KiwiScan is built to help New Zealanders check suspicious messages while collecting as little information as possible. This policy explains what we collect, what we don’t, and how to use KiwiScan safely.
Do not paste passwords, one-time codes (OTPs), card PINs, full card numbers, or full bank login details. Replace personal details with placeholders like NAME, ADDRESS, EMAIL.
See: Privacy & safe use.
KiwiScan provides scam-risk guidance based on text you submit (and optional uploads, like screenshots). We aim to be privacy-first by default and to minimise personal data collection.
When you use the KiwiScan tool, you may submit message text (for example, an SMS, email snippet, or a link). You may also upload a screenshot if you choose. The content you submit may contain personal information if you include it — for that reason we strongly recommend redacting or replacing personal data before submitting.
Like most websites, KiwiScan may collect basic technical information needed for security and performance, such as IP address, device/browser type, and approximate timestamps. This data may be processed by hosting providers, security tooling, and analytics (if enabled).
If you contact KiwiScan, we collect the information you provide (such as your email address and message) so we can respond.
If you accidentally submit sensitive information, treat it as compromised and follow the relevant safety guide.
KiwiScan may use automated processing to help interpret scam patterns and produce human-readable explanations. Deterministic (rules-based) checks are used to detect high-risk indicators such as links, payment prompts, credential requests, and install/download attempts.
If AI processing is used for summarisation or wording, it is intended to assist clarity and does not replace official advice. Always verify through official channels.
KiwiScan may rely on third-party infrastructure to operate (for example: web hosting, email delivery for alerts, and optional analytics). These providers may process limited technical data to deliver their services.
We do not share your submitted content publicly. We may disclose information if required by law or to protect KiwiScan and its users from fraud, abuse, or security threats.
KiwiScan aims to retain data only as long as necessary for operation, security, and troubleshooting. Retention periods may vary depending on logs, backups, and security tooling.
If you contact us, we may retain correspondence as needed to manage the request and maintain service quality.
KiwiScan may use cookies or similar technologies for basic site function, security, and (if enabled) analytics. Analytics helps us understand traffic and improve performance, but it should not require you to create an account.
You can control cookies via your browser settings. Blocking cookies may affect some site features.
You can choose what you submit. We strongly recommend redacting personal information before scanning. If you believe KiwiScan holds personal information about you through a contact request, you can ask us to correct or delete it, subject to legal and operational requirements.
For requests, use the Contact page.
We take reasonable steps to protect KiwiScan and user submissions from unauthorised access. However, no method of online transmission or storage is perfectly secure. Use KiwiScan as a guidance tool and avoid submitting sensitive data.
KiwiScan is designed for general audiences. If you are a parent/guardian and believe a child has submitted personal information through KiwiScan, contact us and we will take reasonable steps to address it.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.
Questions or concerns? Use the Contact page.