Do we need to be an ACSP?

No. TrustRegister orchestrates the identity verification process and integrates with your chosen ACSP or IDV provider, as well as GOV.UK One Login. We handle the workflow, evidence collection, and retention.

What data do you store?

We store verification metadata, evidence packs, and audit logs. We do NOT store biometric data, copies of identity documents, or personal information beyond what's needed for compliance tracking.

How long do you keep evidence?

Evidence packs are retained for 7 years as required by Companies House regulations. After this period, data is securely deleted unless you have specific legal requirements for longer retention.

Are you affiliated with Companies House?

No. TrustRegister is an independent software provider. We orchestrate compliance with Companies House identity verification requirements but are not affiliated with or endorsed by Companies House.

Privacy Policy | TrustRegister

Name: TrustRegister Identity Verification Platform
Brand: TrustRegister

1. Introduction

TrustRegister Limited ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our identity verification orchestration platform.

TrustRegister is not affiliated with Companies House. We are an independent software provider that helps organizations comply with Companies House identity verification requirements.

2. Information We Collect

Account Information

Name, email address, and contact details
Company/firm information
Account credentials and preferences

Verification Data

Company and officer information from Companies House
Email addresses and phone numbers for verification invitations
Verification status and completion timestamps
Evidence metadata and audit logs

What We DON'T Collect

Biometric data or copies of identity documents
Personal details beyond verification requirements
Financial or sensitive personal information
Data unrelated to identity verification

3. How We Use Your Information

Provide identity verification orchestration services
Send verification invitations and reminders
Generate compliance reports and evidence packs
Maintain audit trails for regulatory purposes
Improve our services and customer support

4. Data Controller vs Processor

For verification invitations: You remain the data controller and we act as a data processor under your instructions.

For evidence retention: We act as joint controllers to ensure compliance with Companies House 7-year retention requirements.

5. Data Sharing and Disclosure

We may share information:

With identity verification providers (as instructed by you)
With subprocessors listed in our Subprocessors List
When required by law or court order
To protect our rights or the safety of others

6. Data Security

End-to-end encryption (TLS 1.3 in transit, AES-256 at rest)
UK/EU data hosting with ISO 27001 certified facilities
Role-based access controls and multi-factor authentication
Regular security audits and monitoring
Incident response procedures

7. Data Retention

Evidence packs: 7 years (Companies House requirement)
Account information: Duration of service + 2 years
Audit logs: 7 years for compliance purposes
Marketing data: Until consent withdrawn

8. Your Rights (GDPR)

You have the right to:

Access your personal data
Rectify inaccurate data
Erase data (subject to retention requirements)
Restrict processing
Data portability
Object to processing
Withdraw consent

9. International Transfers

All data is processed and stored within the UK and EU. We do not transfer personal data outside the European Economic Area unless absolutely necessary and with appropriate safeguards in place.

10. Contact Information

Data Protection Officer: dpo@trustregister.co.uk

General inquiries: hello@trustregister.co.uk

Phone: +44 20 7946 0958

Address: TrustRegister Limited, London, United Kingdom

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our platform. The "Last updated" date at the top of this policy indicates when it was last revised.

For questions about this Privacy Policy or our data practices, please contact us at dpo@trustregister.co.uk