Trust & Data
How SARScore collects evidence, protects contributors and works with technology providers. This page explains the system we actually operate, in plain language. The contractual rules are in the Terms of Use; the formal statement of personal-data processing and your rights is the Privacy Notice. Where the three documents overlap, the Terms and the Privacy Notice take precedence.
1. Our data principles
SARScore describes places, not people. Evidence records what someone found at a kerb, an entrance, a lift: structured facts about buildings and journeys. We collect the minimum personal data the system needs to work (an account, a location check at the moment of reporting, a verification photograph), we say plainly what each piece is for, and nothing about contributors is sold or shared for advertising. Every number the platform publishes is generated from this evidence; nothing is bought in from data brokers.
2. What we collect
An account is an email address, a display name and a password (stored hashed by our authentication provider). A visit report is structured observations about the route: steps, lifts, surfaces, timing. Report questions ask what the route was like, for example whether it was usable with a wheelchair, never about you: SARScore does not ask for, and does not want, information about any person's disability, medical condition or personal access needs. Please keep free-text notes about the route rather than about yourself or others; if personal detail ends up in a report, write to privacy@sarscore.com and we will remove it. Anonymous reports are accepted without any account at all.
3. How location verification works
Location is requested only when you actively start a report, quick confirmation or check-in, through your browser's own permission prompt, and it is used for one thing: confirming you are within tolerance of the route you are reporting, so the evidence is bound to the place. SARScore never tracks background movement, never records a movement history, and the site's own security policy (the Permissions-Policy header) restricts location and camera access to the reporting pages that need them.
4. Photographs and public evidence
A live photograph is what turns a report into verified evidence. Photographs must show the route (the door, the steps, the ramp, the approach) and must avoid faces, vehicle number plates and the interiors of private homes. They are stored in a private bucket, reviewed by a moderator, and never published. What the public sees is the score, its evidence summary and the route facts; public contributions never reveal a contributor's email address or identity.
5. Service providers
SARScore runs on a small number of named providers. The register below states what each one does, what information is involved, where it is processed and under what safeguards, verified against each provider's published documents on 16 July 2026. Legal-role classifications will be validated by a professional UK data-protection review before the wider pilot; the change log at the bottom of this page records any change.
| Provider | Service and purpose | Personal data involved | Processing location | Transfer safeguards | Retention | Legal role | Documents |
|---|---|---|---|---|---|---|---|
| Supabase | Accounts, authentication, database and private evidence photo storage | Email address, display name, hashed password, contributions, check-ins, photographs | AWS eu-west-2 (London): our project's dedicated region | Data held in the UK region; Supabase DPA incorporates standard contractual clauses for any support access | For the life of the account; evidence records follow the retention section below | Processor (per its DPA) | Privacy · DPA |
| Vercel | Website hosting and delivery | IP address and technical request information (standard web server logs) | Global edge network (US company); request logs are transient | EU standard contractual clauses and the UK IDTA, incorporated in the Vercel DPA (updated March 2026) | Short-lived operational logs; no contributor content is stored with Vercel | Processor (stated in its DPA) | Privacy · DPA |
| Resend | Transactional email: account confirmation and password reset | Email address and delivery metadata | Sending configured in eu-west-1 (Ireland); US company | EU SCCs, the UK Addendum and certification under the EU-US Data Privacy Framework with the UK Extension | Delivery data deleted within 90 days of account termination under its DPA | Processor (stated in its DPA) | Privacy · DPA |
| Optional “Continue with Google” sign-in, and business email for our public contact addresses (hello@, privacy@, support@ and similar). A Google account is never required. | Sign-in: your name, email address and profile identifier (basic identity scopes only; never contacts, location or files). Email: the content of messages you choose to send us | Google data centres under the Google Workspace terms | Google's Cloud Data Processing Addendum with EU SCCs | Correspondence kept as long as needed to handle the matter; deletion on request | Processor for customer email content (per the Cloud DPA); independent controller for its own sign-in service | Privacy · DPA | |
| Ordnance Survey | National address search (server side) and map cartography (your browser loads map tiles from api.os.uk) | Address search text reaches OS from our server, not from you. When you view a map, your browser sends OS your IP address and the map area requested | United Kingdom | None required: UK organisation | Per the OS privacy policy for its service operations | Independent controller for its own service data (per its privacy policy) | Privacy |
| OpenStreetMap Foundation | Fallback address search and community mapping context, queried from our server only | Search text and route coordinates reach OSM services from our server; your IP address is never sent | United Kingdom and Netherlands (OSMF); the Overpass API is operated by FOSSGIS e.V. in Germany | UK and EU processing | Nothing about you is stored: queries are made by our server and results for community context are not kept beyond the report session | Independent controller for its own services | Privacy |
Register last verified 16 July 2026. Everything else you do on the site talks only to sarscore.com; the one exception is map tiles, which your browser fetches directly from Ordnance Survey.
6. Data retention
Evidence is an append-only record: observations are kept because published scores must remain auditable against the evidence that produced them, and superseded evidence is retired from calculations rather than erased. Verification photographs are kept privately while they support a route's verification; if a photograph is rejected or withdrawn, any score relying on it is withdrawn too. Account data lives for the life of the account. Where a contributor asks us to remove personal data, we remove or de-identify it while preserving the factual route record.
7. International transfers
The evidence database and photo storage live in the UK (AWS London). Website delivery, email delivery and business email involve providers with operations outside the UK; each transfer is covered by the safeguards named in the register above (standard contractual clauses, the UK IDTA or Addendum, and Data Privacy Framework certification where held). SARScore does not transfer contributor data internationally itself.
8. Account deletion and your rights
You can ask for access to, correction of, or deletion of your account information at any time by writing to privacy@sarscore.com from your account email. Deletion removes your account and personal identifiers; the de-identified route facts you contributed remain part of the evidence record, as the Terms describe. The formal statement of your rights, including complaint routes, is in the Privacy Notice.
9. Security and vulnerability reporting
Concretely: all traffic is HTTPS; the site ships a content security policy, frame-embedding denial and restrictive permissions headers; database access is governed by row-level security with server-side keys that never reach the browser; evidence photographs live in a private bucket accessible only to moderation; and API keys are scoped to single purposes. If you find a security problem, email support@sarscore.com with “Security” in the subject line; we will acknowledge it and act on it. Please do not test against other people's data.
10. Policy and processor change log
Changes to this page, to the provider register or to the Privacy Notice are recorded here with dates, so the account stays verifiable over time.
- 16 July 2026: “Continue with Google” sign-in introduced as an optional alternative to email (basic identity scopes only). Google register entry updated accordingly.
- 16 July 2026: Page published. Provider register verified against each supplier's current privacy and data-processing documents. Legal-role classifications provisional pending professional UK data-protection review before the wider pilot.
Data and privacy: privacy@sarscore.com · General: hello@sarscore.com