Privacy Policy
Verification confirms integrity only.
This Privacy Policy explains how A Journey Ltd (Company No. 15963421), trading as Veriscopic ("Veriscopic", "we", "us", "our"), processes personal data when you visit our website or use our platform. We process personal data in accordance with applicable data protection laws, which may include the UK GDPR and (where applicable) the EU GDPR.
Who we are (controller)
A Journey Ltd is the controller for personal data processed in connection with the Veriscopic website and platform, unless we state otherwise.
Scope and versioning
This policy applies to visitors to the Veriscopic website and users of the Veriscopic platform. The version identifier above reflects the current operative policy. Where material changes are made, the version number and effective date will be updated.
Personal data we process
Depending on how you interact with Veriscopic, we may process the following categories of personal data:
- Contact details, such as name and email address
- Organisation, role, and account-related information
- Authentication and access metadata (for example, login events)
- Governance, evidence, or audit-related records submitted by users in the course of using the platform
- Website usage and device information to help operate and secure the site (for example, approximate location derived from IP address, browser/device details, and logs)
Authentication providers
Veriscopic supports third-party authentication providers, including Google. When you authenticate using such a provider, we receive limited information required to create and secure your account (for example, your email address and a provider identifier).
We do not access your contacts, calendars, or other third-party services through authentication, and we do not use authentication data for advertising, profiling, or tracking.
Why we use personal data (purposes and lawful bases)
We process personal data only to operate and secure the platform, support governance and evidence workflows, meet legal obligations, and maintain service integrity. Under UK GDPR and EU GDPR, we rely on the following lawful bases (as applicable):
Platform operation
Purpose: Create and manage accounts, provide the service, enable platform features, deliver requested functionality.
Lawful basis: Contract (Article 6(1)(b)).
Security and abuse prevention
Purpose: Authenticate users, prevent fraud and abuse, monitor for suspicious activity, protect accounts and infrastructure.
Lawful basis: Legitimate interests (Article 6(1)(f)) and, where applicable, Contract (Article 6(1)(b)).
Governance and evidence workflows
Purpose: Process records and artifacts that users submit or generate within the platform to provide governance, evidence, and audit functionality.
Lawful basis: Contract (Article 6(1)(b)) and/or Legitimate interests (Article 6(1)(f)), depending on the feature and context.
Legal, regulatory, and compliance
Purpose: Comply with legal obligations, respond to lawful requests, and maintain appropriate records.
Lawful basis: Legal obligation (Article 6(1)(c)) and/or Legitimate interests (Article 6(1)(f)).
Service communications
Purpose: Send essential service messages (for example, security notices, operational updates, account emails).
Lawful basis: Contract (Article 6(1)(b)) and Legitimate interests (Article 6(1)(f)).
Veriscopic does not sell personal data and does not use customer data to train AI models.
Who we share personal data with
We may share personal data with trusted service providers (processors) who help us operate the website and platform (for example, hosting, authentication, email delivery, logging, and security tooling). These providers process personal data only on our instructions and subject to appropriate contractual safeguards.
We may also disclose personal data where required by law, regulation, or legal process, or to protect our rights, users, and the integrity of the service.
International transfers
Our service providers and infrastructure may involve processing personal data outside the UK or the European Economic Area (EEA). Where international transfers occur, we use appropriate safeguards such as adequacy regulations/decisions or standard contractual clauses and related addenda (as applicable) to help protect personal data.
Data retention
We retain personal data only for as long as necessary for the purposes described in this policy, including to provide the service, meet legal and regulatory obligations, resolve disputes, and enforce agreements. Retention periods may vary depending on the type of data and the context in which it is processed.
Your rights (UK GDPR / EU GDPR)
Depending on your location and the applicable law, you may have the right to:
- Request access to your personal data
- Request correction of inaccurate or incomplete personal data
- Request deletion of personal data (in certain circumstances)
- Request restriction of processing (in certain circumstances)
- Object to processing based on legitimate interests
- Request data portability (in certain circumstances)
- Withdraw consent at any time where we rely on consent (this will not affect the lawfulness of processing before withdrawal)
To exercise your rights, contact us using the details below. We may need to verify your identity before responding.
Complaints
If you have concerns about our processing of personal data, you may contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with a supervisory authority.
- UK: the Information Commissioner's Office (ICO)
- EU/EEA: your local data protection authority (where EU GDPR applies)
Security
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, and disclosure. No method of transmission or storage is completely secure, but we work continuously to protect the service.
Children
The Veriscopic website and platform are not directed to children, and we do not knowingly collect personal data from children.
EU representative (if required)
If the EU GDPR applies to our processing and we are required to appoint an EU representative under Article 27, we will publish the relevant representative details here.
Contact
Questions regarding this Privacy Policy or data protection matters may be directed to privacy@veriscopic.com.
Registered Office: Suite 7034, 321-323 High Road, Romford, Essex, United Kingdom, RM6 6AX · Company No. 15963421