Trust & Data

How SARScore collects evidence, protects contributors and works with technology providers. This page explains the system we actually operate, in plain language. The contractual rules are in the Terms of Use; the formal statement of personal-data processing and your rights is the Privacy Notice. Where the three documents overlap, the Terms and the Privacy Notice take precedence.

1. Our data principles

SARScore describes places, not people. Evidence records what someone found at a kerb, an entrance, a lift: structured facts about buildings and journeys. We collect the minimum personal data the system needs to work (an account, a location check at the moment of reporting, a verification photograph), we say plainly what each piece is for, and nothing about contributors is sold or shared for advertising. Every number the platform publishes is generated from this evidence; nothing is bought in from data brokers.

2. What we collect

An account is an email address, a display name and a password (stored hashed by our authentication provider). A visit report is structured observations about the route: steps, lifts, surfaces, timing. Report questions ask what the route was like, for example whether it was usable with a wheelchair, never about you: SARScore does not ask for, and does not want, information about any person's disability, medical condition or personal access needs. Please keep free-text notes about the route rather than about yourself or others; if personal detail ends up in a report, write to privacy@sarscore.com and we will remove it. Anonymous reports are accepted without any account at all.

3. How location verification works

Location is requested only when you actively start a report, quick confirmation or check-in, through your browser's own permission prompt, and it is used for one thing: confirming you are within tolerance of the route you are reporting, so the evidence is bound to the place. SARScore never tracks background movement, never records a movement history, and the site's own security policy (the Permissions-Policy header) restricts location and camera access to the reporting pages that need them.

4. Photographs and public evidence

A live photograph is what turns a report into verified evidence. Photographs must show the route (the door, the steps, the ramp, the approach) and must avoid faces, vehicle number plates and the interiors of private homes. They are stored in a private bucket, reviewed by a moderator, and never published. What the public sees is the score, its evidence summary and the route facts; public contributions never reveal a contributor's email address or identity.

5. Service providers

SARScore runs on a small number of named providers. The register below states what each one does, what information is involved, where it is processed and under what safeguards, verified against each provider's published documents on 16 July 2026. Legal-role classifications will be validated by a professional UK data-protection review before the wider pilot; the change log at the bottom of this page records any change.

Register of SARScore service providers, their purpose, data involved, processing location, transfer safeguards, retention and legal role
ProviderService and purposePersonal data involvedProcessing locationTransfer safeguardsRetentionLegal roleDocuments
SupabaseAccounts, authentication, database and private evidence photo storageEmail address, display name, hashed password, contributions, check-ins, photographsAWS eu-west-2 (London): our project's dedicated regionData held in the UK region; Supabase DPA incorporates standard contractual clauses for any support accessFor the life of the account; evidence records follow the retention section belowProcessor (per its DPA)Privacy · DPA
VercelWebsite hosting and deliveryIP address and technical request information (standard web server logs)Global edge network (US company); request logs are transientEU standard contractual clauses and the UK IDTA, incorporated in the Vercel DPA (updated March 2026)Short-lived operational logs; no contributor content is stored with VercelProcessor (stated in its DPA)Privacy · DPA
ResendTransactional email: account confirmation and password resetEmail address and delivery metadataSending configured in eu-west-1 (Ireland); US companyEU SCCs, the UK Addendum and certification under the EU-US Data Privacy Framework with the UK ExtensionDelivery data deleted within 90 days of account termination under its DPAProcessor (stated in its DPA)Privacy · DPA
GoogleOptional “Continue with Google” sign-in, and business email for our public contact addresses (hello@, privacy@, support@ and similar). A Google account is never required.Sign-in: your name, email address and profile identifier (basic identity scopes only; never contacts, location or files). Email: the content of messages you choose to send usGoogle data centres under the Google Workspace termsGoogle's Cloud Data Processing Addendum with EU SCCsCorrespondence kept as long as needed to handle the matter; deletion on requestProcessor for customer email content (per the Cloud DPA); independent controller for its own sign-in servicePrivacy · DPA
Ordnance SurveyNational address search (server side) and map cartography (your browser loads map tiles from api.os.uk)Address search text reaches OS from our server, not from you. When you view a map, your browser sends OS your IP address and the map area requestedUnited KingdomNone required: UK organisationPer the OS privacy policy for its service operationsIndependent controller for its own service data (per its privacy policy)Privacy
OpenStreetMap FoundationFallback address search and community mapping context, queried from our server onlySearch text and route coordinates reach OSM services from our server; your IP address is never sentUnited Kingdom and Netherlands (OSMF); the Overpass API is operated by FOSSGIS e.V. in GermanyUK and EU processingNothing about you is stored: queries are made by our server and results for community context are not kept beyond the report sessionIndependent controller for its own servicesPrivacy

Register last verified 16 July 2026. Everything else you do on the site talks only to sarscore.com; the one exception is map tiles, which your browser fetches directly from Ordnance Survey.

6. Data retention

Evidence is an append-only record: observations are kept because published scores must remain auditable against the evidence that produced them, and superseded evidence is retired from calculations rather than erased. Verification photographs are kept privately while they support a route's verification; if a photograph is rejected or withdrawn, any score relying on it is withdrawn too. Account data lives for the life of the account. Where a contributor asks us to remove personal data, we remove or de-identify it while preserving the factual route record.

7. International transfers

The evidence database and photo storage live in the UK (AWS London). Website delivery, email delivery and business email involve providers with operations outside the UK; each transfer is covered by the safeguards named in the register above (standard contractual clauses, the UK IDTA or Addendum, and Data Privacy Framework certification where held). SARScore does not transfer contributor data internationally itself.

8. Account deletion and your rights

You can ask for access to, correction of, or deletion of your account information at any time by writing to privacy@sarscore.com from your account email. Deletion removes your account and personal identifiers; the de-identified route facts you contributed remain part of the evidence record, as the Terms describe. The formal statement of your rights, including complaint routes, is in the Privacy Notice.

9. Security and vulnerability reporting

Concretely: all traffic is HTTPS; the site ships a content security policy, frame-embedding denial and restrictive permissions headers; database access is governed by row-level security with server-side keys that never reach the browser; evidence photographs live in a private bucket accessible only to moderation; and API keys are scoped to single purposes. If you find a security problem, email support@sarscore.com with “Security” in the subject line; we will acknowledge it and act on it. Please do not test against other people's data.

10. Policy and processor change log

Changes to this page, to the provider register or to the Privacy Notice are recorded here with dates, so the account stays verifiable over time.

Data and privacy: privacy@sarscore.com · General: hello@sarscore.com

Trust & Data · SARScore