Privacy Policy

Last updated: 2 October 2025

EngliSure (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, how long we keep it, and the choices and rights you have. It applies when you use our website and services (together, the “Services”).

Who is the data controller?

For the purposes of UK GDPR and the Data Protection Act 2018, EngliSure is the data controller for the personal data processed through the Services. You can contact us at info@englisure.co.uk.

What data we collect

Account & Contact Data: name, email address, and any other registration details you provide.
Test Data: your test responses and scores, and a unique reference code that links your test results with verification images.
Webcam Snapshots: periodic webcam images taken during the test to help verify identity and test integrity.
Photo ID: an image/PDF of a valid ID (e.g., driving licence or passport) that you upload for verification.
Usage & Technical Data: anonymised or pseudonymised logs about how you interact with the site (e.g., device/browser information, pages visited). We use this to maintain and improve the Service and for security (e.g., fraud/abuse prevention).
Payment Data: payments are processed by our provider (see “Processors” below). We do not store your full payment card details on our servers.

Why we use your data (purposes) & lawful bases

We process personal data only where we have a lawful basis. The main purposes and legal grounds are:

Provide the Service and issue certificates (including creating and administering your account, running your test, and generating your certificate) — Contract.
Identity verification and test integrity (comparing your uploaded ID to periodic webcam snapshots to help confirm the right person took the test) — Consent (you’re asked to agree before taking the test that requires verification).
Security, fraud prevention and misuse detection (e.g., rate limiting, abuse monitoring) — Legitimate interests.
Payment processing — Contract.
Service improvement (diagnostics, analytics in strictly necessary form) — Legitimate interests.
Legal/Compliance (record keeping, responding to lawful requests) — Legal obligation or Legitimate interests where appropriate.

Where we rely on consent (e.g., webcam snapshots), you can withdraw it at any time by contacting us. Withdrawing consent may prevent us from completing verification and may invalidate a certificate that relies on that verification.

How we store and protect your data

We store test data, webcam snapshots, and uploaded ID files in a private storage area linked to your unique test reference code. We apply technical and organisational measures such as access controls, server hardening, encrypted transport (HTTPS), and least-privilege access. No method of transmission or storage is 100% secure, but we regularly review our safeguards to keep data protected against unauthorised access, alteration, disclosure, or loss.

Retention

Verification images (webcam snapshots and uploaded ID) are retained for 90 days from the date of your test and then deleted. If you request early deletion of verification images, we will comply; however, this may invalidate your certificate because we would no longer hold the evidence needed to verify your test.

Account and test result data may be retained for longer where needed to provide your account history, comply with legal obligations, or resolve disputes. We keep data no longer than is necessary for the purposes described in this Policy.

Processors and sharing

We use carefully selected service providers to operate the Services. These providers act as “processors” and may handle your personal data on our behalf only under our instructions and with appropriate safeguards. Key providers include:

Payment Processing: Stripe — processes your payment securely. We do not store your full payment card details.
Hosting/Infrastructure: Our hosting provider(s) that store and serve the application securely.
Email/Support (if used): Email delivery or helpdesk tools to communicate with you.

We do not sell your personal data. We may disclose data if required by law, to protect our rights or users, or in connection with a business transition (e.g., merger, acquisition), in which case we will take steps to ensure your rights continue to be protected.

International transfers

Some processors may store or access data from outside the UK/EEA. Where this occurs, we rely on appropriate safeguards (such as the UK Addendum to the EU Standard Contractual Clauses or an adequacy decision) to protect your information. You can contact us for more details about the specific safeguards in place.

Your rights

Under UK GDPR you have the right to:

Access your personal data and receive a copy.
Rectify inaccurate or incomplete data.
Erase your data (“right to be forgotten”) where applicable.
Restrict or object to processing in certain circumstances.
Data portability (receive your data in a commonly used format).
Withdraw consent where we rely on consent (e.g., webcam snapshots).

To exercise any of these rights, email us at info@englisure.co.uk. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

Cookies

We use essential cookies that are necessary for the site to function (e.g., session management, security). If we introduce non-essential cookies (e.g., analytics or advertising), we will ask for your consent and provide controls to manage your preferences.

Children

Our Services are intended for individuals aged 16 and over. If you believe a child has provided us with personal data, please contact us so we can take appropriate steps.

Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and change the “Last updated” date above. If the changes are material, we will take additional steps to notify you.

Contact

If you have questions about this Policy or how we handle your personal data, contact:

info@englisure.co.uk