Security & Governance

  1. Home
  2. Security & Governance
SmartLink is a purpose-built data exchange for the New Zealand collision repair ecosystem. Security and governance are foundational to its design.
The platform enables the controlled movement of insurance claim repair data between approved parties, while maintaining clear oversight, traceability, and responsibility at every stage.
SmartLink is not a marketplace, an estimation system, or a claims decision engine. It is infrastructure.

Security by design

Security within SmartLink is implemented by design, not added later as an overlay. The platform is designed to minimise unnecessary exposure and reduce operational risk.

  • Least-privilege access controls
  • Encrypted data transmission between systems
  • Logical segregation of tenant and claim data
  • Controlled and approved integration endpoints
  • Continuous auditability of data movement

SmartLink does not expose open or public APIs. All integrations are approved, configured, and governed.

Controlled access

Only approved organisations and systems are permitted to exchange data via SmartLink. Access is explicitly granted and limited to defined operational purposes.

  • Unique identification and authentication of participants
  • Access authorised per claim or workflow
  • Role-based access to relevant data only
  • Comprehensive access logging

Connection does not imply unrestricted access. Data availability is governed by claim context and party relationships.

Data ownership

SmartLink does not claim ownership of claim or repair data. Ownership remains with the originating party.

  • Originators retain accountability
  • Recipients manage data post-receipt
  • SmartLink secures data in transit

Auditability

Every data exchange is designed to be traceable and auditable.

  • Source and destination identification
  • Timestamped transfer records
  • Defined payload scope
  • Error and exception logging

Privacy

SmartLink supports compliance with applicable privacy and data protection obligations, including the New Zealand Privacy Act 2020.

  • Data minimisation
  • Purpose limitation
  • Secure handling of personal information
  • Retention controlled by data owners

Separation of roles and conflicts of interest

SmartLink operates as a neutral integration layer. It does not compete with insurers, repairers, assessors, or suppliers.

  • No involvement in claim decision-making
  • No preferential treatment of connected parties
  • No downstream commercial conflicts

Change control and platform governance

Changes to integrations and platform behaviour are governed through defined change control processes.

  • Controlled deployments
  • Versioned integration changes
  • Backward compatibility where required
  • Clear communication of material changes

Designed for long-term ecosystem stability

SmartLink prioritises predictability, clarity, and trust to support long-term ecosystem stability.

  • Predictable system behaviour
  • Clear boundaries of responsibility
  • Minimal operational friction
  • Trust between participants

Related pages

Contact SmartLink

© Copyright 2026 All Rights Reserved