Cleared Logo
Sections
Trust Centre

Last Updated: May 16, 2024

Privacy Policy

Cleared Verification Platform

1. Introduction

This Privacy Policy explains how Software Factory Limited ("Cleared," "we," "us," or "our") collects, uses, stores, and protects your personal data when you use the Cleared Verification Platform ("Platform"). We are committed to protecting your privacy and complying with Jamaica's Data Protection Act 2020.

By using the Cleared Platform, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not use our Services.

2. Data Controller and Contact Information

Data Controller: Software Factory Limited, Kingston, Jamaica

Data Protection Officer (DPO): dpo@cleared.id

Customer Support: support@cleared.id | 876-CLEARED (876-253-2733)

For data protection concerns or to exercise your rights, contact our DPO at dpo@cleared.id.

3. What Data We Collect

3.1 Identity Verification Data:

  • Full name, date of birth, place of birth
  • Government-issued ID documents (passport, driver's license, national ID, voter ID)
  • Selfie photos and biometric facial data for liveness detection and facial matching
  • ID numbers (TRN, passport number, driver's license number)
  • Watchlist screening results (sanctions, PEPs, adverse media)

3.2 Address Verification Data:

  • Residential and business addresses
  • Utility bills, bank statements, property records (from TAJ, NLA)
  • GPS coordinates and map validation data
  • Landlord and neighbor confirmation notes
  • Site visit photos and field agent reports

3.3 Income and Employment Data:

  • Employer name, job title, employment start/end dates
  • Payslips, employment letters, HR confirmations
  • Income amounts and sources
  • TAJ (Tax Administration Jamaica) records and NIS (National Insurance Scheme) data

3.4 Reference Verification Data:

  • Referee names, contact details (phone, email)
  • Relationship to you (supervisor, colleague, landlord, etc.)
  • Feedback on performance, conduct, and reliability
  • Call recordings and email correspondence with referees

3.5 Background and Criminal Records Data:

  • Criminal records from Jamaica Constabulary Force (JCF)
  • Court records (civil and criminal cases)
  • Sanctions and watchlist data (local and international)
  • Adverse media search results
  • Professional disciplinary actions

3.6 Technical and Usage Data:

  • IP address, device ID, browser type, operating system
  • App usage logs, session duration, feature interactions
  • Location data (GPS coordinates when you enable location services)
  • Cookies and tracking technologies (see Section 11)

4. How We Use Your Data

4.1 Verification Services: To perform identity, address, income, reference, and background checks as requested.

4.2 Fraud Prevention: To detect and prevent identity fraud, document tampering, and unauthorized access.

4.3 Data Sharing with Third Parties: To share verification results with organizations you explicitly approve (employers, landlords, financial institutions).

4.4 Compliance and Legal Obligations: To comply with Jamaican law, anti-money laundering (AML) regulations, and court orders.

4.5 Service Improvement: To analyze usage patterns, improve Platform performance, and develop new features.

4.6 Customer Support: To respond to your inquiries, resolve issues, and provide technical assistance.

4.7 Marketing Communications: To send you service updates, new feature announcements, and promotional offers (you can opt out anytime).

5. Legal Basis for Processing (Jamaica Data Protection Act)

We process your data under the following legal bases:

  • Consent: You explicitly approve data sharing with third parties for specific purposes.
  • Contract: Processing is necessary to deliver verification services you requested.
  • Legal Obligation: We must comply with Jamaican AML laws, court orders, and regulatory requirements.
  • Legitimate Interests: Fraud prevention, security monitoring, and service improvement (balanced against your privacy rights).

6. Data Sharing and Third-Party Recipients

6.1 Approved Third Parties (with Your Consent):

  • Employers (for employment screening)
  • Landlords and property managers (for tenancy applications)
  • Financial institutions (for loan and credit applications)
  • Government agencies (for visa, passport, and license applications)

6.2 Service Providers and Subprocessors:

  • Amazon Web Services (AWS): Cloud infrastructure, storage, encryption key management (US East/West regions)
  • MongoDB Atlas: Database storage for logs and metadata (US East)
  • Twilio: SMS delivery for OTPs and notifications (United States)
  • GitHub (Microsoft): Source code management (no personal data)

6.3 Government and Law Enforcement:

  • Jamaica Constabulary Force (JCF) for criminal records checks
  • Tax Administration Jamaica (TAJ) for income and property verification
  • National Land Agency (NLA) for property records
  • Office of the Information Commissioner (OIC) for regulatory compliance

6.4 Legal Disclosure: We may disclose your data if required by Jamaican law, court order, or to protect our legal rights.

7. Data Retention

7.1 Active Verification Data: Stored for 12 months after your last verification to enable sharing with approved third parties.

7.2 Audit and Compliance Records: Retained for 7 years as required by Jamaican law, then securely deleted.

7.3 Deletion Requests: You can request early deletion, but we may retain data if required for legal, regulatory, or audit purposes.

7.4 Secure Deletion: Data is purged from all systems, with KMS keys destroyed to ensure cryptographic shredding.

8. Data Security

8.1 Encryption:

  • In Transit: TLS 1.3 encrypts all data moving between your device and our servers.
  • At Rest: AES-256 encrypts all stored documents, biometric data, and verification results.
  • Key Management: AWS KMS rotates encryption keys every 90 days.

8.2 Access Controls:

  • Least-privilege access: Only authorized personnel with legitimate needs can view your data.
  • Multi-factor authentication (MFA) required for all staff access.
  • Device posture checks ensure secure endpoints.
  • Quarterly access reviews remove dormant accounts.

8.3 Monitoring and Incident Response:

  • 24/7 security monitoring with CloudWatch and GuardDuty.
  • Automated alerts for suspicious activity.
  • Incident response team with 72-hour breach notification commitment.

9. Your Data Protection Rights (Jamaica Data Protection Act)

You have the following rights:

  • Right to Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements).
  • Right to Restrict Processing: Limit how we process your data in certain circumstances.
  • Right to Data Portability: Receive your data in a machine-readable format (JSON or CSV).
  • Right to Object: Object to processing based on legitimate interests or marketing.
  • Right to Withdraw Consent: Revoke consent for data sharing at any time.
  • Right to Lodge a Complaint: Contact Jamaica's Office of the Information Commissioner (OIC) at oic.gov.jm.

How to Exercise Your Rights: Email our DPO at dpo@cleared.id with your request. We will respond within 30 days.

10. International Data Transfers

10.1 Data Storage Location: Your data is primarily stored on AWS servers in the United States (US East and US West regions).

10.2 Safeguards: We use AWS Standard Contractual Clauses (SCCs) and encryption to ensure your data is protected when stored outside Jamaica.

10.3 Local Compliance: Despite international storage, we remain subject to Jamaican data protection laws and the jurisdiction of the Office of the Information Commissioner.

11. Cookies and Tracking Technologies

11.1 Cookies We Use:

  • Essential Cookies: Required for login, session management, and Platform functionality.
  • Analytics Cookies: Track usage patterns to improve the Platform (Google Analytics, anonymized).
  • Preference Cookies: Remember your settings (language, theme, notification preferences).

11.2 Managing Cookies: You can disable non-essential cookies in your browser settings, but this may limit Platform functionality.

12. Children's Privacy

The Cleared Platform is not intended for individuals under 18 years old. We do not knowingly collect data from minors. If we discover that a minor has created an account, we will delete it immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or in-app notification. Continued use of the Platform after changes constitutes acceptance.

14. Third-Party Links

The Platform may contain links to external websites (employer portals, government sites, etc.). We are not responsible for the privacy practices of third-party sites. Please review their privacy policies before providing personal data.

15. Data Breach Notification

If a security breach compromises your personal data, we will:

  • Notify you within 72 hours via email and in-app notification.
  • Report the breach to the Office of the Information Commissioner (OIC).
  • Provide details about the breach, affected data, and remediation steps.
  • Offer credit monitoring or identity protection services if appropriate.

16. Contact Us

If you have questions about this Privacy Policy or want to exercise your data protection rights, please contact us:

  • Data Protection Officer: dpo@cleared.id
  • Customer Support: support@cleared.id
  • Phone: 876-CLEARED (876-253-2733)
  • Mail: Software Factory Limited, Kingston, Jamaica
  • Office of the Information Commissioner (Jamaica): oic.gov.jm

By using the Cleared Verification Platform, you acknowledge that you have read and understood this Privacy Policy.

Previous

Compliance reports

Next

Terms & Conditions

📱

Get the Cleared® App

Available on all devices

Download