SponsorShield
← Back to home
LEGAL

Privacy Policy

Last updated: March 2026

This policy explains how SponsorShield collects, uses, and protects your personal data in accordance with UK GDPR and the Data Protection Act 2018.

1. Who We Are

SponsorShield, trading as SponsorShield, is a company registered in England and Wales. We operate the fraud-risk verification platform available at www.getsponsorshield.co.uk.

For the purposes of UK GDPR, SponsorShield is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, you can contact us at support@getsponsorshield.co.uk.

2. What Data We Collect

We collect only the minimum data necessary to provide our service. This includes:

Email address — Collected when you submit a document for analysis. Used solely to deliver your scan report. We do not add you to marketing lists without your explicit consent.

Uploaded PDF document — You may upload a Certificate of Sponsorship PDF for analysis. This file is processed in memory and permanently deleted immediately after analysis is complete. We do not store, archive, or review your uploaded documents.

Payment information — We do not collect or store payment card data. All payment processing is handled securely by Stripe, Inc., a PCI DSS Level 1 certified payment processor. We receive only a transaction reference and confirmation status from Stripe.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Document analysis — Your uploaded PDF is analysed by our CoreFlux™ Risk Engine to produce a fraud-risk assessment report. The document is deleted immediately after this process.
  • Report delivery — Your email address is used to send you your completed analysis report via our email delivery partner, Resend.
  • Payment processing — Your payment details are processed by Stripe to complete your purchase of a full report.
  • Legal compliance — We may process or retain data where required by applicable UK law or to respond to lawful requests from regulatory authorities.

Our legal basis for processing under UK GDPR is contract performance (Article 6(1)(b)) — processing is necessary to deliver the service you have requested — and, where applicable, legitimate interests (Article 6(1)(f)) in preventing fraud and improving service reliability.

4. Data Retention

We retain personal data only for as long as necessary:

  • Uploaded PDFs — Deleted immediately and permanently upon completion of analysis. No copies are retained.
  • Email address — Retained only for the purpose of delivering your report. If you request deletion, we will remove your email from our records promptly.
  • Payment records — Transaction references and metadata are retained by Stripe in accordance with Stripe's own privacy policy and applicable financial record-keeping obligations.
  • Analysis results — Aggregated, anonymised risk scoring data (containing no personal identifiers) may be retained to improve detection accuracy.

5. Third-Party Services

We use the following third-party processors to deliver our service:

Stripe, Inc. — Payment processing. Stripe is certified to PCI DSS Level 1 and subject to its own privacy policy, available at stripe.com/gb/privacy. By completing a purchase, you also agree to Stripe's terms of service.

Resend — Transactional email delivery. Resend processes your email address to transmit your analysis report. Resend's privacy policy is available at resend.com/legal/privacy-policy.

We do not sell, rent, or share your personal data with any third parties for marketing purposes. All sub-processors are bound by data processing agreements consistent with UK GDPR requirements.

6. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — You may request a copy of the personal data we hold about you.
  • Right to rectification — You may request correction of inaccurate personal data.
  • Right to erasure — You may request deletion of your personal data where we have no legal obligation to retain it.
  • Right to restriction — You may request that we restrict processing of your data in certain circumstances.
  • Right to data portability — You may request your data in a structured, machine-readable format.
  • Right to object — You may object to processing based on legitimate interests.
  • Right to complain — You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

To exercise any of these rights, please contact us at support@getsponsorshield.co.uk. We will respond within one calendar month.

7. Cookies

SponsorShield does not use tracking cookies or third-party advertising cookies. We may use strictly necessary functional cookies (for example, to maintain session state during payment) that are essential for the website to operate. These cookies do not collect personal information and do not track you across other websites.

No cookie consent banner is displayed because we do not use non-essential cookies. If this changes, this policy will be updated and appropriate consent mechanisms will be implemented.

8. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to raise a concern about how we handle your personal data, please contact us:

Email: support@getsponsorshield.co.uk

Controller: SponsorShield

Registered in: England and Wales

CoreFlux™ Risk Engine · SponsorPath™ · SponsorShield

Independent fraud-risk screening. Not affiliated with UKVI or the Home Office.

Never pay anyone for a Certificate of Sponsorship.