Akahu Policies

last Updated: 8 November 2021

Akahu’s purpose is to give consumers control of their data. We want to work with reputable third party developers who deliver on that purpose through their products.

Akahu Policies set our expectations of minimum standards for developers that use our services. Accredited developers must:

Note: We update our policies from time to time. If we update or create a new a policy, we will notify accredited developers by email. If you are required to comply with Akahu Policies (as an accredited developer or as a provider of a service that integrates with an accredited developer and interfaces with consumers) you can object to the change by notifying us in writing at hello@akahu.nz within 14 days of the date that we notify accredited developers of the change. If you object to a change, we will discuss your concerns with you and use reasonable endeavours to resolve the issue. However, this does not relieve you from any contractual obligations to comply with the updated Akahu Policies.

Consumer Information Policy

We want to ensure that consumers are well informed when making decisions about how to connect and derive value from their data.

To become an accredited developer, we require a dedicated page on your website to explain the relationship between your product and Akahu, and provide enough detail for consumers to choose whether they see value in connecting their data to your product via Akahu. This guide outlines the requirements for the page, which must be discoverable from the navigation on your site.

Describe your product

Describe your value proposition. Clearly explain the problem your product solves and/or the specific benefits it delivers.

Describe the way your product uses Akahu

Describe the benefits your customers will get from connecting their accounts to your product through Akahu.

Describe whether the connection is one-off or ongoing.

Describe any data that you collect, and how you use it.

About Akahu

Include this description of Akahu, along with a clear Akahu logo:

About Akahu

Akahu is an open finance platform, focussed on New Zealand.

Akahu makes it simple to connect your accounts to trusted products. If you choose to connect accounts via Akahu, you can manage those connections at my.akahu.nz.

Find out more about Akahu here. [include a link to akahu.nz]

Privacy and Security Policy

You must ensure that any data exchanged via Akahu or held in your systems are processed and stored securely. Below are the minimum standards that we expect.

OWASP Top 10

All relevant risks identified in the OWASP Top 10 list are appropriately addressed.

CIS Controls

All relevant controls identified in the CIS Controls list are appropriately addressed.

Pen test by an external expert

Provide evidence to Akahu of a relevant and competent penetration test.

We strongly recommend that you undertake an external penetration test at least every 12 months during your accreditation.

Review of Privacy Notice

Akahu will review your Privacy Notice to check that the intended use of Akahu is described.