Data Security

We understand the sensitive nature of immigration documents. This page explains the comprehensive security measures we use to protect your uploaded Certificate of Sponsorship documents and personal information.

Key Security Promise: Your uploaded documents are processed with bank-grade encryption and automatically deleted within 60 seconds after verification. We never permanently store your CoS documents or extract personal information from them.

How We Protect Uploaded Documents

Encryption

In transit: All data transferred between your browser and our servers uses TLS 1.3 encryption (HTTPS)
At rest: Documents stored temporarily during processing use AES-256 encryption
End-to-end security: Your files are encrypted from the moment you upload them until they're deleted

Automatic Document Deletion

Our verification process follows this secure lifecycle:

Upload: Document is encrypted and temporarily stored in memory
Analysis: AI system processes the encrypted document (typically 10-30 seconds)
Result generation: Verification report is created
Deletion: Original document is permanently deleted from our systems

Timeline: Documents are typically deleted within 60 seconds of upload. No uploaded documents are retained beyond the verification session.

What We Don't Store

We do NOT retain:

Uploaded document files (PDF, images, etc.)
Personal information extracted from documents (names, passport numbers, etc.)
Sponsor details or job information from CoS documents
Any content visible in the documents you upload

What We Do Store (Temporarily)

For 90 days, we retain only:

Verification timestamp (date and time)
Result classification (genuine, suspicious, fake)
File type and size (for service improvement)
Anonymous AI confidence scores

This metadata contains no personal information and cannot be linked back to your identity or documents.

Server and Infrastructure Security

Security Measures

Secure cloud hosting with SOC 2 Type II compliance
Regular security audits and penetration testing
Firewall protection and intrusion detection systems
Access controls limiting staff who can view system data
Automated security patching and updates
DDoS protection and rate limiting
Secure backup systems (encrypted, no document content)

Access Controls

Strict access policies ensure your documents are protected:

No human review: Uploaded documents are analyzed only by automated AI systems—no staff manually view your files
Minimal access: Only essential technical staff have system access (for maintenance only)
Audit logging: All system access is logged and monitored
Two-factor authentication: Required for all administrative access

Third-Party Security

We carefully vet any third-party services used in our verification process:

All providers must meet or exceed our security standards
Data processing agreements ensure GDPR/UK GDPR compliance
No third parties have access to uploaded document content
Only anonymized technical data may be shared with service providers

Your Role in Security

Help us protect your data by:

Using secure connections: Only upload documents over secure WiFi or mobile data (not public WiFi)
Protecting your account: Use a strong, unique password if you create an account
Logging out: Always log out after using shared or public computers
Being cautious: Don't share verification results containing sensitive information via unsecured channels

Incident Response

In the unlikely event of a security incident:

We immediately investigate and contain the issue
Affected users are notified within 72 hours
We work with relevant authorities if required
We implement additional safeguards to prevent recurrence

Compliance and Standards

Our security practices align with:

UK GDPR: Data protection regulations for UK users
HTTPS enforcement: All connections use secure encryption
Security best practices: OWASP Top 10 vulnerability prevention
Regular updates: Security patches applied within 24 hours of release

Frequently Asked Questions

Can staff see my uploaded documents?

No. Documents are processed entirely by automated AI systems. Staff cannot view uploaded files unless specifically requested by you for troubleshooting purposes.

What happens if I lose internet connection during upload?

The upload will fail, and any partially uploaded data is automatically discarded. You can safely retry the upload.

Do you store documents for law enforcement?

We do not retain uploaded documents. If law enforcement requests information, we can only provide metadata (verification date, result classification) if legally required. We cannot provide document content because we don't store it.

How do I permanently delete my verification history?

Contact us to request deletion of your verification metadata. This is separate from uploaded documents, which are automatically deleted after verification.

Contact Security Team

For security concerns or to report vulnerabilities:

Review our Privacy Policy
Read our About page

Last updated: November 16, 2025