Privacy Policy

Version 2026-06-03

1. Who we are (data controller)

AuthScope (“AuthScope”, “we”, “us”, “our”) is operated by Libriate, a trading name of Bluberrie Digital Ltd, a company registered in England and Wales. We are the data controller for the personal data collected through www.authscope.io.

For any privacy-related enquiry, including a data subject access request (DSAR), contact us at privacy@authscope.io.

2. What personal data we collect

When you join the early-access list we collect:

  • Your email address
  • The date and time you consented (consented_at)
  • The exact consent text shown to you at sign-up
  • The version of this privacy policy in force at sign-up (privacy_policy_version)
  • Your IP address (server-observed, used for spam and abuse prevention)
  • Your browser user-agent string

We collect only what is necessary for the purposes described below. We do not collect special-category data, and the marketing site does not read or store the contents of any email, document, or calendar event in any Google Workspace or Microsoft 365 tenant.

3. Lawful basis and how we use your data

Our lawful basis for sending you email is your consent (UK GDPR Article 6(1)(a) and Article 7). By ticking the consent checkbox at sign-up you agree to receive emails from AuthScope about the product — including early-access notifications, product updates, and related news. You can withdraw this consent at any time (see section 5).

We retain your IP address and user-agent under our legitimate interests (UK GDPR Article 6(1)(f)) in preventing spam and abuse of the sign-up form, and to keep a demonstrable record that consent was validly obtained.

We do not sell your data, and we do not use it for automated decision-making or profiling.

4. Data processors (subprocessors)

We use the following processors to operate the service. Each is bound by a data processing agreement and operates under UK GDPR / EU GDPR compliant terms:

  • Supabase (database) — EU region (Frankfurt). Stores early-access sign-up records.
  • Mailjet (email) — EU region. Sends product and acknowledgement emails to you.
  • Vercel (web hosting) — EU region (cdg1/fra1). Hosts the AuthScope website and processes form submissions on our behalf.
  • Analytics provider — website traffic measurement, loaded only with your consent (see section 9). May involve a transfer outside the UK/EEA under appropriate safeguards (EU Standard Contractual Clauses).

A current list of subprocessors is maintained at /security/subprocessors.

5. Withdrawing consent & unsubscribing

Every marketing email includes a one-click unsubscribe link. Withdrawal is actioned promptly and stops all further marketing email. You can also withdraw consent or ask us to erase your record at any time by emailing privacy@authscope.io. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

6. International transfers & storage

Your data is stored in the EU (Supabase, Frankfurt) and processed within the EU data plane. Where any transfer outside the UK/EEA occurs, it is covered by appropriate safeguards (UK International Data Transfer Agreement / EU Standard Contractual Clauses). Access to personal data is restricted via role-based access controls and logged for accountability.

7. Retention

We retain your early-access record until you unsubscribe or request erasure, or until the early-access list is migrated to active accounts, whichever comes first. We retain consent evidence (that you agreed, the exact wording shown, and the policy version) for a minimum of 13 months to satisfy our UK GDPR accountability obligations, even after you unsubscribe.

8. Your rights

Under UK GDPR and EU GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure (“right to be forgotten”) — ask us to delete your personal data.
  • Restriction — ask us to limit how we use your data.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent — at any time, without affecting prior lawful processing.
  • Object — object to processing based on legitimate interests.

To exercise any of these rights, or to submit a DSAR, email privacy@authscope.io. We will respond within one month.

9. Cookies & analytics

We use a third-party analytics provider to understand how the site is used. Analytics is loaded only if you opt in via our cookie banner. If you reject or ignore the banner, no analytics scripts load and no analytics cookies are set. When enabled, the provider sets analytics cookies to measure visits, with IP anonymisation. Our lawful basis for analytics is your consent (UK GDPR Article 6(1)(a) and PECR).

You can withdraw consent at any time using the “Cookie preferences” control in the site footer, or by clearing cookies in your browser. Withdrawing stops further analytics; previously-set analytics cookies can be removed via your browser. We store your choice in a single strictly-necessary first-party cookie (as_analytics_consent), which is not itself an analytics cookie. We use no advertising or cross-site tracking cookies.

10. Changes to this policy

We may update this policy from time to time. The version number at the top of this page reflects the current version. Material changes affecting data you have already given us will be notified by email before they take effect.

11. Supervisory authority

If you are unhappy with how we have handled your personal data you have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or, for EU residents, your relevant national data protection authority. We ask that you contact us first so we can try to resolve the matter.