Policy
Privacy Policy
1. Who we are
ScoreView is operated by ThinkTribal Ltd, a company registered in England and Wales. We are the data controller for the personal data described in this policy.
Registered office: ThinkTribal Ltd, AvenueHQ, 10-12 East Parade, Leeds, LS1 2BH, United Kingdom.
Information Commissioner's Office registration: ZB011235.
Privacy contact: privacy@thinktribal.com.
We have not appointed a statutory Data Protection Officer because we do not meet the criteria in Article 37 of the UK GDPR (Information Commissioner's Office, 2024, ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/data-protection-officers/). The privacy contact above is the responsible point for data protection queries.
2. What data we collect
We collect only the data we need to operate ScoreView. The categories of personal data we hold are:
| Category | Examples | Source |
|---|---|---|
| Account data | Name, work email address, password (stored as a bcrypt hash, never in clear), organisation name, subscription tier, role (researcher or admin), terms acceptance timestamp. | You, when you register or when an admin invites you. |
| Authentication data | Session cookies (access token, refresh token, CSRF token), JWT identifiers, password reset tokens. | Generated when you sign in. |
| Usage data | AI query log entries (the filters you applied, the count of records returned, the API tokens used), saved searches, bookmarks, feedback submissions, in-app activity timestamps. | Captured automatically as you use ScoreView. |
| Billing data | Billing email, billing address, subscription state, invoice history. Card details are handled by Stripe and never touch ScoreView servers. | You, when you subscribe to a paid tier. |
| Technical data | IP address, browser type, device type, request timestamps, error logs. | Captured by our hosting providers and our backend. |
We do not knowingly collect special category data (data revealing racial or ethnic origin, religious belief, health, sexual orientation, biometric or genetic data) about ScoreView users. The Housing Ombudsman determinations our platform indexes are public sector content under Crown copyright and are not categorised as personal data of our users.
3. Why we use your data
- To create and manage your account, including authentication, password reset, and session management.
- To deliver the ScoreView service, including search, AI-generated briefings, saved searches, bookmarks, exports, inspection packs, and the weekly digest email.
- To process subscription payments and issue invoices for paid tiers.
- To send you transactional emails such as invitations, password reset links, billing notices, and feature updates relevant to your account.
- To monitor performance, prevent abuse, and apply rate limits.
- To improve the product by analysing aggregate usage patterns.
- To meet legal and regulatory obligations, including tax records, fraud prevention obligations of our payment provider, and responses to lawful requests from regulators.
We do not use your personal data for direct marketing without your consent. We do not sell your personal data.
4. Legal bases
UK GDPR requires a lawful basis for every processing activity (Article 6, UK General Data Protection Regulation). For ScoreView the bases we rely on are:
- Contract (Article 6(1)(b)). Processing needed to deliver the ScoreView service you have signed up for, including account creation, authentication, and delivery of the features included in your subscription.
- Legitimate interests (Article 6(1)(f)). Processing needed to keep the service secure (rate limiting, fraud detection, abuse prevention), to improve the product through aggregate analytics, and to communicate transactional updates about your account. Our legitimate interests assessment is available on request.
- Legal obligation (Article 6(1)(c)). Where we hold records required by tax, accounting, or regulatory law.
- Consent (Article 6(1)(a)). For optional cookies and for any communications outside the categories above. You have the right to withdraw consent at any time.
5. Who we share data with
We share personal data only with the processors we need to run the service. Each processor is bound by a written data processing agreement under Article 28 of the UK GDPR.
| Processor | Purpose | Location |
|---|---|---|
| Anthropic, PBC | AI-generated synthesis briefings, risk profiles, inspection packs, and determination summaries. Prompts contain housing-provider organisation names and case metadata only. No user-identifying personal data is sent. | United States |
| Vercel Inc. | Frontend hosting and serverless functions for the ScoreView web application. Static content delivery on Vercel's global CDN. | London, United Kingdom (function region). Global CDN for static assets. |
| Railway Corp. | Backend application hosting and primary PostgreSQL database. | EU West (Amsterdam, Netherlands) |
| Stripe Payments Europe Ltd and Stripe Inc. | Subscription billing, payment processing, invoicing. | Ireland and the United States |
| Sendinblue SAS (Brevo) | Transactional email delivery (invitations, password resets, weekly digest, billing notifications). | France, EU data centres |
| Voyage AI Innovations Inc. | Vector embedding generation for semantic search across the Housing Ombudsman corpus. No personal data is sent. | United States |
We do not share personal data with any party other than the processors listed, except where we are required to do so by law (for example, in response to a valid court order or regulatory request).
6. International transfers
Some of our processors are based outside the United Kingdom. Where we transfer personal data to a country which is not covered by a UK adequacy regulation we use the UK International Data Transfer Addendum to the EU Standard Contractual Clauses as our transfer safeguard (Information Commissioner's Office, 2022, ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/).
Our frontend serverless functions (Vercel) execute in London, United Kingdom, which is domestic processing and not an international transfer.
Transfers to the European Economic Area take place under the UK adequacy regulation for the EEA, under the Data Protection (Adequacy) (United Kingdom) Regulations 2021 (UK Government, 2021). Our primary database and application hosting (Railway) is located in EU West (Amsterdam, Netherlands), and our transactional email processor (Brevo) is located in France. Both EEA processing locations are covered by UK adequacy.
For our remaining US-region processors (Anthropic, Voyage AI) we use the UK International Data Transfer Addendum to the EU Standard Contractual Clauses as the transfer safeguard.
A copy of the relevant transfer safeguards is available on request from the privacy contact below.
7. How long we keep data
| Category | Retention |
|---|---|
| Account data | For the lifetime of your account, plus 12 months after closure for billing reconciliation. You have the right to request earlier deletion (see Section 11). |
| Authentication data | Access tokens expire after 15 minutes. Refresh tokens expire after 7 days. Password reset tokens expire after 1 hour. |
| AI query log entries | 13 months from creation, for security monitoring, rate-limit calculation, and cost reconciliation. |
| Billing records | 7 years from the end of the tax year, to meet HMRC record-keeping obligations. |
| Feedback submissions | 24 months, after which they are anonymised. |
| Server and application logs | 30 days for routine logs, 12 months for security event logs. |
Anthropic retains API content for up to 7 days under its standard commercial terms (Anthropic, 2026, anthropic.com/legal/commercial-terms). Anthropic does not use API content to train its models.
8. Cookies and similar technologies
We use a small number of strictly necessary cookies. We do not use advertising cookies and we do not allow third-party advertising trackers on authenticated pages.
| Cookie | Purpose | Type | Lifetime |
|---|---|---|---|
access_token | Signed JWT used to authenticate your session. | Strictly necessary | 15 minutes |
refresh_token | Used to renew your session without re-authentication. | Strictly necessary | 7 days |
csrf_token | Cross-site request forgery protection (double-submit pattern). | Strictly necessary | Session |
| Theme preference | Stores your light or dark mode choice. | Functional | 1 year |
Under the Privacy and Electronic Communications Regulations 2003 strictly necessary cookies do not require consent (Information Commissioner's Office, 2024, ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/). The functional theme cookie is set after explicit user action.
9. Use of AI
ScoreView uses the Anthropic Claude family of large language models to generate intelligence briefings, risk profiles, and inspection narratives from the public Housing Ombudsman corpus. The following safeguards apply.
- Prompts sent to Anthropic contain housing-provider organisation names, case reference numbers, and case metadata. They do not contain any user-identifying personal data (no user email, no user name, no user identifier).
- All Anthropic calls happen server-side. The API key is never exposed to the browser.
- Anthropic does not use API content to train its models.
- AI-generated content is intelligence support, not legal advice or a regulatory prediction. You should treat AI output as a starting point for human review.
- We do not use AI to make automated decisions about you which produce legal or similarly significant effects. ScoreView does not score, rank, or restrict individual users on the basis of AI output.
10. Security
We apply technical and organisational measures appropriate to the risk (Article 32, UK GDPR).
- TLS 1.2 or higher for data in transit.
- AES-256 encryption at rest for our primary database and backups.
- Passwords are stored as bcrypt hashes. They are never logged or transmitted in clear.
- JSON Web Tokens signed with HS256. Refresh-token rotation on use.
- Role-based access control enforced server-side, with rate limiting on synthesis endpoints.
- Cross-site request forgery protection on every state-changing request.
- HTTP security headers including Content Security Policy, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
- Independent security audits conducted on a recurring schedule.
If you discover a vulnerability please disclose it responsibly by emailing security@thinktribal.com before public disclosure.
11. Your rights
Under UK GDPR you have the following rights over your personal data.
- Right of access. Ask for a copy of the personal data we hold about you.
- Right to rectification. Ask us to correct inaccurate or incomplete data.
- Right to erasure. Ask us to delete your personal data where there is no legal reason for us to keep it.
- Right to restrict processing. Ask us to pause processing while a query is resolved.
- Right to data portability. Ask for your data in a structured, commonly used, machine-readable format.
- Right to object. Object to processing based on legitimate interests.
- Rights related to automated decision-making. ScoreView does not make automated decisions about you which produce legal or similarly significant effects.
- Right to withdraw consent. Where we rely on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights email privacy@thinktribal.com. We will respond within one calendar month. We will not charge a fee for a reasonable request. We will tell you in advance if a request is manifestly unfounded or excessive.
You also have the right to complain to the Information Commissioner's Office (Information Commissioner's Office, 2024, ico.org.uk/make-a-complaint/). We would appreciate the chance to address your concern first, but you are not required to contact us before making a complaint.
12. Children
ScoreView is a business-to-business research platform aimed at housing professionals. We do not knowingly collect personal data from anyone under the age of 18. If you believe we hold data about a child, please contact us and we will delete it.
13. Changes to this policy
We review this policy at least quarterly and update it whenever our processing activities change materially. When we make a material change we will notify active users by email at least 30 days before the change takes effect. The version number and effective date at the top of this page show the current revision.
14. Contact and complaints
Privacy contact
ThinkTribal Ltd
AvenueHQ, 10-12 East Parade
Leeds, LS1 2BH
United Kingdom
Email: privacy@thinktribal.com
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
United Kingdom
Helpline: 0303 123 1113
Web: ico.org.uk