OpsNest Privacy Notice

OpsNest Privacy Notice

PUBLIC PRIVACY NOTICE | Website and enquiry form version | v1.0 | May 2026


1. Who we are

OpsNest is a New Zealand property service coordination business operated by Kyle Lawson, sole trader, trading as OpsNest.

OpsNest coordinates non-construction property turnover services such as cleaning, carpet cleaning, rubbish removal and related non-construction turnover support. OpsNest does not coordinate construction, building, structural, licensed trade, asbestos, meth remediation, hazardous-waste, sewage, serious biohazard or other excluded specialist work at launch.

2. What this notice covers

This notice explains how OpsNest collects, uses, stores, shares, protects, retains and deletes personal information. It applies to clients, prospective clients, property managers, landlords, property owners, tenants or occupants where relevant, contractors, contractor applicants, advisers, service providers and people who contact OpsNest through the website, forms, email, phone, SMS, OpsNest-approved evidence system/process, Xero or other business channels.

3. Information we may collect

  • Client and enquiry information: names, email addresses, phone numbers, company or property-management details, quote requests, billing details, communications, complaints and rework requests.

  • Property and job information: property address, job address, property type, requested services, access method, site contacts, timing, known hazards, job notes, checklists and completion evidence.

  • Access and security information: lockbox details, smart-lock or gate codes, alarm or entry instructions, key pickup instructions, agent access details, parking instructions and client-present access arrangements.

  • Contractor and contractor applicant information: names, contact details, business or trading name, service areas, services offered, experience, availability, equipment, references where requested, insurance evidence or certificates of currency where required, MOJ check status where required, agreement records, onboarding records, job assignment notes, payment details, GST/tax/withholding information where required, performance records, issue records and compliance records.

  • Finance and adviser information: invoice records, payment records, accountant or lawyer correspondence, insurance records, tax/accounting information, bank reference information and adviser notes.

  • Incidental third-party information: tenant, occupant, neighbour, site contact, agent, referee or other third-party information where genuinely relevant to quoting, access, safety, contractor onboarding, complaints, disputes or recordkeeping.

4. How we collect information

OpsNest may collect information directly from you, from your authorised representative, or from another person or organisation where that is reasonably needed for the job or business relationship. At launch, the website uses a Squarespace native combined contact / quote request form. If Google Sheet capture or backup is connected, it will only be used if tested and approved.

  • website contact / quote request forms

  • email, phone calls, SMS and business communications

  • OpsNest-approved evidence system/process job records, notes, checklists and job evidence

  • Xero quote, invoice and finance records

  • client-provided information and, after enquiry, any photos or supporting information requested for quoting or job coordination

  • contractor-provided documents, insurance evidence and MOJ status evidence where required

  • property managers, landlords, agents, advisers, authorised representatives or contractors where relevant.

OpsNest does not use public website photo uploads at initial launch. If photos are needed after an enquiry, OpsNest may ask for them through an appropriate approved process. Job photos and completion evidence should sit mainly in OpsNest-approved evidence system/process once a job exists. Serious exceptions or evidence may be saved in Google Drive where needed.

5. Why we use information

  • responding to enquiries and quote requests

  • preparing, sending and managing quotes

  • assessing property, access, safety and job requirements

  • confirming job scope, timing, contacts and access details

  • scheduling and coordinating independent contractors

  • managing job delivery, checklists, notes, photos and completion evidence

  • issuing invoices, tracking payment and maintaining accounting records

  • managing contractor applications, onboarding, vetting, job assignment and payment records

  • checking contractor insurance evidence, certificates of currency, approved service types, access-device or key/code exposure, and contractor suitability before assigning client-property work

  • handling complaints, rework requests, disputes, incidents, hazards, insurance-related issues or adviser review

  • meeting tax, accounting, legal, safety, insurance, privacy, adviser and recordkeeping obligations

  • protecting OpsNest, clients, contractors, property, access information and business records.

OpsNest does not use personal information for unrelated purposes unless the person has authorised it or the law allows or requires it.

6. Information about other people

You may provide information about another person, such as a tenant, occupant, agent, site contact, contractor referee or property contact. Please make sure you are authorised to provide it and, where practical, tell that person that you have provided their information to OpsNest for quoting, access, job coordination, safety, complaint, invoice or recordkeeping purposes.

From 1 May 2026, New Zealand privacy law includes an indirect collection notification rule. Where OpsNest collects personal information about someone indirectly, OpsNest will take reasonable steps to notify that person unless an exception applies.

7. Job photos, evidence and marketing use

OpsNest may collect job photos, notes, checklists and completion evidence for quoting, scope assessment, access confirmation, completion checks, contractor review, complaint handling, rework decisions, safety reporting, dispute management, insurance/adviser review and recordkeeping.

Job photos and evidence are business records, not marketing assets. OpsNest will not use identifiable client property photos, before/after photos, occupant details, contractor details or job information for public marketing unless appropriate permission has been obtained and privacy or sensitive details have been checked first.

At launch, OpsNest will not use public before/after job photos for marketing.

8. Property access information

Property access information may include lockbox codes, smart-lock codes, gate codes, alarm instructions, keys, agent contact details, parking instructions or client-present access arrangements. Access information is security-sensitive.

OpsNest does not collect or share final lockbox, smart-lock, alarm, gate or key access details until the job is accepted or scheduled and the contractor has passed the required onboarding, insurance and access-risk checks.

Job-specific access details should be recorded mainly in OpsNest-approved evidence system/process job notes. Email or SMS may be used where practically necessary for operational coordination, but not as the main long-term record. Google Drive is not routine storage for access codes. Bitwarden is for long-term business account and security credentials, not routine job access details unless there is a specific reason.

9. Who we may share information with

OpsNest shares personal information only where reasonably needed for the relevant purpose. This may include sharing relevant information with:

  • independent contractors assigned to or considered for a job

  • clients, property managers, landlords, agents, property owners or authorised representatives involved in a job

  • accountants, lawyers, insurance advisers, insurers, brokers or other professional advisers

  • software providers used by OpsNest, including Squarespace, OpsNest-approved evidence system/process, Xero, Google Workspace, Google Drive and Bitwarden

  • payment, banking, accounting, invoicing or recordkeeping providers

  • regulators, law enforcement, courts, tribunals or government agencies where required or permitted by law

  • other service providers where needed to operate, protect or improve the business.

OpsNest aims to share only the information reasonably needed. For example, a contractor may need the property address, access details, job scope, site contact and safety notes for an accepted job. A contractor should not receive unrelated billing, legal, private or complaint information unless there is a clear reason.

10. How information is stored and protected

OpsNest uses a tool-led operating system. Records should be kept in the approved source-of-truth system and should not be duplicated unnecessarily.

Information type

Main system

Jobs, job notes, photos, checklists and completion evidence

OpsNest-approved evidence system/process

Quotes, invoices, reconciliation and finance records

Xero

Legal documents, adviser records, contractor records and serious exceptions

Google Drive

Passwords, recovery codes and secure account-access records

Bitwarden

Email and business communications

Google Workspace

Website contact / quote request form

Squarespace, with Google Sheet capture/backup only if connected and tested


OpsNest takes reasonable steps to protect personal information, including using business accounts, limiting access to people who need it, using Bitwarden for passwords and recovery codes, using two-factor authentication where available, avoiding unnecessary duplication, and removing unnecessary local copies once the approved business record has been saved.

11. MOJ / criminal record check information

OpsNest may require contractors to provide evidence of their own self-requested Ministry of Justice criminal record check before onboarding or continued job allocation. The launch-stage rule is that the check should be dated within 90 days before onboarding unless OpsNest approves another timeframe.

The launch default is status-only recording: whether a check was provided, the date of the check, the date reviewed, the review status and any follow-up required. OpsNest does not retain a full MOJ copy by default unless there is a clear operational, legal, adviser, insurance, dispute or risk-management reason to do so.

OpsNest will not ask a contractor to provide more criminal record information than is reasonably required for onboarding, property access, client trust, safety, insurance or risk-management purposes. OpsNest will not ask for a full conviction history unless there is a clear lawful reason and legal or privacy advice supports the request.

12. Retention and deletion

OpsNest keeps personal information only for as long as it is needed for the purpose it was collected, unless longer retention is required or justified for legal, tax, accounting, insurance, safety, dispute, contract, adviser or recordkeeping reasons.

Record type

Retention approach

Normal job records/photos

Keep in OpsNest-approved evidence system/process for business and evidence needs. Do not duplicate into Drive routinely.

Tax/accounting records

Keep in Xero for at least 7 years or longer if required by law or adviser guidance.

Contractor agreements and insurance records

Keep while active and for a reasonable post-engagement legal, insurance or dispute period.

MOJ full copies

Do not retain by default. If retained for a justified reason, restrict access and delete when no longer needed.

MOJ status records

Keep while the contractor is active and for a reasonable post-engagement risk/legal period.

Access codes

Delete, deactivate, restrict or stop using once no longer needed, unless retention is justified for recurring work, evidence, dispute, safety or recordkeeping.

Serious disputes, H&S, privacy or insurance incidents

Keep a controlled evidence record for the period reasonably needed for legal, insurance, adviser, safety, privacy or dispute purposes.


13. Access and correction requests

You can ask to access personal information OpsNest holds about you. You can also ask OpsNest to correct personal information if you believe it is inaccurate, incomplete or out of date.

OpsNest may need to confirm your identity before releasing or correcting information. OpsNest will respond within the timeframe required by New Zealand privacy law, usually no later than 20 working days after receiving the request.

14. Privacy breaches

A privacy breach may include personal information being lost, accessed by the wrong person, sent to the wrong recipient, disclosed without authorisation, altered without authorisation, or exposed through a compromised device, account, tool or communication channel.

If OpsNest becomes aware of a suspected privacy breach, OpsNest will take reasonable steps to contain the issue, identify what information is involved, identify who may be affected, assess whether serious harm has occurred or is likely, seek advice where needed, notify affected people and/or the Privacy Commissioner where required, record the decision and take corrective action.

If there is an immediate risk to personal safety, emergency services should be contacted first.

15. Overseas storage and cloud providers

OpsNest uses or may use reputable third-party software providers such as Squarespace, OpsNest-approved evidence system/process, Xero, Google Workspace, Google Drive and Bitwarden. Some personal information may be stored, processed, backed up or supported using services or infrastructure outside New Zealand.

OpsNest will take reasonable steps to use reputable providers, restrict access appropriately, keep business accounts secure and review provider terms where needed before relying heavily on a tool.

16. Marketing communications

At launch, OpsNest sends operational messages only. This includes quotes, jobs, access, invoices, complaints, contractor onboarding and necessary service communications. OpsNest does not operate a separate marketing email or text list at launch.

17. Contact OpsNest about privacy

Privacy contact: Kyle Lawson

Email: hello@opsnest.co.nz

Phone: 021 101 2238

OpsNest is operated by Kyle Lawson, sole trader, trading as OpsNest.