Privacy Policy
Last Updated: April, 2026
My Shout Limited (company registration number 9429047968370), a company registered in New Zealand, trading as Passform ("Passform", "we", "us", "our") is committed to protecting your privacy and handling personal information responsibly.
This Privacy Policy explains how we collect, use, store, share, and protect personal information in connection with our website (passform.io), our platform, and our services. It applies to:
Customers who register for and use the Passform platform (including business contacts, account holders, and administrators);
Visitors to our website; and
End Users whose personal information is processed through the Platform on behalf of our Customers.
This policy is framed in accordance with the New Zealand Privacy Act 2020 ("NZ Privacy Act") and, where applicable, the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK GDPR.
1. Who We Are
Passform is a B2B digital wallet platform that enables businesses to create, manage, and scale digital wallet passes using Apple Wallet and Google Wallet. We provide SaaS software, API access, and related services to business customers.
For the purposes of privacy law:
We are the data controller for personal information we collect directly from Customers and website visitors.
We act as a data processor (or service provider) for personal information that our Customers collect from their own End Users and process through the Passform Platform.
For questions about this policy or your personal information, contact us at hello@passform.io.
2. Information We Collect
2.1 Information We Collect from Customers
When you register for or use Passform, we collect:
Account and identity information: Name, job title, business name, email address, and phone number.
Billing and payment information: Billing contact name, address, and payment method details. Full card details are processed by our payment provider and are not stored by Passform.
Platform usage data: Log data, IP addresses, browser and device information, feature usage, session data, and analytics relating to how you interact with the Platform and Dashboard.
Communications: Emails, support requests, and other correspondence you send to us.
Account preferences and settings: Configuration choices, notification preferences, and integration settings you apply within the Platform.
2.2 Information We Collect from Website Visitors
When you visit passform.io, we may collect:
Technical data: IP address, browser type, operating system, referring URL, pages visited, and session duration, typically via cookies and similar technologies.
Enquiry data: Name, email address, and any information you submit through contact forms, demo requests, or newsletter sign-ups.
2.3 End User Data Processed on Behalf of Customers
When our Customers use the Platform to create and distribute Wallet Passes, the Platform may process personal information about their End Users. This may include:
Names and contact details (email, phone number);
Wallet pass identifiers and device identifiers;
Location data generated from geo-triggered pass notifications;
Redemption records, scan events, and engagement data;
Loyalty balances, membership status, or other programme data; and
Any other data that Customers choose to include in or associate with their Wallet Passes.
In relation to End User data, Passform acts as a data processor. The Customer is the data controller responsible for determining the purpose and means of processing End User data, providing appropriate privacy notices to End Users, and ensuring a lawful basis for processing. Our obligations as a data processor are set out in our Data Processing Agreement.
3. How We Collect Personal Information
We collect personal information:
Directly from you when you register, contact us, complete a form, or interact with the Platform;
Automatically through cookies and similar tracking technologies when you visit our website or use the Platform;
From third-party sources, including integration partners you connect to the Platform, CRM systems, and payment processors; and
From our Customers, who upload or transmit End User data through the Platform in the course of using our services.
4. How We Use Personal Information
4.1 For Customers
We use Customer personal information to:
Provide, operate, and maintain the Platform and Services;
Manage your account, billing, and subscription;
Respond to support requests and enquiries;
Send service-related communications (including invoices, security alerts, and product updates);
Improve and develop our Platform and services (using aggregated and de-identified data where possible);
Comply with legal obligations; and
Enforce our Terms and Conditions and protect the security and integrity of the Platform.
With your consent or where we have a legitimate interest, we may also use your contact details to send you marketing communications about Passform products and services. You can opt out at any time.
4.2 For Website Visitors
We use visitor data to:
Operate and improve our website;
Respond to enquiries and demo requests;
Send marketing communications where you have subscribed or consented; and
Understand how people find and use our website (analytics).
4.3 For End User Data
We use End User data only to the extent necessary to provide the Services to the relevant Customer, in accordance with the Customer's instructions and our Data Processing Agreement. We do not use End User data for our own marketing or product development purposes.
5. Legal Basis for Processing (GDPR)
Where the GDPR or UK GDPR applies to our processing of personal information, we rely on the following legal bases:
Contract: Processing necessary to perform our contract with you, including providing the Platform, processing payments, and managing your account.
Legitimate interests: Processing necessary for our legitimate interests, including improving our services, securing our Platform, preventing fraud, and communicating about related services. We only rely on legitimate interests where they are not overridden by your rights and interests.
Legal obligation: Processing necessary to comply with a legal obligation, including tax, accounting, and regulatory requirements.
Consent: Where we send marketing communications to individuals in the EEA or UK, or where we use non-essential cookies, we rely on your consent. You may withdraw consent at any time.
For End User data processed on behalf of Customers, the Customer is responsible for establishing and documenting the applicable legal basis.
6. Cookies and Tracking Technologies
We use cookies and similar technologies on passform.io and the Platform. These include:
Essential cookies: Required for the website and Platform to function. Cannot be disabled.
Analytics cookies: Help us understand how visitors use our site (e.g., pages visited, session duration). We use this data to improve our website.
Marketing cookies: Used to deliver relevant advertising and track the effectiveness of marketing campaigns. These are only set with your consent.
You can manage your cookie preferences through our cookie consent tool, which is presented when you first visit our website. You can also control cookies through your browser settings, but disabling certain cookies may affect website functionality.
7. Sharing Personal Information
We do not sell personal information. We may share personal information with:
Service providers: Third parties who help us operate the Platform and provide the Services, including cloud infrastructure providers, payment processors, email service providers, customer support tools, and analytics platforms. These providers are contractually bound to process personal information only on our instructions and in accordance with applicable privacy law.
Integration partners: Where you connect third-party services to the Platform (such as CRM or loyalty platforms), personal information may be shared with those services in accordance with your configuration and their terms.
Apple and Google: Wallet pass data is transmitted to Apple and Google infrastructure to deliver passes to End Users' devices. This processing is subject to Apple's and Google's respective privacy policies.
Professional advisers: Lawyers, accountants, auditors, and insurers who provide professional services to Passform, subject to confidentiality obligations.
Regulatory and law enforcement authorities: Where required by applicable law, court order, or regulatory requirement.
Business transfers: In connection with a merger, acquisition, restructuring, or sale of assets. We will provide notice before personal information is transferred and subject to a different privacy policy.
We require all third parties who process personal information on our behalf to maintain appropriate security standards and to comply with applicable privacy law.
8. International Data Transfers
Passform is based in New Zealand. Our infrastructure and some of our service providers may be located in other countries, including Australia, the United States, and the European Economic Area.
When we transfer personal information outside New Zealand, we take steps to ensure that appropriate safeguards are in place, in accordance with the NZ Privacy Act 2020 Information Privacy Principle 12.
Where the GDPR applies to transfers of personal information outside the EEA or UK, we ensure that such transfers are protected by appropriate safeguards, which may include:
Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office;
Transfers to countries with an adequacy decision; or
Other mechanisms recognised under applicable data protection law.
You may request further information about the safeguards we apply to international transfers by contacting us at hello@passform.io.
9. Data Retention
We retain personal information for as long as necessary to fulfil the purposes described in this policy, to comply with our legal obligations, and to resolve disputes.
Customer account data is retained for the duration of the customer relationship and for up to 7 years after termination (to meet accounting and legal obligations).
Platform usage and log data is typically retained for up to 12 months.
End User data is retained in accordance with the Customer's instructions and our Data Processing Agreement. Customers can request deletion of End User data at any time through the Platform or by contacting us.
Marketing contact data is retained until you opt out or withdraw consent, plus a reasonable period thereafter to maintain suppression records.
When personal information is no longer required, we securely delete or anonymise it.
10. Security
We maintain appropriate technical and organisational measures to protect personal information against unauthorised access, disclosure, alteration, or destruction. These include:
Encryption of data in transit and at rest;
Access controls and authentication requirements;
Regular security assessments and monitoring;
Staff training on data handling and security; and
Incident response procedures.
No system is completely secure. If you believe your personal information has been compromised, please contact us immediately at support@passform.io.
In the event of a privacy breach that poses a serious risk of harm, we will notify affected individuals and, where required, the New Zealand Privacy Commissioner and other applicable authorities, in accordance with the NZ Privacy Act 2020 and any other applicable law.
11. Your Rights
11.1 Rights Under the New Zealand Privacy Act 2020
Under the NZ Privacy Act, you have the right to:
Access the personal information we hold about you;
Correct any personal information that is inaccurate, incomplete, or out of date; and
Make a complaint to the Office of the Privacy Commissioner if you believe we have interfered with your privacy.
11.2 Rights Under the GDPR (EEA and UK individuals)
If the GDPR or UK GDPR applies to you, you may also have the right to:
Erasure ("right to be forgotten"): Request that we delete your personal information in certain circumstances;
Restriction: Request that we restrict our processing of your personal information in certain circumstances;
Data portability: Receive a copy of your personal information in a structured, machine-readable format;
Object: Object to our processing of your personal information where we rely on legitimate interests;
Withdraw consent: Where we rely on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal; and
Lodge a complaint: With your local data protection authority.
11.3 Exercising Your Rights
To exercise any of the above rights, contact us at support@passform.io. We will respond within the timeframes required by applicable law (generally 20 working days under the NZ Privacy Act, or one month under the GDPR).
We may need to verify your identity before fulfilling a request. We will not charge a fee for reasonable requests but reserve the right to charge for excessive or repetitive requests.
Note for End Users: If you are an End User whose personal information is processed through a Passform Customer's wallet pass programme, your data controller is the Customer (not Passform). Please direct privacy requests to the relevant business directly. We will assist our Customers in responding to End User requests as required by our Data Processing Agreement.
12. Children
The Passform Platform is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@passform.io and we will take steps to delete it.
13. Links to Third-Party Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on the Platform or our website, at least 14 days before the changes take effect. The updated policy will be dated at the top.
Your continued use of the Platform or website after the effective date constitutes acceptance of the updated policy.
15. Contact and Complaints
For any questions about this Privacy Policy or how we handle your personal information, please contact us:
Passform (My Shout Limited)
Email: hello@passform.io
New Zealand: If you are not satisfied with our response, you may make a complaint to the Office of the Privacy Commissioner at privacy.org.nz or by calling 0800 803 909.
EEA / UK: If you are located in the European Economic Area or United Kingdom, you have the right to lodge a complaint with your local data protection authority.
