Privacy

This policy explains how Vouchsafe uses your personal data when your details are checked using our services.

We provide identity, age, address, and related verification services on behalf of businesses such as lenders, employers, service providers, and other organisations.

We follow UK data protection law and operate in line with applicable trust framework rules, including the UK Digital Identity and Attributes Trust Framework.

1. Who we are

Vouchsafe provides verification services that help businesses check information about individuals.

We usually act on behalf of a business. That business decides:

• why a check is needed
• which checks to run
• what happens based on the result

Vouchsafe provides verification results and signals, but we do not decide outcomes.

2. How your data is used

Your data may be checked using Vouchsafe in two main ways:

Checks you complete directly

Sometimes you are asked to complete a verification yourself, for example by uploading documents or confirming details.

In these cases:

• we explain what data is used and why;
• you see who the data will be shared with; and
• you confirm you understand before the check continues.

Background checks

Sometimes a business checks your details as part of an application or assessment process, without you completing a separate verification flow.

In these cases:

• the business is responsible for explaining the check to you under its own terms; and
• Vouchsafe carries out the check on the business’s behalf.

3. What data we process

Depending on the check, we may process:

• Personal details – such as your name, date of birth, address, or contact information
• Documents – such as identity or address documents you provide
• Biometric data – such as a facial image used for identity matching
• Technical information – such as device or session information
• Authoritative source data – from trusted third-party sources used to confirm details

We only process data that is relevant to the check being carried out.

3.1 Special category data

We process biometric data for the sole purpose of uniquely identifying a person, in accordance with UK GDPR Article 9(2)(g) and the Digital Identity & Attributes Trust Framework. We do not intentionally process other special category data, and take steps to minimise collection.

4. Why we process your data (legal basis)

We process personal data only when we have a lawful reason to do so.

Depending on the context, this may be because:

• you are completing a check directly, and processing is necessary to provide that service;
• a business has a legitimate interest in checking your details as part of an application or assessment;
• the business or Vouchsafe has a legal obligation to carry out checks; or
• you have given consent, where consent is required and appropriate.

When biometric data is used, it is processed solely to uniquely identify a person, in line with UK GDPR and applicable trust framework rules.

5. Automated processing

Some verification checks use automated systems to assess information.

These checks:

• support decision-making;
• may produce probabilistic results; and
• do not, on their own, determine final outcomes.

Your rights in relation to automated processing are explained below.

6. Who your data is shared with

Your data may be shared with:

• the business that requested the check;
• trusted third-party services that help us deliver verification;
• authorities, where we are required to do so by law or trust framework rules.

If data is transferred outside the UK, appropriate safeguards are used.

7. How long we keep your data

We keep personal data only for as long as needed to provide the service and meet our obligations.

In general:

• verification data relating to individuals is deleted within a reasonable period after the check;
• data may be kept longer where required for fraud prevention, legal reasons, or trust framework rules.

Data is deleted securely.

8. Your rights

You have rights under UK data protection law, including the right to:

• access your data;
• ask for incorrect data to be corrected;
• ask for data to be deleted, in some circumstances;
• object to certain types of processing;
• ask for processing to be restricted; and
• request a human review of certain automated processing.

To exercise these rights, contact us using the details below.

9. Questions and complaints

If you have questions about a verification or how the result was used, you should usually contact the business that requested the check.

If you have questions about how Vouchsafe processes personal data, you can contact us at:

Email: help@vouchsafe.id
Data Protection Officer: jaye@vouchsafe.id

To report a security issue, contact: security@vouchsafe.id

If you are not satisfied with our response, you can complain to the UK data protection regulator:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
0303 123 1113
https://ico.org.uk