Privacy Policy

Last updated: February 2025

RefPassport is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and your rights in relation to that data.

1. Data Controller

RefPassport ("we", "us", "our") is the data controller for personal data processed through refpassport.com. If you have questions about how we handle your data, contact us at john.parkinson@hrgo.co.uk.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: your email address and associated company domain name.
  • Cryptographic keys: an encrypted private key (AES-256-GCM), stored so that only you can decrypt it with your password. We never have access to your unencrypted private key.
  • Reference content: candidate names, job titles, employment dates, and reference text that you create and sign.
  • Session data: a session token stored in an HTTP-only cookie to keep you signed in.
  • Usage data: basic server logs including IP addresses and request timestamps, retained for security and debugging purposes.

3. How We Use Your Data

We process your data for the following purposes:

  • Account management: to create and maintain your account, and to authenticate you when you sign in.
  • Signing references: to generate cryptographically signed employment references on your behalf.
  • Verification: to allow third parties to verify the authenticity of references using public keys published in DNS.
  • Transactional emails: to send you sign-in links (magic links) and account notifications.

4. Legal Basis for Processing

We rely on the following legal bases under UK GDPR:

  • Contractual necessity: processing your account and reference data is necessary to provide the RefPassport service.
  • Consent: you provide your email address voluntarily when creating an account.
  • Legitimate interest: server logging for security, fraud prevention, and service reliability.

5. Data Storage and Retention

Your data is stored in a PostgreSQL database hosted by Neon (EU region). The application is hosted on Vercel. We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are legally required to retain it.

Signed references are designed to be permanent records. Once a reference has been issued and shared, the signature and public verification data remain available. You can revoke references by removing the corresponding DNS TXT record from your domain.

6. Third-Party Processors

We share data with the following third-party processors, all of whom are bound by data processing agreements:

  • Neon (neon.tech): database hosting. Stores account data, encrypted keys, and reference content.
  • Vercel (vercel.com): application hosting and serverless functions. Processes requests and serves the application.
  • Resend (resend.com): transactional email delivery. Receives your email address to send sign-in links.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct any inaccurate data.
  • Erasure: ask us to delete your account and associated data.
  • Data portability: receive your data in a structured, machine-readable format.
  • Object: object to processing based on legitimate interest.
  • Restriction: ask us to restrict processing in certain circumstances.

To exercise any of these rights, email us at john.parkinson@hrgo.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use a single, strictly necessary cookie to maintain your authenticated session. This cookie is HTTP-only, secure in production, and contains no tracking information. We do not use analytics cookies, advertising cookies, or any third-party tracking.

9. Security

RefPassport uses a zero-knowledge architecture. Your private signing key is encrypted with AES-256-GCM before it leaves your browser, using a key derived from your password via PBKDF2. We never see or store your unencrypted private key or password. All references are signed with Ed25519, and verification relies on public keys published in DNS TXT records that you control.

10. Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you by email or by placing a notice on the site. The "last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

For any questions about this privacy policy or our data practices, contact us at john.parkinson@hrgo.co.uk.