Privacy

Privacy Policy (myLFR)

Effective date: 15 April 2026

Back to home

This Privacy Policy explains how myLFR Limited ("myLFR", "we", "us", "our") handles, uses, stores, and shares personal information when you use the myLFR website and application (the "Service").

This Service is intended for use in New Zealand by authorised staff of Licensed Fish Receivers (LFRs).

If you have questions or want to exercise your privacy rights, contact us at: admin@mylfr.co.nz

Scope

myLFR is a tool to help with record keeping and preparing Licensed Fish Receiver Returns. In order to provide you with these services, our systems need to handle, store and share your information.

This policy applies to personal information we handle through the Service, including when you create an account, create or join an LFR workspace, and use the dashboard features.

What personal information we handle

We handle the information you choose to provide, along with information created through your use of the Service.

Account and authentication information

  • Email address (used for your account login and account communications such as password resets)
  • Account identifiers (such as your database user ID)
  • Passwords are processed by our authentication provider.

LFR workspace and business information you enter

Depending on the features you use, you may add:

  • LFR/workspace details (for example: LFR or business name, client number)
  • Business address details (including street address components, suburb, city and postcode)

Operational record-keeping information you enter

The Service is a record-keeping and return-preparation tool. Within your workspace, you may enter and manage:

  • Permit holder ("fisher") details (for example: names and permit numbers)
  • Vessel details (for example: vessel names and numbers)
  • Landing and return-preparation records (for example: landing dates, invoice numbers, fishstock codes, greenweight totals, monthly summaries)

Team and access management information

If you manage workspace access, the Service records:

  • Team member details (workspace roles such as owner/editor/viewer, and member email addresses)
  • Invite information (invited email, role, invite status, expiry information)

Version history and change history

To help keep records accurate, resolve issues, and show how changes were made, the Service keeps:

  • Version history for certain records (for example, snapshots of landing records saved over time)
  • Change history within a workspace, which may include who made a change, when it was made, and earlier and updated values for certain records

Address search

When you use address autocomplete, your search text is sent to our address lookup provider so it can return matching suggestions. The selected address details you confirm are stored in your workspace profile.

Website and Service analytics

We use Google Analytics to understand general usage of the website and Service. This may include information such as pages viewed, device and browser type, referring pages, approximate location, and how features are used. We do not configure Google Analytics for advertising cookies or ad personalisation.

How we use personal information

We use personal information to:

  • Provide and operate the Service (including creating accounts, authenticating users, and enabling workspace features)
  • Keep the Service working well and improve it over time, including troubleshooting and maintaining accurate records
  • Manage workspaces, invites, and role-based access controls
  • Support record-keeping, summaries, and exports requested by you
  • Communicate with you (for example, password reset emails, important service messages, and responding to support/privacy requests)
  • Help protect the Service from misuse and fraud, such as automated sign-up attempts

How we share personal information

We treat information stored in myLFR as confidential. myLFR staff may access basic account and workspace information where needed to operate the Service, but do not access customer operational records, such as landing records or other commercially sensitive business records, unless you ask us to, access is necessary to provide support or resolve a service issue, or access is required or permitted by law.

We use trusted service providers to help operate myLFR, including providers for authentication, database and website hosting, email delivery, bot protection, and address lookup. These providers handle personal information only as needed to provide services to myLFR.

We do not sell your personal information. We only disclose personal information to other third parties where this is described in this policy, needed to provide the Service, required or permitted by law, or necessary to protect safety, prevent serious wrongdoing, or enforce legal rights in accordance with the Privacy Act 2020.

Data storage and location

Your Service data is stored using cloud infrastructure located in Singapore. We do not store user data on our own separate servers other than within the Service and providers listed above. Exports (such as excel spreadsheets and PDF files) are generated for you to download and are stored locally on your device once downloaded.

Data retention

Workspace owners can permanently delete a workspace from within the Service, which deletes all workspace data.

Your rights and choices

You can access and update much of your information through your account within the Service (for example, workspace details and operational records).

You may also contact us at admin@mylfr.co.nz to request:

  • Access to personal information we hold about you and your workspace (note: the information we hold is generally available to you through your account)
  • Correction of personal information
  • Deactivation of your account or removal of your access to a workspace
  • Deletion of personal information

To help protect your information, we may ask that requests come from the email address linked to your account or ask you to confirm account details before we act on a request.

Security

We take reasonable steps to protect personal information, including:

  • HTTPS encryption in transit
  • Role-based access controls within workspaces (owner/editor/viewer)
  • Row-level security controls in our database
  • Password reset via email through our authentication provider

Please keep your login details confidential and use the Service securely.

Cookies and local storage

The Service uses essential storage (such as browser local storage) to support core functionality (for example, keeping you signed in and improving performance through caching). We may also use analytics cookies or similar tools through Google Analytics to understand overall usage and improve the Service. We do not use advertising cookies.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective date" at the top and, where appropriate, provide additional notice within the Service.

Contact us

If you have questions, concerns, or requests about privacy, contact:

myLFR Limited

Email: admin@mylfr.co.nz