a record is referenced by an active contract, an open dispute, or a legal obligation.
Closing your account. If you ask us to close your account, we deactivate it and remove personal information that is not load-bearing for the audit log. Records of verified animals and the audit-log rows that anchor them remain, but we de-identify them against your former organisation wherever we can — so the verification claim stays sound without keeping your personal details longer than needed.
Your rights
Under the NZ Privacy Act 2020 and the Australian Privacy Principles, you can access the personal information we hold about you (NZ IPP 6 / AU APP 12); ask us to correct information that is wrong (NZ IPP 7 / AU APP 13); withdraw consent for optional processing at any time; and complain to us and, if you are not satisfied, to the relevant regulator (see section 17).
To make a request, email privacy@kaiprova.com with the subject line “Privacy request.” We will acknowledge within five working days and aim to respond fully within twenty working days, the maximum the NZ Privacy Act allows for access requests.
Te Mana Raraunga — Māori data sovereignty
KaiProva is operated by a Ngāi Tahu-affiliated business, and the platform’s wider kaupapa (at kaiprova.com/kaupapa) treats a supply chain as a weave of relationships to be held whole, not flattened to a number. In the language of Te Mana Raraunga (the Māori Data Sovereignty Network), we acknowledge that:
- Whānau, hapū, and iwi have rights and interests in data that originates from their lands, animals, and people.
- Data about a Māori farming entity sits within a wider system of authority and responsibility; we will work with Māori farming operators so those interests are recognised in how the data is used.
- Where a Māori operator participates in KaiProva, we will engage in good faith on data-handling arrangements that reflect kaitiakitanga over the data — how, where, and for how long it sits.
We expect this section to deepen as our engagement with iwi and Māori farming operators matures.
How we look after your information
We hold ourselves to an internal security posture. In practice: all connections are over HTTPS; sign-in uses Supabase magic-link or Google sign-in (we never see your Google password); every request that touches operational data is scoped to your organisation before it reaches the database, with a second isolation check at the database layer; webhooks from integration partners are cryptographically signed; service-level credentials are server-side only and never exposed to your browser; and every consequential action is recorded in the append-only audit log.
We do not currently hold SOC 2 or ISO 27001 certification. We operate to a posture aligned with what such certification would require, and expect to pursue formal certification when buyer contracts make it relevant.
Cookies, analytics and session replay
KaiProva uses a small number of cookies and similar technologies, and the PostHog analytics service, to keep the site working, keep it secure, and understand how it is used.
- Essential cookies keep you signed in and keep the service secure. The site does not work without them.
- Analytics (PostHog) records pages visited, actions taken, device/browser type, and approximate location from IP. On public/marketing pages and the demo, session replay is on, with all form inputs masked — we do not capture what you type. On the signed-in
/appsurface, session replay is off. - We do not use advertising or cross-site tracking cookies.
If something goes wrong — data breaches
If we become aware of a privacy breach that is likely to cause serious harm, we will notify the affected individuals and the relevant regulator as soon as practicable. In New Zealand, that is the Office of the Privacy Commissioner under the Notifiable Privacy Breach scheme in the Privacy Act 2020 — the Commissioner’s guidance is to notify within about 72 hours of becoming aware. In Australia, that is the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme, where the breach is likely to result in serious harm.
If you suspect a breach involving your data, email privacy@kaiprova.com with the subject line “Suspected breach” and we will investigate.
Children
KaiProva is built for farm businesses and is not directed at people under 16. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.
Changes to this policy
This policy is v1.0, in force from 30 May 2026. We will update it as the platform matures. Material changes — anything that changes what we collect, what we use it for, or who we share it with — will be notified to account holders by email at least fourteen days before they take effect. Minor wording changes are reflected in the version number and effective date at the top of this page. A change log will be maintained at kaiprova.com/privacy/changes.
Contact
Privacy officer: Daniel Carson
Email: privacy@kaiprova.com
Post: KaiProva Labs Tāpui Limited, Kakanui, North Otago, New Zealand
Regulators:
- New Zealand — Office of the Privacy Commissioner (OPC): privacy.org.nz
- Australia — Office of the Australian Information Commissioner (OAIC): oaic.gov.au