Skip to main content
← Back to home

Privacy Policy

Last Updated: 7 March 2026

Effective Date: 7 March 2026

1. Introduction

220 Yards Limited (trading as SCORE) ("SCORE", "we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

SCORE provides a SaaS platform for survey companies to manage, store, and quality-check survey reports. We operate in two distinct capacities: as a data controller for our customers' account data, and as a data processor for survey reports and client data processed on behalf of our customers.

2. Data Controller Information

Company Name: 220 Yards Limited (trading as SCORE)

Companies House Number: 07563087

Registered Address: 15 Victoria Mews, Mill Field Road, Cottingley Business Park, Bingley, England, BD16 1PY

Contact Email: hello@scorehq.io

Website: scorehq.io

3. Scope and Applicability

This Privacy Policy applies to:

  • SCORE Customer Data: Information about survey companies (our direct customers) and their authorised users who access the SCORE platform (we are the data controller)
  • Surveyor Client Data: Survey reports and client information processed on behalf of our customers (we are the data processor)

4. What Personal Data We Collect

4.1 SCORE Customer Data (We are Controller)

When you use the SCORE platform, we collect:

Account Information:

  • Email addresses, first and last names, RICS number, qualification
  • Company affiliation, password hashes (pseudonymised)
  • User roles and permissions, avatar image, email sign-off preferences

Company Information:

  • Company name, address, phone number, email
  • Job reference prefix

Financial Information:

  • Bank details for invoicing (account name, sort code, account number)
  • Phone payment numbers, invoice payment terms, payment reference instructions
  • Invoice history (amounts, status, currency)

Usage Data:

  • Feature usage patterns, session data, error logs
  • Browser/device type, aggregated usage statistics

Security Data:

  • IP addresses, login attempts (successful and failed), lockout failure counts
  • Access timestamps, user agent strings, geolocation (derived from IP)

Support Data:

  • Support enquiries via email, communication history

Marketing Data:

  • Email addresses, names, subscription preferences, engagement data (opens, clicks)

4.2 Surveyor Client Data (We are Processor)

On behalf of our customers (survey companies), we process:

Client Information:

  • Full name, preferred name, email address, phone number (with country prefix)
  • Postal address, correspondence address, business name, client type (individual/business)

Survey Reports:

  • Report PDFs containing relevant information required to complete the survey (content varies by report type and may include personal data about property owners, purchasers, vendors, and other parties)

Job Metadata:

  • Property addresses, UPRN, coordinates, property type and description
  • Survey type, inspection dates and contact details, fees, quotes, invoices
  • Purchaser/vendor names, estate agent details, lender and broker references
  • Panel manager references, RICS conflict of interest declarations

AI Processing:

  • Text extracted from survey PDFs via OCR
  • QC context data (e.g. lender name, applicant name, property details, loan information)
  • Extracted field values and confidence scores

Communications:

  • Report delivery records, email logs (recipient, subject, body, delivery status)
  • Job notes and activity audit trail

Note: For Surveyor Client Data, your surveyor company is the data controller and determines the lawful basis for processing. SCORE processes this data strictly on their instructions.

5. Lawful Basis for Processing

5.1 SCORE Customer Data

We process your personal data under the following lawful bases:

  • Contract (Article 6(1)(b)): Account management, service delivery, billing, and customer support are necessary to perform our contract to provide the SCORE platform
  • Legal Obligation (Article 6(1)(c)): Billing records retained for 7 years for tax compliance
  • Legitimate Interest (Article 6(1)(f)): Platform analytics (to improve functionality), security monitoring (to protect accounts), product updates to existing customers (soft opt-in)
  • Consent (Article 6(1)(a)): Marketing emails and promotional content require explicit opt-in consent

5.2 Surveyor Client Data

SCORE processes Surveyor Client Data as a data processor under Article 28 of UK GDPR. The customer (surveyor company) is the data controller and determines the lawful basis, typically:

  • Contract: Delivery of survey services to their clients
  • Legitimate Interest: Property surveys for legal/regulatory purposes

6. How We Use Your Personal Data

We use SCORE Customer Data for:

  • Providing and managing user accounts on the SCORE platform
  • Processing payments and generating invoices
  • Providing customer support and technical assistance
  • Monitoring platform performance, identifying bugs, and improving functionality
  • Detecting unauthorised access and preventing fraud
  • Sending service notifications (transactional emails)
  • Sending product updates and marketing communications (with consent or soft opt-in)

We use Surveyor Client Data strictly on customer instructions for:

  • Storing and managing survey reports and associated job data
  • Managing survey workflows (quoting, booking, inspections, invoicing, report delivery)
  • AI-powered OCR and field extraction for quality checking
  • Client communications on behalf of the surveyor (terms, quotes, reports, payment requests)
  • Maintaining audit trails and activity logs for accountability

7. Data Retention Periods

We retain personal data only as long as necessary.

Data Type Retention Period
Account and company data (including BACS details)Duration of subscription + 90 days
Billing records (invoices, tax records)7 years from end of financial year (legal requirement)
Email logs (delivery status, content)90 days
Usage analytics (raw logs)90 days (aggregated analytics retained indefinitely in anonymised form)
Security and error logs (including Sentry)Active monitoring: 90 days; Incident records: 24 months
Activity audit trailDuration of subscription + 90 days; deleted with account
Support ticketsDuration of subscription + 12 months
Marketing dataActive: Duration + 24 months; Unsubscribed: 30 days
Survey reports (processor)Customer-controlled (per Data Processing Agreement terms)

8. Who We Share Your Data With (Sub-Processors)

We engage sub-processors to provide our services. All sub-processors are bound by data processing agreements. For a complete and up-to-date list of sub-processors (provider, purpose, and location), please see our Sub-Processor Register on our Trust Center.

9. International Data Transfers

All personal data is stored and processed within the UK and EU. No international transfers outside the UK/EU occur. See our Sub-Processor Register for sub-processor locations.

10. How We Protect Your Data

We implement industry-standard technical and organisational security measures to protect your personal data:

  • Encryption: AES-256 encryption at rest, TLS 1.2+ encryption in transit
  • Authentication: Multi-factor authentication (MFA) mandatory for all SCORE production system access; MFA available and strongly recommended for all user accounts
  • Access Control: Role-based access, least privilege principle, quarterly access reviews
  • Monitoring: Security event logging, automated alerting for anomalies
  • Backups: Automated daily backups, encrypted and stored separately
  • Framework Alignment: Working towards Cyber Essentials Plus certification and aligned with ISO 27001 principles

11. Cookies

SCORE uses strictly necessary cookies only on the platform (hub.scorehq.io). No analytics, marketing, or third-party tracking cookies are used. For full details, see our Cookie Policy.

12. Your Data Subject Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data (subject to legal obligations)
  • Right to Restriction of Processing: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise your rights, contact us at compliance@scorehq.io. We will respond within 30 days, which may be extended by a further two months for complex or numerous requests.

Note: If you are a survey client (data subject of our customer), please contact the surveyor company directly as they are the data controller. We will assist them in responding to your request.

13. AI and Automated Decision-Making

Opt-in to AI features: SCORE users opt in to AI-assisted features. We process data for AI only when you have agreed to use those features.

AI processing (Mistral AI): We use Mistral AI to extract text and structured data from survey reports for quality checking and field validation. This processing:

  • Does not involve automated decision-making that produces legal or similarly significant effects
  • Is limited to technical analysis and data extraction
  • Operates under survey company instructions (they are responsible for informing their clients)
  • Is not retained or used for training by the third party: Mistral AI does not retain your data or use it to train their models; processing is performed under our data processing agreement with no retention or training use by them

AI-assisted QC and algorithmic scoring: We use AI for quality-control (QC) scoring of survey content. This is transparent: each QC check is explained so surveyors can review and act on it. It is AI-assisted QC to help surveyors do their job, not profiling or automated decision-making that produces legal or similarly significant effects.

Optional AI QC improvements: Companies can opt in to allow us to use data to improve AI quality-control (QC) features. Where this option is enabled, we may use limited data for that purpose. Training data retention for AI QC improvements is limited and is handled in line with this policy and our data retention schedules.

No profiling: We do not use your personal information for profiling or automated decision-making that produces legal or similarly significant effects.

14. Right to Complain to the ICO

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your personal data appropriately:

Information Commissioner's Office

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first at compliance@scorehq.io.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or business practices. We will notify you of material changes by:

  • Email notification to registered users
  • Notice on our website and platform
  • Updating the 'Last Updated' date at the top of this policy

16. Contact Us

If you have questions about this Privacy Policy or concerns about how we handle your personal data, please contact us:

General enquiries: hello@scorehq.io

Data protection & rights requests: compliance@scorehq.io

Website: scorehq.io

Document Information

  • Version: 1.1
  • Effective Date: 7 March 2026
  • Last Updated: 7 March 2026
  • Next Review: March 2027

Document Reference: SCO-POL-PP | 220 Yards Limited (trading as SCORE) — registered in England and Wales.