What we collect,
why, and what you can do about it.

1. Who we are

UberVisor Ltd. operates the UberVisor platform — a wallet, an issuer "Certify" tool, and a construction site companion app — together with the AWS-hosted backend services that serve them.

For your own account data (name, email, phone, login activity) we act as the controller. For credentials issued to you by a training provider, awarding body, or employer, that organisation is the controller and UberVisor acts as a processor under their instructions.

2. What we collect

• Your name and email address — used to sign you in and to send transactional emails (verification codes, two-factor codes, password resets, credential notifications).
• Phone number (optional) — used only for SMS-based account recovery and BLE-fallback session deep links. Leave it blank if you don't want SMS contact.
• Credentials issued to you, including any holder photo bound to a credential by the issuer.
• A device public key for proof-of-possession credentials — generated on your phone. We never see, store, or transmit the matching private key.
• Audit events that name you — issuance, revocation, presentation, and your own consent toggles. Retained as a legal record.
• Approximate location of verifier devices at the moment of a credential check, when an employer has enabled site check-in.
• Crash reports and aggregate usage telemetry (default-on, with a one-tap opt-out — see §6).

We do not collect: real-time GPS location of holders, contact-book data, social-media profiles, advertising identifiers, browsing history outside our apps, or biometric templates beyond a holder photo (which is treated as biometric-adjacent — see §5).

3. Lawful basis

We rely on the following UK/EU GDPR Article 6 (and where relevant Article 9) bases:

Account data — name, email, phone

Art. 6(1)(b) Contract. Needed to provide you with an account; you cannot use the app without it.

Credentials issued to you

Art. 6(1)(b) Contract Art. 6(1)(f) Legitimate interests. The issuer issued these to you in the context of certification. UberVisor processes them on the issuer's behalf as a processor.

Holder photo bound to a credential

Art. 6(1)(b) Contract Art. 9(2)(a) Explicit consent at capture. Treated as biometric-adjacent data. The photo is bound to the credential's signature via SHA-256 so it cannot be silently swapped. Deleted on account deletion.

Audit log entries

Art. 6(1)(c) Legal obligation. ISO/IEC 17024 §8.3 requires certifying bodies to keep records of issuance and revocation. These records survive account deletion in redacted form.

Product analytics — crash reports + usage stats

Art. 6(1)(f) Legitimate interests. On by default. Aggregated, non-identifying signals used to diagnose bugs and improve the apps. You have the right to object at any time under Article 21 — flip the toggle in Profile → Privacy & Data → Your data choices, and we stop processing immediately. We do not use this data for advertising or cross-site tracking.

Marketing emails

Art. 6(1)(a) Consent. Off by default. Switch on to opt in from Your data choices. Consent is specific, withdrawable, and we never pre-tick the box.

4. How we use Bluetooth (BLE)

Some credentials are presented over a short-range Bluetooth Low Energy handshake between your phone and the verifier device. This is a one-shot signal exchange at the moment of presentation — equivalent in scope to a contactless card tap.

• We do not record encounter history.
• We do not build movement patterns from BLE.
• The identifiers used on the BLE wire are ephemeral per session and not linkable back to you outside the verifier device's own audit log.
• On Android, the operating system requires the "fine location" permission to scan for BLE devices. We never read your actual GPS location and the permission is used only by the OS BLE scanner.

5. The holder photo

If your credential includes a photo, the issuer captured it during certification. The photo is stored in our private S3 bucket in eu-west-2, encrypted at rest, served only via signed short-lived URLs, and bound to the credential's cryptographic signature so a verifier can detect tampering.

Photos are deleted on account deletion. Issuers can revoke their own copy independently.

6. Your rights

Under UK and EU GDPR you have the right to:

• Access — get a copy of everything we hold about you (Art. 15).
• Rectify — correct inaccurate data (Art. 16).
• Erase — delete your account and personal data (Art. 17). Credential records are retained in redacted form per ISO/IEC 17024 §8.3 (a documented Art. 17(3)(b) exemption for legal compliance).
• Restrict processing — pause processing while we resolve a dispute (Art. 18).
• Portability — receive your data in a portable, machine-readable format (Art. 20).
• Object — to legitimate-interests processing, including product analytics (Art. 21).
• Withdraw consent — for anything we do on the basis of consent (Art. 7(3)).

The wallet, certify, and construction apps each include a Privacy & Data screen (Profile → Privacy & Data) where every one of these rights can be exercised self-service — most actions happen the moment you tap. If a flow fails, or you would rather speak to a human, email privacy@ubervisor.app. We respond within 30 days as required by Article 12(3); typically same week.

7. Where your data lives

Every UberVisor resource runs in AWS Europe (London) — eu-west-2. No personal data is replicated, cached, or processed outside the United Kingdom by us.

Sub-processor exceptions are listed in §9. None of them are routinely passed personal data; where they are (e.g., wallet pass delivery), the data leaves only after you have explicitly added the credential to that platform's wallet.

8. Retention

• Wallet profile and photos — kept while your account is active; deleted on account deletion.
• Credential records — kept for the certification scheme's validity period, typically up to seven years, per ISO/IEC 17024 §8.3.
• Audit log — seven years (TTL enforced at the database level).
• Data exports — generated on demand and deleted from our servers after seven days.
• Bounced or complained email addresses — held on the SES suppression list to prevent further sends to known-bad addresses.

9. Sub-processors

• Amazon Web Services (Europe Region, London — eu-west-2). Cloud infrastructure: DynamoDB, S3, KMS, AppSync, Cognito, Lambda, SES, SNS. Operating under AWS's UK/EU Data Processing Addendum and Standard Contractual Clauses where applicable.
• Expo (EAS Updates). Used to deliver over-the-air app updates. Expo's servers see only request metadata (IP address, device model, bundle hash) when your app checks for an update. We do not transmit wallet data to Expo.
• Apple and Google (Wallet pass delivery). When you add a credential to Apple Wallet or Google Wallet, the signed pass leaves UberVisor and lands in your platform wallet. From that point Apple or Google's privacy policies apply to that copy of the credential.

10. Cookies and tracking on this website

This marketing site uses only strictly necessary cookies (e.g., to remember your nav preference). No analytics, advertising, or cross-site tracking cookies are loaded. The web fonts are served by Google Fonts; Google may receive a minimal request log for that purpose. If you would prefer fonts not be requested from Google, your browser's tracking-prevention setting will block them and the site will fall back to system fonts.

11. Children

UberVisor is a workplace platform. We do not knowingly collect data from anyone under 16. Account creation in all three apps is gated by an age 16+ confirmation on first run, in line with UK ICO age-assurance guidance and GDPR Article 8.

12. Changes to this notice

If we materially change how we handle data we will publish the new notice version and prompt you to acknowledge it on next app launch (the same flow used at first-run). Past versions remain on file; ask privacy@ubervisor.app if you need a copy of a previous version.

13. Contact & complaints

For any privacy question, data-subject request, or to raise a concern: privacy@ubervisor.app.

You also have the right to lodge a complaint with the UK Information Commissioner's Office: ico.org.uk/concerns.