Last updated May 16, 2026

Privacy Policy

Who We Are 

This Privacy Policy applies to The AuthenticALLY Tech Ltd (Company Number 17236787), trading as The AuthenticALLY (referred to in this policy as “we”, “us”, or “our”).

Our registered office address is: The Authentically Tech, 128 City Road, London, EC1V 2NX .

 

This policy describes how and why we collect, store, use, and share your personal information when you use our services, including when you:

  • Visit our website at  https://www.theauthentically.com  or any website of ours that links to this Privacy Policy
  • Apply for or use our credential verification service
  • Create an account or user profile on our platform
  • Engage with us in any other related ways, including marketing or events

Questions or concerns? If you have any questions about this Privacy Policy or our data practices, please contact us  at info@theauthentically.com If you do not agree with our policies and practices, please do not use our services.

Table of contents:

  1. Scope of This Policy
  2. What Personal Data We Collect and Why
  3.  Special Category Data — Credential Information
  4.  Legal Bases for Processing
  5. Who We Share Your Data With
  6. International Data Transfers
  7. How long we retain your Data 
  8. Cookies and Tracking Technologies
  9. Social Media Logins
  10. Automated Decision-Making
  11. Your Rights Over Your Data
  12. UK & EU Residents — GDPR Notice
  13. Canada Residents — PIPEDA Notice
  14. California Residents — CCPA Notice
  15. Children’s Privacy
  16. Data Security and Breach Procedures
  17. EU Representative
  18. Changes to This Policy
  19. Contact Information and Complaints

 

1.Scope of This Policy

This Policy applies to The AuthenticALLY’s operations in the United Kingdom, United States of America, Canada, and the European Union, whenever you engage with us regardless of the platform used — including our websites, landing pages, mobile applications, social media pages, or through any other means.

As a company operating internationally, we may transfer your personal information outside of the jurisdiction where you reside. Where this occurs, we apply appropriate safeguards as described in section 6.

 

2.What Personal Data We Collect and Why
2.1 Information you provide directly

The personal information we collect depends on how you interact with us. This may include:

  • Identity data: full name, date of birth, username or similar identifier
  • Contact data: email address, phone number, billing address
  • Account data: username, password, account preferences
  • Professional data: job title, professional registration numbers, social media handle(s)
  • Credential documents: educational qualifications, professional certifications, licences to practise — see Section 5 for important information about this data
  • Financial data: payment card details and billing information (processed securely via our payment provider — we do not store full card numbers)
  • Communications data: your messages, feedback, and correspondence with us
2.2 Information collected automatically

When you use our website or mobile application, we may automatically collect:

  • IP address and approximate location
  • Browser type, version, and device information
  • Pages visited, time spent, and referring URLs
  • Cookies and similar tracking data — see Section 10
2.3 Information from third parties

If you register or log in using a social media account, we receive certain profile information from that provider. See Section 11 for details.

2.4 Analytics

We use Google Analytics to understand how our website is used. This collects non-personal information including IP address, browser type, and pages visited. Google’s use of this data is governed by Google’s Privacy Policy . You can opt out of Google Analytics by using the Google Analytics Opt-out Browser Add-on

3.Special Category Data — Credential Information

As part of our verification service, we collect and process credential documents including educational qualifications, professional licences, and regulatory registration details. Under UK GDPR and EU GDPR, some of this information, particularly health professional registrations may constitute special category data under Article 9.

We process this information strictly for the purpose of verifying your credentials in accordance with our verification service. We do not use credential documents for any other purpose, and we do not share them with third parties except as described in Section 5.

By submitting credential documents, you provide explicit consent for us to process this data for verification purposes. You may withdraw consent at any time, though this will result in your verification badge being suspended.

Credential documents are retained for 12 months active following verification. Documents submitted for declined applications are deleted within 12 months of the decision.

4.Legal Bases for Processing

Under UK GDPR and EU GDPR, we must have a valid legal basis for processing your personal information. We rely on the following bases:

Legal Basis

When We Rely on It

Consent (Art. 6(1)(a))

Processing credential documents; optional marketing communications; non-essential cookies

Contract Performance (Art. 6(1)(b))

Providing the verification service; processing payments; managing your account

Legal Obligation (Art. 6(1)(c))

Complying with applicable law; responding to lawful requests from authorities; financial record-keeping

Legitimate Interests (Art. 6(1)(f))

Fraud prevention; platform security; analytics to improve our services; communicating service updates

Vital Interests (Art. 6(1)(d))

Where necessary to protect the safety of any person

Withdrawing consent: Where we rely on consent, you can withdraw it at any time by contacting us at info@theauthentically.com Withdrawing consent does not affect the lawfulness of processing that occurred before withdrawal.

5.Who We Share Your Data With

We do not sell, rent, or lease your personal data to third parties. We may share your data only in the following circumstances:

5.1 Service providers

We work with trusted third-party providers who process data on our behalf under strict contractual obligations. These include:

  • Payment processing: Stripe Inc.  for secure payment handling
  • Cloud hosting: Vercel for platform infrastructure
  • Database Management: Supabase 
  • Email communications: Resend and Google for transactional and marketing emails
  • Analytics: Google Analytics and Plausible  for website usage analysis
5.2 Legal and regulatory requirements

We may disclose your personal data without notice only if required by law, or in the good-faith belief that such action is necessary to: (a) comply with legal process served on us; (b) protect and defend our rights or property; or (c) protect the personal safety of users or the public.

5.3 Business transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify affected users before data is transferred and becomes subject to a different privacy policy.

 

5.4 Public verification data

As part of our core service, the fact that an applicant has been verified (i.e. that they hold The AuthenticALLY badge) is publicly visible. We publicly display your name, verification category, verified degree subject, awarding university and graduation year. We do not display your professional license numbers, registration numbers or any other regulatory credential details. 

 

6.International Data Transfers

Some of our service providers are based outside the UK and EEA. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO
  • Adequacy decisions where the recipient country has been deemed to provide equivalent protection
  • Your explicit consent where required

Where your personal data is transferred outside the UK or European Economic Area, we ensure it is protected through appropriate safeguards. We currently use the following service providers who process data outside the UK/EEA, each covered by Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs):

  • Vercel Inc (US) — platform hosting and infrastructure
  • Stripe Payments Europe Ltd — payment processing
  • Supabase Inc (US) — database and backend infrastructure
  • Resend Inc (US) — transactional email communications
  • Google LLC (US) — analytics

For more information on the safeguards in place, please contact us at info@theauthentically.com

7. How Long We Retain Your Data

Data Type

Retention Period

Reason

Account and profile data

Duration of account + 2 years

Service delivery and legal claims

Verified credential documents

 12 months active

Audit trail and annual renewal

Declined application documents

12 months

Appeals and dispute resolution

Payment records

7 years

HMRC legal requirement (UK)

Communications and support

3 years

Legal claims and service improvement

Cookie and analytics data

Up to 26 months

Google Analytics default retention

Marketing consent records

Until consent withdrawn + 1 year

Compliance evidence

You may request deletion of your personal data at any time (subject to legal obligations) by contacting info@theauthentically.com

 8. Cookies and Tracking Technologies
8.1 What are cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide a functional, secure, and personalized experience.

8.2 Types of cookies we use

Type

Purpose

Consent Required?

Strictly necessary

Login, security, session management

No — essential for the platform to function

Functional

Remembering preferences and settings

Yes — you can decline these

Analytics

Google Analytics — understanding usage patterns

Yes — you can decline these

Marketing

Personalized advertising (if applicable)

Yes — you can decline these

Your choices:  When you first visit our website, a cookie consent banner will ask for your preferences.  You can also manage cookies through your browser settings, though disabling certain cookies may affect platform functionality.

9. Social Media Logins

We offer the option to register or log in using your existing social media accounts such as Google, Facebook, X If you choose this option, we will receive certain profile information from the social media provider, which may include your name, email address, and profile picture.

We use this information only to create and manage your account. The information we receive depends on the provider and your privacy settings on that platform. We encourage you to review the privacy policies of any social media provider you use to log in to our service.

10. Automated Decision-Making

We do not make solely automated decisions that produce legal or similarly significant effects about you.

All credential verification decisions are reviewed by a human operator following our internal vetting rubric. Where automation is used (for example, to send notifications or filter applications), a human reviews the outcome before any consequential decision is made.

We may use audience segmentation to personalize marketing communications. This does not constitute automated decision-making with significant legal effects. You can opt out of marketing communications at any time.

11. Your Rights Over Your Data

Depending on your location, you have some or all of the following rights:

 

Right

What It Means

Right of Access

Request a copy of the personal data we hold about you

Right to Rectification

Ask us to correct inaccurate or incomplete personal data

Right to Erasure

Ask us to delete your personal data (subject to legal obligations)

Right to Restrict Processing

Ask us to pause processing your data in certain circumstances

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or for direct marketing

Right to Withdraw Consent

Withdraw consent at any time where we rely on consent as the legal basis

Right Against Automated Decisions

Not be subject to solely automated decisions with significant effects

To exercise any of these rights, please submit a request to info@theauthentically.com  We will respond within 30 days. We may need to verify your identity before processing your request.

12. UK & EU Residents — GDPR Notice

Applies to residents of the United Kingdom and European Union member states

The UK General Data Protection Regulation (UK GDPR) and EU General Data Protection Regulation (EU GDPR) give you specific rights over your personal data as set out in Section 9.

UK supervisory authority: If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • www.ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

EU supervisory authority: If you are located in an EU member state, you may also contact your national supervisory authority. A list of EU data protection authorities are available at  https://edpb.europa.eu/about-edpb/about-edpb/members_en

13. Canada Residents — PIPEDA Notice

Applies to residents of Canada

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

We collect, use, and disclose your personal information only with your knowledge and consent, except where otherwise required or permitted by law. You may withdraw consent at any time, subject to legal and contractual restrictions.

In exceptional circumstances, we may process your information without consent, including:

  • For investigations, fraud detection, and prevention
  • For business transactions where certain conditions are met
  • Where required by subpoena, warrant, or court order
  • Where the information is publicly available

To make a privacy complaint or enquiry, contact our Privacy Officer at info@theauthentically.com . If you are dissatisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at  www.priv.gc.ca.

14. California Residents — CCPA Notice

Applies to residents of California, USA

Under the California Consumer Privacy Act (CCPA), California residents have the following rights:

14.1 Right to know

You have the right to request disclosure of the personal information we have collected about you in the past 12 months, including the categories of information, purposes for collection, and categories of third parties with whom it has been shared.

14.2 Right to deletion

You have the right to request deletion of your personal information, subject to certain exceptions (for example, where retention is required for legal compliance or security purposes).

14.3 Right to opt-out of sale

We do not sell your personal information. We do not share your personal information with third parties for their own direct marketing purposes.

14.4 Right to non-discrimination

We will not discriminate against you for exercising any of your CCPA rights.

14.5 How to submit a request

To exercise your California privacy rights, please:

We will respond to verified requests within 45 days. If we need more time, we will notify you. We will verify your identity using information you have provided during your interactions with us.

15. Children’s Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at  info@theauthentically.com We will take prompt steps to delete that information.

Note: We have set our minimum age at 16 to align with the stricter EU GDPR standard. For California residents, we comply with COPPA which sets the threshold at 13, but we apply the higher standard of 16 across all jurisdictions for consistency.

16. Data Security and Breach Procedures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the ICO within 72 hours of becoming aware of the breach (as required by UK GDPR)
  • Notify affected individuals without undue delay where the breach poses a high risk
  • Provide timely updates as further information becomes available

If you believe your personal data has been compromised, please contact us immediately at  info@theauthentically.com.

17.EU  Representation 

We are in the process of appointing an EU representative under Article 27 EU GDPR. This will be confirmed and updated in this Policy before we actively market our services to users in the European Union. In the meantime, EU residents may contact us directly at info@theauthentically.com

18.Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

  • Update the “Last Updated” date at the top of this Policy
  • Notify registered users by email at least 30 days before material changes take effect
  • Display a prominent notice on our website

We encourage you to review this Policy periodically. Your continued use of our services after the effective date of any changes constitutes your acceptance of those changes.

19. Contact Information and Complaints

How to reach us

Data Privacy Officer / Privacy Contact:

The AuthenticALLY Tech Ltd

128 City Road, London, EC1V 2NX

Email: info@theauthentically.com

We aim to respond to all privacy enquiries within 30 days.

How to make a complaint:

If you are unhappy with how we have handled your personal data, please contact us first at  info@theauthentically.comand we will do our best to resolve your concern.

If you remain dissatisfied, you may contact the relevant supervisory authority for your region:

Social Media

Contact Info

info@theauthentically.com

The Authentically Tech Ltd

128 City Road, London, EC1V 2NX

Useful Links

Professional Disclaimer : The AuthenticALLY is an independent credential verification service. Our 'Authentically Verified' status confirms that a creator's professional registration or educational qualification has been reviewed against official records at the time of verification. This is not an endorsement of any content, advice, product or service provided by verified creators. Verification is not a substitute for professional medical, psychological, nutritional, fitness or childcare advice. Always consult a qualified professional for advice specific to your circumstances.

Privacy Policy

© 2026 The AuthenticALLY. All rights reserved.

Terms & Conditions

Select the fields to be shown. Others will be hidden. Drag and drop to rearrange the order.
  • Image
  • SKU
  • Rating
  • Price
  • Stock
  • Availability
  • Add to cart
  • Description
  • Content
  • Weight
  • Dimensions
  • Additional information
Click outside to hide the comparison bar
Compare