Clarisec Clarisec
Delete account
Privacy and data protection

Clarisec Privacy Policy

This notice explains how Clarisec and organisations using the Clarisec platform collect, use, protect, retain and delete personal information relating to digital identity cards, workforce records and associated services.

Effective: 22 June 2026 UK GDPR and Data Protection Act 2018 Account and data deletion

1. About this notice

Clarisec is committed to protecting personal information and processing it lawfully, fairly and securely.

This Privacy Policy applies to the Clarisec digital identity application, associated websites, administration portals, verification pages and related support services.

In most cases, the organisation that employs, engages or sponsors an app user determines why that person’s information is processed. That organisation will normally be the data controller, while Clarisec provides the platform as a data processor.

Clarisec may act as a data controller for limited information processed for service administration, information security, legal compliance and its own business operations.

2. Information we may collect

The information processed depends on how the service has been configured by the relevant organisation.

Identity and workforce information

  • Name, photograph, signature and employee, contractor or card number.
  • Employer, sponsoring organisation, job title, role, department, branch or site.
  • Employment or engagement status, start and end dates and card validity information.
  • Qualifications, competencies, accreditations, licences and compliance status.
  • Email address, telephone number and other authorised contact details.

Application, device and security information

  • Login, logout, activation, password reset and authentication activity.
  • IP address, device type, operating system and application version.
  • Security events, access attempts, administrative actions and audit records.
  • Diagnostic, performance and error information.

Digital identity usage information

  • Identity card views, validity checks and QR verification activity.
  • Offline card access and validation timestamps.
  • Identity approval, suspension, expiry or revocation records.
  • Records of changes made to identity information.

3. How information is used

Personal information may be processed to:

  • Create, issue and manage secure digital identity cards.
  • Confirm identity, employment, engagement or contractor status.
  • Allow authorised parties to verify an identity card.
  • Maintain workforce, screening, licence, accreditation and compliance records.
  • Manage account activation, authentication and access.
  • Provide restricted offline access to a digital identity card.
  • Determine whether an identity remains valid, approved, suspended, expired or revoked.
  • Prevent fraud, unauthorised access and misuse.
  • Maintain audit, security, support and operational records.
  • Comply with legal, regulatory, contractual and governance requirements.
  • Establish, exercise or defend legal claims.

Clarisec does not sell personal information.

4. Lawful basis for processing

The lawful basis depends on the circumstances and the organisation’s relationship with the user.

Information may be processed where necessary for:

  • Performance of a contract.
  • Compliance with a legal obligation.
  • The legitimate interests of the relevant organisation or Clarisec.
  • Employment, workforce management, access control or operational security.
  • Fraud prevention and platform security.
  • Establishment, exercise or defence of legal claims.
  • Consent, where consent is the appropriate lawful basis.

5. Who information may be shared with

Information may be made available to:

  • The user’s employer, sponsoring organisation and authorised company administrators.
  • Authorised managers, compliance teams and security personnel.
  • Organisations or individuals authorised to verify the digital identity.
  • Clarisec support and security personnel who require access.
  • Approved hosting, infrastructure, communications and technology providers.
  • Professional advisers, insurers, auditors, regulators and public authorities.
  • Law-enforcement bodies where disclosure is required or legally permitted.

Access is restricted according to role, responsibility and business need.

6. Information security

Clarisec applies technical and organisational safeguards appropriate to the nature and risk of the information processed.

  • Encryption in transit and at rest.
  • Secure hosting and controlled administrative access.
  • Role-based access controls and multi-factor authentication support.
  • Audit logging and security monitoring.
  • Secure development, deployment, backup and recovery practices.
  • Retention, deletion, vulnerability management and incident response controls.

No internet-connected service can be guaranteed to be completely secure. Users must also protect their device, login information and authentication credentials.

7. Offline identity-card access

The Clarisec application may retain a protected local copy of limited identity information so that an authorised user can display their card temporarily when an internet connection is unavailable.

  • Offline information is stored within protected application storage.
  • Offline access is available only for a restricted validity period.
  • The app must periodically reconnect to confirm the card remains valid.
  • Cached information may be removed after expiry, logout, revocation or another security event.
  • Security controls may prevent or restrict screenshots, screen recording or unauthorised sharing.

8. Data retention

Personal information is retained only for as long as reasonably required for the purpose for which it was collected and to meet legal, contractual, security, audit and regulatory requirements.

Unless another lawful or contractual period applies:

  • Employee and digital identity records may be retained for up to seven years after employment, engagement or platform access ends.
  • Customer and administrative records may be retained for the duration of the relationship and for up to seven years after the last relevant activity.
  • Financial and contractual records may be retained for at least seven years.
  • Security, authentication and audit records may be retained for the period reasonably required to investigate incidents and demonstrate compliance.
  • Information connected with litigation, investigations, fraud, safeguarding or regulatory enquiries may be retained until the matter and any applicable limitation period have concluded.

When information is no longer required, it will be securely deleted, anonymised or placed beyond operational use.

9. Your data-protection rights

Depending on the circumstances, individuals may have the right to:

  • Request access to personal information.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of information.
  • Request restriction of processing.
  • Object to certain processing.
  • Request transfer of information in a portable format.
  • Withdraw consent where processing is based on consent.
  • Complain to the Information Commissioner’s Office.

These rights are subject to legal conditions and exemptions. Information may need to be retained where required by law, for essential security or audit records, or for the establishment, exercise or defence of legal claims.

Google Play account deletion

10. Account and data deletion requests

Clarisec accounts and digital identity cards are normally created and managed by the user’s employer, sponsoring organisation or another organisation with which the user is associated.

Contact your company administrator first

Users should contact their company administrator, employer or sponsoring organisation in the first instance to request deactivation or deletion of their account, removal of their digital identity card, correction of information or withdrawal of access.

Request deletion directly from Clarisec

Where a user cannot contact their company administrator, for example because they have left the organisation or no longer have access to its systems, they may submit a request directly to Clarisec.

Email:
Subject: Clarisec account deletion request

Please include:

  • Full name.
  • Email address associated with the Clarisec account.
  • Name of the organisation that issued the digital identity.
  • Employee or card number, where known.
  • A brief description of what should be deleted.

Do not email copies of passports, driving licences or other identity documents unless Clarisec specifically requests them through an approved secure process.

What happens after a request

Following verification and approval, Clarisec may:

  • Disable account access and revoke the digital identity card.
  • Remove the account from active application use.
  • Delete the profile photograph and active identity-card content.
  • Remove locally cached information when the app reconnects or the offline validity period expires.
  • Delete or anonymise information that is no longer required.
  • Notify relevant service providers where deletion is required.

Information that may be retained

Account deletion does not necessarily result in immediate deletion of every record. Limited information may be retained where required for:

  • Legal, tax, regulatory or contractual obligations.
  • Employment and workforce recordkeeping.
  • Security, fraud prevention and identity-card revocation records.
  • Audit, compliance, dispute-resolution or safeguarding evidence.
  • Establishment, exercise or defence of legal claims.

Where information must be retained, access will be restricted and it will not be used for unrelated purposes.

Uninstalling the app

Uninstalling the Clarisec application removes application data stored on the device in accordance with the device operating system. It does not itself delete the central account or records held by the relevant organisation or Clarisec.

11. Cookies and similar technologies

Clarisec websites and web services may use cookies and similar technologies for:

  • Authentication and session management.
  • Cybersecurity monitoring and fraud prevention.
  • User preferences and platform functionality.
  • Service availability, diagnostics and operational performance.

Strictly necessary cookies are required for secure operation. Where consent is legally required for non-essential cookies, appropriate controls will be provided.

12. Contact and complaints

Questions about information managed by an employer or sponsoring organisation should first be directed to the relevant company administrator.

For questions about the Clarisec platform or where the company administrator cannot be contacted:

Clarisec Data Protection and Support
Email:
Website: clarisec.io

Individuals also have the right to complain to the Information Commissioner’s Office if dissatisfied with how their personal information has been handled.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom