Privacy Policy

Last updated: September 26, 2025

In compliance with the General Data Protection Regulation (GDPR) and the data protection laws of England and Wales, this Privacy Policy governs the practices of Bioneer Limited, a registered company in England and Wales under registration number 13822447, hereinafter referred to as "the Company," in relation to the collection, utilisation, disclosure, and protection of personal information, as pertinent to the website(s) operated by the Company, including but not limited to "The Website" (scoredetect.com) and its associated subdomains. "ScoreDetect" is a trading style of Bioneer Limited.

1. Introduction

The Company, herein referred to as "we" or "us," welcomes users to its online platform. This Privacy Policy is formulated with the objective of elucidating the manner in which personal data is gathered, employed, revealed, and safeguarded in accordance with our services. By accessing and utilising The Website, the user consents to the stipulations set forth herein.

2. Information Collection

2.1 Personal Information

We may collect the following personal information from users:

  • Email Address: Users' email addresses are acquired to facilitate access to the services rendered by The Website and to enhance user experience accordingly.
  • Multi-Factor Authentication Data: In accordance with our mandatory multi-factor authentication requirements, we may collect and store authentication-related data, including but not limited to device information, authentication codes, and security question responses for the purpose of account security and recovery processes.
  • Government Identification Documents: In the event of account recovery procedures, we may request and temporarily store copies of government-issued identification documents or other official documentation to verify user identity and facilitate account restoration. Such documents are processed securely and retained only for the duration necessary to complete the verification process.
  • Identity Verification Data: As part of our mandatory identity verification process, we collect and process personal data through our third-party identity verification provider, iDenfy. This may include government-issued identification documents, biometric data, and other personal information necessary for identity verification purposes.

2.2 Identity Verification Data Processing

We utilize the services of iDenfy (company registration number 304617621, registered address: Barsausko g. 59, LT-51423, Kaunas, Lithuania) as our third-party identity verification provider. iDenfy can process the following categories of personal data on our behalf:

  • Government-issued identification documents (passport, national ID, driving license, resident permit)
  • Biometric data including facial images and digital signatures
  • Personal identification information (name, date of birth, nationality, address)
  • Document verification data (issuing authority, expiry dates, document numbers)
  • Technical data (IP addresses, device information, verification timestamps)
  • Additional data that may appear in document images as part of the verification process

This data processing is conducted in accordance with iDenfy's Terms of Use (https://www.idenfy.com/terms-and-conditions.pdf) and Privacy Policy (https://www.idenfy.com/privacy-policy/). iDenfy operates as a data processor under our instruction and in compliance with applicable data protection regulations, including GDPR and UK data protection laws.

The legal basis for this processing is:

  • Article 6(1)(b) GDPR: Processing necessary for the performance of a contract
  • Article 6(1)(f) GDPR: Legitimate interest in fraud prevention and service security
  • Article 9(2)(g) GDPR: Processing necessary for reasons of substantial public interest (fraud prevention)

The identity verification process provides an essential foundation for establishing the authenticity and authority of verification certificates and recognition certificates issued through our platform. This additional layer of identity verification serves to:

  • Enhance the legal standing and credibility of all certificates issued through our platform;
  • Provide third parties with confidence in the authenticity of certificate holders;
  • Meet industry standards for digital certificate authority and recognition services;
  • Ensure compliance with regulatory requirements for authenticated digital verification;
  • Create a robust framework for certificate validation and trust establishment.

Data retention periods are determined in accordance with iDenfy's data retention policies and applicable legal requirements. For detailed information about iDenfy's data processing practices, please refer to their Privacy Policy at: https://www.idenfy.com/privacy-policy/

Explicit Data Usage Restrictions: We explicitly warrant and guarantee that all personal data collected during the identity verification process, including government-issued identification documents, biometric data, and any other personal information processed by iDenfy on our behalf, shall be used exclusively for the purposes of user registration, account verification, and maintaining the security and integrity of our services. This data will never be used for training artificial intelligence models, machine learning algorithms, or any form of data analytics beyond the specific verification purposes outlined in this Privacy Policy. This restriction is absolute and extends to all third-party processing of such data on behalf of the Company, including but not limited to iDenfy and any other service providers involved in the verification process.

Data Storage and Retention Arrangements: All personally identifiable information (PII) collected during the identity verification process is stored exclusively by our trusted partner iDenfy, a SOC2 Type 2 compliant company that maintains the highest industry standards for data security, privacy protection, and regulatory compliance. ScoreDetect does not store any ID verification PII on our systems or servers. We retain only a secure, encrypted scan ID reference that enables us to verify your identity status without accessing or storing any personal data. Upon account termination or deletion, all associated scan ID references will be permanently removed from our systems. You have the right to request the deletion of your verification data for ScoreDetectfrom iDenfy by them or us in accordance with their data retention policies and applicable data protection regulations, including GDPR Article 17 (Right to Erasure).

2.2 Non-Personal Information

In addition, non-personal data, such as:

  • Browser Type
  • Operating System
  • IP Address
  • Pages Visited
  • Date and Time of Visit

Is gathered for analytical purposes, utilising Google Analytics to enhance the user experience. You can learn more about how Google safeguards your data by visiting Google's Safeguarding of your data.

3. Purpose of Data Utilisation

The personal data of users is utilised for the following purposes:

  • Provision and maintenance of our services.
  • Enhancement of our website and services.
  • Communication of updates, newsletters, and marketing communications (contingent upon user consent).
  • Resolution of enquiries and provision of customer support.
  • Implementation and enforcement of mandatory multi-factor authentication security measures.
  • Facilitation of account recovery processes through identity verification procedures.

4. Disclosure of Personal Information

We may share user personal information with the following entities:

  • Service providers and third-party vendors engaged in our operational activities, including iDenfy for identity verification services.
  • Legal authorities when mandated by statutory obligations.
  • Affiliates or business associates for promotional activities, subject to user consent.

We neither engage in the sale of personal information nor have any intentions to do so.

5. Security Measures

Prudent measures are undertaken to safeguard user personal information against unauthorised access, disclosure, alteration, or destruction. Nevertheless, it is pertinent to acknowledge that absolute security cannot be guaranteed over the internet or through electronic data storage.

5.1 Multi-Factor Authentication

The Company implements mandatory multi-factor authentication (MFA) for all user accounts as a fundamental security measure. This requirement is non-negotiable and applies to all users regardless of account type or subscription level. MFA data is collected, processed, and stored in accordance with industry best practices and applicable data protection regulations.

5.2 Account Recovery Process

In circumstances where users cannot prove access to their accounts through standard authentication methods, we provide a security code as a backup measure. As part of the account recovery process, we may request proof of government-issued identification or documentation via email to the user's registered email address. This verification process is essential for maintaining account security and preventing unauthorised access. Any government identification documents provided during this process are processed securely and retained only for the duration necessary to complete the verification procedure.

6. User Choices

Users are accorded the following rights:

  • Review and amendment of personal information.
  • Opt-out from marketing communications.
  • Deletion of their accounts (subject to compliance with applicable legal prerequisites).
  • Request information about the processing of their personal data related to multi-factor authentication and account recovery procedures.

7. Cookies and Tracking Technologies

To augment user experience on our website, we employ cookies and analogous tracking technologies. Cookie preferences may be managed through browser settings.

The Website may incorporate links to third-party websites or services. We are not responsible for the privacy protocols of these external sites.

9. Billing Information

For those instances where billing information is requisite, it shall be gathered through Stripe and managed on the Stripe platform. For comprehensive details, please refer to the Stripe privacy policy.

10. Children's Privacy

The Website is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from minors.

11. Modifications to this Privacy Policy

This Privacy Policy may be subject to periodic revisions. Notification of any amendments shall be effected by the publication of the revised Privacy Policy on this page.

12. Contact Us

For queries or concerns relating to this Privacy Policy, please do not hesitate to contact us at our email address info@scoredetect.com.

The Company values your trust and prioritises the protection of your privacy. Thank you for your usage of The Website.