Privacy Policy

We collect personal information so we can run the Subby Hub platform — connecting trades businesses with each other for work. Specifically, we collect what we need to:

• Create and manage your account
• Show your profile to other trades on the platform
• Match you with relevant jobs and subcontractors
• Let businesses and subbies communicate about work
• Improve, secure, and maintain the platform

We only collect what's necessary for those purposes. We don't collect information for advertising and we don't sell your data to anyone.

Information you give us directly when you sign up, build a profile, post jobs, apply for work, or message someone:

• Name, email address, phone number
• Business name, NZBN, website
• Trade type, region, crew size
• Profile bio, availability status, photos
• Credential documents (insurance certificates, training registers, qualifications)
• Job listings and applications

Information collected automatically when you use the platform:

• Device type, browser, and approximate IP-based location
• Pages and listings you view, searches you run, and similar usage activity
• Login times, session cookies, and basic security logs

You don't have to give us everything we ask for, but some information is required to use Subby Hub. If you don't provide:

• Email and password — you can't create or log into an account.
• Trade and region — your profile won't appear in the directory or recommendations.
• Insurance or training documents — your profile won't show those credential badges, which may make businesses less likely to hire you.

We use your information to:

• Run your account and the platform itself
• Show your profile to other logged-in users
• Recommend jobs, subbies, and matches based on your profile, trade, region, and activity
• Send you transactional notifications (e.g. when someone applies to your job, or accepts your application)
• Improve features, fix bugs, and keep things secure
• Comply with our legal obligations

We've split your information into three buckets so you know exactly what's visible:

• Your public profile — name (or business name), trade, region, bio, photos, availability status, certification badges, and reviews. Visible to any logged-in user on the platform.
• Your private account info — login email, password (never visible to anyone, including us — passwords are hashed), and personal email used for notifications. Not shown on your profile.
• Your phone number — currently shown on your profile to logged-in users so they can contact you about work. If you don't want it shown, leave it blank in your profile.
• Uploaded credential documents — only accessible to logged-in users who open your profile to view them. Not public to the open web.
• Messages and applications — visible only to the parties involved (you and the other user) and to Subby Hub administrators if needed for support or moderation.

Subby Hub shows you recommended jobs and subbies based on the trade, region, and other details on your profile, plus your activity on the platform (jobs you've viewed, applications you've sent). This is a simple rule-based match — we're not running automated decision-making that produces legal or significant effects on you. You can always browse the full job board or directory if the recommendations don't suit.

We use a small number of essential cookies and browser local storage items to:

• Keep you logged in across page loads
• Remember UI preferences (e.g. tour completion, search filters)
• Detect and prevent abuse

We don't use advertising cookies, third-party tracking pixels, or analytics that profile you. We don't sell or share data with ad networks.

We rely on a small number of trusted services to run the platform. These have their own privacy policies which apply when they handle your information:

• Supabase — database, authentication, and file storage
• Vercel — website hosting and deployment
• Google — optional sign-in via Google OAuth
• Email delivery providers — for sending transactional emails (e.g. account verification, password resets)

We only share with these providers what's needed to deliver each service.

Your data is stored on cloud infrastructure operated by our service providers (primarily Supabase, hosted on AWS, and Vercel). This means some of your information may be stored or processed on servers located outside New Zealand — including in Australia, the United States, or the European Union, depending on the provider's region.

Wherever it's stored, we require providers to apply reasonable safeguards consistent with the Privacy Act 2020, including encryption in transit and at rest, access controls, and contractual data-protection terms.

We use reasonable technical and organisational measures to protect your information, including:

• HTTPS encryption for all traffic
• Encryption at rest for stored data
• Hashed (one-way encrypted) passwords — even we can't read them
• Row-level access controls so users can only see what they're allowed to
• Private storage buckets for credential documents
• Logging and monitoring of suspicious activity

No system is 100% secure. We recommend you don't upload documents containing more personal information than you need to (for example, redact unrelated personal details from insurance certificates before uploading).

We keep your information for as long as your account is active and for a reasonable period afterwards if needed for:

• Legal, tax, or accounting requirements
• Resolving disputes and enforcing our Terms
• Detecting and preventing fraud or abuse
• Routine backups (typically deleted within 90 days of account closure)

When the retention period ends, we delete or anonymise the information.

You can delete your account at any time from your profile settings.

When you delete your account:

• Your profile is removed from the directory immediately
• Your personal information (name, contact details, bio, photos, credential documents) is deleted from our active database within a short period
• Listings and applications you posted may remain in anonymised form so other users' records (e.g. their applications) stay coherent
• Some information may be retained as described in section 11 (legal, security, backup)

If a privacy breach occurs that's likely to cause serious harm — what the Privacy Act 2020 calls a notifiable privacy breach — we will notify both the Office of the Privacy Commissioner and the affected users as soon as practicable, in line with our obligations under the Act.

You have the right under the Privacy Act 2020 to:

• Access the personal information we hold about you
• Correct any information that is inaccurate, incomplete, or out of date

Most of your information is accessible and editable directly from your profile. For anything you can't change yourself, email hello@subbyhub.co.nz. We respond within 20 working days as required by the Act.

We may disclose your information if we're required to by law — for example, in response to a court order, search warrant, or other lawful request from a New Zealand government agency or law-enforcement body.

Outside of legal obligations, we only disclose information to other users in the ways described in section 5, and to our service providers as described in section 8.

We send transactional emails (account verification, password resets, application notifications) as part of operating the platform. These can't be opted out of while your account is active.

If we ever introduce optional marketing emails (e.g. product updates), they will be opt-in and you'll be able to unsubscribe at any time.

Subby Hub is for trades businesses and is not intended for children. You must be 18 years or older to create an account or use the platform.

We don't knowingly collect personal information from anyone under 18. If you become aware that someone under 18 has created an account, please email us and we will remove it.

Subby Hub is a platform that connects independent trades businesses. We are not party to any work agreement between users and we don't employ users or act as a contractor ourselves. We're not responsible for the actions, conduct, work quality, or representations of any user. Any agreement, dispute, payment, or warranty issue is between the parties involved.

You are responsible for the accuracy and legality of the information and documents you provide. That means:

• Only upload documents you have the right to share
• Keep your profile information current and accurate
• Don't impersonate someone else or misrepresent your trade, certifications, or business
• Don't upload anything containing third parties' personal information without their consent

We may update this Privacy Policy from time to time as the platform evolves or to reflect changes in the law. The "Last updated" date at the top will always reflect the current version. For significant changes we'll let users know via email or an in-app notice.

By continuing to use Subby Hub after an update, you accept the revised policy.

If you think we've handled your information wrongly, please contact us first at hello@subbyhub.co.nz so we have a chance to put it right. We'll acknowledge within 5 working days and respond fully within 20.

If you're not satisfied with our response, you have the right to take the matter to the Office of the Privacy Commissioner:

• Website: privacy.org.nz
• Phone: 0800 803 909
• Email: enquiries@privacy.org.nz

For any privacy-related question or request:

hello@subbyhub.co.nz

We respond within 20 working days as required by the Privacy Act 2020.