ComplyHarbour Privacy Notice

What we collect, and why

We deliberately collect as little personal data as possible. We do not collect or store any personal data about your community's end users - no identity documents, no facial images, no dates of birth, and no member names. Where the Service records an age-assurance result, it stores only an anonymous pass or fail outcome with a timestamp, which does not identify anyone.

• Account data. If you create an account, we process your email address and display name. Lawful basis: performance of our contract with you (UK GDPR Article 6(1)(b)).
• Waitlist data. If you join the waitlist, we process your email address and your consent choice. Lawful basis: your consent (Article 6(1)(a)). We send product updates only because you opted in, and you can withdraw your consent at any time.
• Compliance records you create. The answers, assessments, and documents you generate are stored against your account so you can return to and update them. These are your own business records, processed to provide the Service (Article 6(1)(b)).
• Payment data. If you subscribe, payments are handled by our payment provider. We receive confirmation of your subscription status but not your full payment-card details. Lawful basis: performance of our contract with you (Article 6(1)(b)).
• Technical data. We use essential cookies and standard server logs needed to run and secure the site. Lawful basis: our legitimate interests in operating and securing the Service (Article 6(1)(f)).

Who we share it with

We use a small number of processors who act only on our instructions: our hosting and database provider, our payment provider, and our email provider for account and waitlist messages. We do not sell your personal data and we do not share it for advertising.

International transfers

Some of our processors may store or process personal data outside the UK. Where they do, we rely on appropriate safeguards, such as UK adequacy regulations or the UK International Data Transfer Agreement or Addendum. {{Confirm and update this section once your processors' locations and safeguards are finalised.}}

How long we keep it

We keep account data and the compliance records you create for as long as your account is active, and for a reasonable period afterwards to meet our legal and accounting obligations. We keep waitlist data until you withdraw consent or ask us to delete it.

Your rights

Under UK data protection law you have the right to access your personal data; to have it corrected or deleted; to restrict or object to our use of it; to data portability; and to withdraw consent at any time (which does not affect processing that already took place). To exercise any of these rights, email us at {{CONTACT_EMAIL}}.

If you are unhappy with how we have handled your personal data, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.

Changes to this notice

We may update this notice from time to time and will change the “last updated” date above when we do.