Last Updated: February 19, 2026

Owner: Libretto Compliance Officer

Privacy Policy

At Libretto, we are committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with the New Zealand Privacy Act 2020.

1. Information We Collect

We only collect personal information that is necessary for the lawful purpose of providing export documentation and trade facilitation services. This may include:

  • Contact Details: Full name, business email address, and phone number.
  • Business Information: Company name, NZBN/Client Code, and industry sector.
  • Shipment Metadata: Consignee details, origin/destination data, and commodity descriptions required for MPI certificates.
  • Portal Credentials: User IDs and passwords used to access the secure Libretto Portal.
  • Usage Data: IP addresses, browser types, and activity logs within the portal for security and auditing.

2. How We Use Your Information

Your information is used to facilitate global trade and ensure regulatory compliance. Specifically, we use it to:

  • Process Documentation: Prepare MPI E-Certificates, Certificates of Origin, and commercial invoices.
  • Liaise with Authorities: Act as your agent when submitting documentation to the Ministry for Primary Industries (MPI) and NZ Customs.
  • Secure Portal Access: Manage your account and provide real-time shipment tracking.
  • Billing & Payments: Generate invoices for payment via Wise bank transfer.
  • Notifications: Send critical status updates regarding your shipments (e.g., "Awaiting Client Action").

3. Data Disclosure & International Transfers

We do not sell your personal information. We only disclose information to:

  • Regulatory Bodies: MPI, NZ Customs, and international customs authorities as required to clear your goods.
  • Overseas Recipients: Under Information Privacy Principle 12 (IPP 12) , if we disclose data to an overseas party (such as a foreign customs agent), we ensure they are subject to comparable privacy safeguards or that you have authorised the disclosure.
  • Service Providers: Third-party tools like Supabase (data storage) and Resend (email notifications) which adhere to strict security standards.

4. Security & Retention

  • Protection: We use Bank-grade security and Supabase Row Level Security (RLS) to ensure clients only see their own data.
  • Audit Trails: All access to sensitive documents is logged for compliance and security monitoring.
  • Retention: We retain documentation for at least 7 years as required by New Zealand trade and tax regulations.

5. Your Rights

Under the Privacy Act 2020, you have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Ask us to correct any information that is inaccurate.
  • Complaint: If you are unhappy with how we handle your data, you may contact our Privacy Officer at privacy@libretto.co.nz or lodge a complaint with the Office of the Privacy Commissioner .

6. Cookies & Tracking

Our website uses cookies to maintain your portal session and provide a smooth user experience. You can manage cookie preferences through your browser settings.

Questions About Privacy or Data Protection?

We're committed to transparency and protecting your information. Contact us for more details.

Contact Us