We take data privacy very seriously. Your personal data needs to be protected. You also have a right to view all the data held about you and make a request to have this removed.
Do we sell data to third parties?
We do not sell your data to any third party. We do work with a small number of third parties that we need in order to provide our services. They do things like host our databases (Digital Ocean) and power our support desk (Fresh desk).
We have contractual agreements in place with each of these suppliers that makes sure that they are not allowed, in any way, to pass on or sell your personal data. They are also obligated to ensure the security of your information that they hold.
What do we do to protect personal data?
We work hard to ensure that all of your personal data is secure and that access is limited. Our databases, for example, are stored at a secure SOC2 certified data centre. We also ensure the following:
That we use a role-based access control framework that ensures access to data is only provided to employees whose job responsibilities necessitate such access.
Our security and data privacy controls & systems are audited both internally and independently on an annual basis.
We regularly undergo penetration tests to ensure that we’re compliant with security and privacy standards.
We have contractual agreements in place with all of our suppliers that ensures that they provide the same levels of protection.
Can I remove my personal data?
If you'd like your personal data to be deleted, please submit a support request to [email protected]
Under GDPR regulations we are a 'Data Processor,' meaning that we can look after your data, but we are not permitted to alter or delete it. Only your issuer has the authority to do this. Once your issuer has deleted all credentials related to you, we aim to process 'Right to be Forgotten' requests within 30 working days.