Privacy Policy.

1. The short version

• We collect only the personal information we need to run the platform on your behalf.
• We use Google or Apple to verify your identity at sign-in. We do not store passwords.
• We host data on Supabase (Sydney region). We send transactional email through Resend. We process subscription payments through Stripe. We capture application errors through Sentry. We serve the website through Vercel.
• We do not sell personal information. We do not share it with advertisers. We do not use it to train external machine-learning models.
• You can export and delete your data from inside the app. Most of your rights under the NZ Privacy Act 2020 are available to you directly from your account settings.

2. Who this policy applies to

This policy applies to anyone who creates an account on Locum (whether as a locum or as part of an employer organisation) and to anyone who visits a Locum page that collects information (for example, the waitlist form on /locums/waitlist).

If you are using Locum on behalf of an employer organisation, you remain the data subject for your own personal information (your name, sign-in email, role, etc.); the employer is responsible for the organisation-level data it submits.

3. Personal information we collect

We collect the categories of personal information below. Some are required to use the platform; others are optional and clearly marked as such when you submit them.

We do not collect:

• Bank account numbers, IRD numbers, or other financial identifiers other than as part of an invoice you choose to author (and which we transmit on your behalf to the recipient you nominate). We do not store standalone copies of these identifiers beyond the invoice record.
• Sensitive health information about you.
• Information from sources outside the platform (we don't profile you from other websites or buy data from data brokers).

4. Why we collect it

We collect personal information for the following purposes, and we use it only for those purposes:

• To run your account — sign you in, render your profile, route notifications, deliver email.
• To match locums with employers — surface relevant shifts to you, render relevant applicants to employers.
• To generate and deliver invoices on your behalf as a locum.
• To process subscription payments from employers (via Stripe).
• To meet legal record-keeping obligations including tax, employment-related record retention applicable to invoices, and the maintenance of an immutable audit trail of admin actions.
• To protect the platform from abuse, fraud, and security incidents.
• To improve the platform through error monitoring and aggregate, non-identifying usage analysis.

We rely on the following lawful bases under the NZ Privacy Act 2020:

• Performance of a contract — most personal information is necessary to provide the platform you have signed up for.
• Your consent — for optional fields (photo, secondary contact info, marketing emails where applicable).
• Legitimate interests — preventing fraud, improving the platform, maintaining audit logs.
• Legal obligation — record-keeping required by New Zealand law.

5. OAuth sign-in (Google and Apple)

We use Google Sign-In and Sign in with Apple as our identity providers. When you sign in:

• The provider sends us your name, email address, and a verified-identity token. No password is ever transmitted to us.
• We do not see your Google or Apple password.
• We store the email you signed in with (we treat it as your contact email unless you change it).
• You can revoke our access to your Google or Apple identity at any time from your provider's account settings. This will not delete the data we already hold; use the account-deletion flow in §10 for that.

6. Service providers (sub-processors)

We use the following service providers to deliver the platform. Each is a “sub-processor” — they process your personal information on our behalf, only for the purposes we specify, and under contract.

We do not transfer your personal information to any other party except (a) where you direct us to (e.g. when you email an invoice to an employer or share a document), (b) to comply with a lawful request from a New Zealand law-enforcement or regulatory body, or (c) in the unlikely event of a business transfer (acquisition, merger), in which case the acquiring entity inherits this policy.

7. Data storage and international transfers

Your personal information is stored primarily on Supabase infrastructure in Sydney (Australia). Email, error monitoring, and payment-processing partners hold data in the United States. By using the platform you consent to these international transfers. Each sub-processor in §6 is contractually bound to industry-standard security and data-handling practices.

8. Data retention

The retention windows above are minimums; we may retain longer if required by law, for the resolution of a dispute, or for enforcement of these Terms.

9. Security

We take reasonable steps to protect personal information against loss, misuse, and unauthorised access:

• Sign-in via Google or Apple OAuth (no password storage; no email/password attack surface).
• TLS 1.2+ for all data in transit.
• Row-level security in the database, scoped per user.
• Service-role access restricted to platform-internal jobs (we never expose service-role credentials to a browser).
• Personally-identifiable fields redacted from error reports before they leave the application.
• A small developer team (one person) with a strict pre-commit checklist (typecheck, tests, security review).

No security measure is perfect. If we become aware of a breach that materially affects you, we will notify you and the New Zealand Privacy Commissioner as required by the NZ Privacy Act 2020.

10. Your rights

Under the New Zealand Privacy Act 2020 you have the right to:

• Know what we hold about you (IPP 6). Use /employee/you/delete/export (locums) or /employer/[org]/export (employer owners) to download a complete machine-readable bundle.
• Correct it if it's wrong (IPP 7). Most fields are editable in-app; the rest you can request via email.
• Have us delete it. Use the account-deletion flow in /employee/you/delete or /employer/settings/danger. See §8 for what we are legally required to retain.
• Withdraw consent for optional uses (photo, optional contact info) by removing those fields from your profile.
• Complain. You can complain to us via support@locum.now or to the Office of the Privacy Commissioner of New Zealand (privacy.org.nz).

We will respond to access and correction requests within 20 working days as required by the Privacy Act 2020. There is no charge.

11. Cookies and local storage

We use a small number of cookies and local-storage items strictly necessary to run the platform:

• Authentication session (Supabase) — to keep you signed in.
• CSRF token — to protect form submissions.
• Theme / preference flags — your visual preferences.

We do not use third-party advertising cookies, tracking pixels, or cross-site analytics. The website does not need a cookie banner under New Zealand law for the cookies we use; we mention them here for transparency.

12. Children

The platform is not directed at people under 16 years of age. We do not knowingly collect information from anyone under that age. If you believe a child has signed up for the platform, please contact us so we can remove the account.

13. International users

The platform is currently available only to people working in New Zealand and to organisations operating in New Zealand. If you access it from elsewhere, you do so at your own initiative and you are responsible for compliance with any applicable local law.

14. Changes to this Policy

We will update this Privacy Policy as the platform evolves and as the law changes. The “Last updated” date at the top reflects the most recent change. We will email registered users when a change is material; minor changes will be posted to this page only.

15. Contact

Questions, access requests, correction requests, or complaints: