Skip to main content
← Back to home

Privacy Policy

Last Updated: February 2026

Effective Date: February 2026

1. Introduction

SCORE is operated by 220 Yards Ltd (Company No. [company number]), with registered office at [registered address].

We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information. This Privacy Policy explains our data practices and your rights under UK data protection law.

Contact us:

  • Email: privacy@scorehq.io
  • Data Protection Officer: [Name/Email if applicable]
  • Address: [Business address]

2. Who This Policy Applies To

This Privacy Policy applies to two distinct groups:

2.1 Survey Companies and Their Users (Our Direct Customers)

If you work for a survey company using SCORE, this policy explains how we handle information about you and your company. SCORE is the data controller for this information.

2.2 Survey Clients (Property Survey Recipients)

If you are receiving a property survey report delivered through SCORE, we process your information on behalf of the survey company that instructed the survey. The survey company is the data controller, and SCORE is the data processor. Your survey company's privacy notice governs how your data is used.

3. What Information We Collect

3.1 Information About Survey Companies and Their Users (SCORE Customer Data)

When you use the SCORE platform, we collect:

Account Information:

  • Name, email address, job title
  • Company name and business address
  • User role and permissions
  • Password (stored as encrypted hash)

Billing Information:

  • Company billing contact and address
  • Subscription tier and pricing
  • Payment method details (processed securely by our payment provider)
  • Invoice and payment history

Usage and Technical Information:

  • Login history and access logs
  • Feature usage and session data
  • IP addresses and device information
  • Error logs and diagnostic data
  • Browser type and operating system

Communications:

  • Support tickets and correspondence
  • Email communications with us
  • Feedback and survey responses

3.2 Information About Survey Clients (Surveyor Client Data)

When survey companies use SCORE to manage client surveys, we process:

  • Client names and property addresses
  • Survey report contents (structural assessments, property details)
  • Client contact details (email addresses for report delivery)
  • Survey metadata (dates, references, surveyor details)

Important: SCORE processes this information strictly on behalf of survey companies. We do not control what client data is collected or how it is used. For questions about how your survey data is handled, please contact the survey company directly.

4. How We Use Your Information

4.1 For Survey Companies and Their Users

We use your information to:

Purpose Lawful Basis Details
Provide the SCORE platformContract performanceCreate and manage your account, deliver platform features, process your instructions
Billing and paymentsContract performance + Legal obligationGenerate invoices, process payments, maintain financial records (7 years for tax compliance)
Customer supportContract performanceRespond to inquiries, troubleshoot issues, provide technical assistance
Platform improvementLegitimate interestAnalyze usage patterns, identify bugs, improve features, plan product development
Security and fraud preventionLegitimate interest + Contract performanceMonitor for unauthorized access, prevent account compromise, investigate security incidents
Service communicationsContract performanceSend password resets, system notifications, security alerts, account updates
Marketing communicationsConsent (promotional) or Legitimate interest (product updates to existing customers)Share product news, feature announcements, industry insights (you can opt out anytime)
Legal complianceLegal obligationRespond to lawful requests, comply with regulations, exercise legal rights

For a detailed breakdown of our lawful bases, see our Lawful Basis Register (available on request).

4.2 For Survey Client Data

We process survey client information strictly on instructions from survey companies:

  • Store and manage survey reports securely
  • Extract and analyze survey data using AI/ML for quality checking
  • Deliver reports to clients via email
  • Provide access to survey data through the SCORE platform
  • Delete or return data when the survey company requests or terminates their contract

Survey companies determine the lawful basis for processing client data (typically contract performance with the client or legitimate interest for property surveys).

5. Who We Share Your Information With

5.1 Service Providers (Sub-Processors)

We work with trusted third-party service providers to operate the SCORE platform. Sub-processors process data only on our instructions. We do not maintain a separate list in this policy; the current list of sub-processors (provider, purpose, and location) is kept in our Sub-Processor Register on our Trust Center.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or regulatory authority, or to:

  • Protect our legal rights or defend against legal claims
  • Prevent fraud, security threats, or illegal activity
  • Protect the safety of our users or the public

We do not sell your personal information to third parties.

6. International Data Transfers

Your data is primarily stored and processed in the United Kingdom and European Union. For the current list of sub-processors and their locations, see our Sub-Processor Register on our Trust Center. No transfers outside the UK/EU occur without appropriate safeguards (adequacy decisions or Standard Contractual Clauses).

7. How Long We Keep Your Information

7.1 Survey Company and User Data

Data Type Retention Period
Account dataDuration of subscription + 12 months
Billing records7 years (legal requirement for tax purposes)
Usage logs90 days (aggregated analytics retained indefinitely, anonymized)
Support ticketsDuration of subscription + 12 months
Security logs180 days (incident records: 24 months)
Marketing dataActive: duration of subscription + 24 months. Unsubscribed: 30 days

7.2 Survey Client Data

Retention is controlled by the survey company as data controller:

  • Survey reports and client data are retained per the survey company's instructions
  • Typically 7 years for professional indemnity insurance purposes
  • Data is deleted or returned when the survey company requests or upon contract termination

8. Your Rights

8.1 If You Are a Survey Company User (SCORE is controller)

You have the right to:

  • Access your personal information and obtain a copy
  • Rectify inaccurate or incomplete information
  • Erase your information in certain circumstances
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests
  • Data portability – receive your data in a structured, machine-readable format
  • Withdraw consent for marketing communications (does not affect other processing)
  • Complain to the Information Commissioner's Office (ICO)

To exercise your rights:

8.2 If You Are a Survey Client (survey company is controller)

For questions or requests about your survey data, please contact the survey company directly. They are the data controller and responsible for handling your rights requests.

SCORE provides technical assistance to survey companies to help them fulfill your requests (e.g., providing data export or deletion tools).

9. Security

We implement appropriate technical and organizational measures to protect your information:

Technical Measures:

  • Encryption at rest (AES-256) and in transit (TLS 1.2+)
  • Multi-factor authentication (MFA) for platform access
  • Regular security monitoring and logging
  • Automated backups (encrypted)
  • Secure password hashing (bcrypt)

Organizational Measures:

  • Role-based access controls (least privilege principle)
  • Regular security training for staff
  • Data protection impact assessments for high-risk processing
  • Incident response procedures
  • Third-party security assessments

While we take security seriously, no system is 100% secure. If you become aware of a security issue, please contact us immediately at security@scorehq.io.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve the SCORE platform.

What are cookies?

Cookies are small text files stored on your device that help us:

  • Keep you logged in securely
  • Remember your preferences
  • Understand how the platform is used
  • Improve performance and fix bugs

Types of cookies we use:

  • Essential cookies – Required for the platform to work (no consent needed)
  • Analytics cookies – Help us improve the platform (requires consent)
  • Marketing cookies – Track campaign effectiveness (requires consent)

Your control:

You can control which cookies we use through our cookie banner when you first visit, or update your preferences anytime through your browser settings.

For full details, see our Cookie Policy, which explains:

  • Exactly which cookies we use and why
  • How long each cookie lasts
  • How to opt out of non-essential cookies
  • Third-party cookies and your options
  • How to manage cookies in your browser

Our cookie practices comply with UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

11. AI and Automated Decision-Making

Opt-in to AI features: SCORE users opt in to AI-assisted features. We process data for AI only when you have agreed to use those features.

AI processing (Mistral AI): We use Mistral AI to extract text and structured data from survey reports for quality checking and field validation. This processing:

  • Does not involve automated decision-making that produces legal or similarly significant effects
  • Is limited to technical analysis and data extraction
  • Operates under survey company instructions (they are responsible for informing their clients)
  • Is not retained or used for training by the third party: Mistral AI does not retain your data or use it to train their models; processing is performed under our data processing agreement with no retention or training use by them

AI-assisted QC and algorithmic scoring: We use AI for quality-control (QC) scoring of survey content. This is transparent: each QC check is explained so surveyors can review and act on it. It is AI-assisted QC to help surveyors do their job, not profiling or automated decision-making that produces legal or similarly significant effects.

Optional AI QC improvements: Companies can opt in to allow us to use data to improve AI quality-control (QC) features. Where this option is enabled, we may use limited data for that purpose. Training data retention for AI QC improvements is limited and is handled in line with this policy and our data retention schedules.

No profiling: We do not use your personal information for profiling or automated decision-making that produces legal or similarly significant effects.

12. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing information to them.

13. Children's Privacy

SCORE is a business platform not directed at children under 16. We do not knowingly collect information from children. If we become aware that we have collected information from a child, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes to our data practices
  • New legal requirements
  • Platform feature updates

When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • We will notify active users via email or platform notification
  • Material changes will be highlighted in the notification

Previous versions of this policy are available on request.

15. Your Right to Complain

If you are unhappy with how we handle your personal information, you have the right to complain to the Information Commissioner's Office (ICO):

ICO Contact:

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first at privacy@scorehq.io.

16. Contact Us

If you have questions about this Privacy Policy or our data practices:

220 Yards Ltd

Document Information

  • Version: 1.0
  • Effective Date: February 2026
  • Last Updated: February 2026
  • Next Review: August 2026