Privacy Policy

Last updated 17th December 2019


Serelay Ltd (“we” or “us”) respects the privacy of our users (“you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information and certain device information when you use our mobile application (the “Application”). The Application is not intended for children and we do not knowingly collect personal data relating to children.

It is important that you read this privacy policy so that you are fully aware of how and why we are using your data. The Application can be used to submit content to our media partners, like news organisations, who benefit from the comfort of knowing that content submitted through the Application has been verified by Serelay’s technology. If you choose to share your data with such third parties through the Application, then you should ensure you have read and understood their privacy policies as well.

We may make changes to this Privacy Policy from time to time, primarily to reflect improvements in the quality and scope of the Application’s functionality. As the Application does not solicit your contact details, we have no means by which to directly and immediately inform you of updates to this Privacy Policy but will inform you through a notice in the Application when next you use it.

This Privacy Policy does not apply to third-party online/mobile stores (namely, the Apple App Store or Google Play Store) which you use to install the Application or make payments.

Our role as data controller and data processor

We may act as data controller or data processor in relation to your personal data. This Privacy Policy is primarily concerned with providing you with information about our use and handling of your personal data when we act as a data controller. To clarify:

  • a data controller determines the purposes for which personal data is to be collected and used, and the means of handling of that personal data. When we hold your data for our own purposes, as described further in sections 1 and 3 below, we act as a data controller; and
  • a data processor handles personal data on the instructions of and for the purposes of a data controller. When we collect, transmit or temporarily store data on behalf of our media partners, we are acting for their purposes as a data processor.

Importantly, our media partners who receive your data are data controllers in their own right. For information on how they will use and handle your data, you will need to review their own privacy notices or policies which will be incorporated or referenced in the Application.


Information collected through our Application as controller

In Short: We may collect information regarding your geolocation and other features of your mobile device when you use our Application. We do not receive your photo or video content at the time of capture, but only receive a unique “fingerprint” of verification data related to that content. We will only receive your photo or video content if you choose to share it using our “snapshot” feature.

We automatically collect certain information when you use the Application. This information does not reveal your specific identity (like your name or contact information), but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Application and other technical information. This information is primarily needed to maintain the security and operation of our Application, and in order to afford you the core verification functionality provided by the Application.

Media and Fingerprints

We do not ourselves receive or make any use of any photographs or videos taken by you using the Application at the time of capture. Instead, when you take a photo or video using the Application, the Application automatically creates unique “fingerprint” of verification data for that content, computed based on the data points relating to that content at the point of capture (such as location, environment, time and time zone, pitch, roll, visible local Wi-Fi and Bluetooth networks, and other sensor metadata), which we receive and which can be used to verify that content.

Your unique ID

A unique ID is generated each time the Application is installed. That ID is not associated with you individually, or even with your individual mobile device, but with the particular instance of installation of the Application. The unique ID is associated with the verification data we receive from the use of that instance – so if a user wants us to delete all verification data we hold, they only need to tell us the unique ID.

Mobile device data, and changing your device settings

The Application may request access or permissions to:

  • track location-based information from your device. We only do this while you are using the Application;
  • use certain features from your mobile device, including your mobile device’s Bluetooth, camera, microphone, sensors, storage and other features; and
  • access device information such as your mobile device ID number, model, and manufacturer, version of your operating system, country, location, and any other data you choose to provide.

You can change the access or permission granted to the Application at any time using your device’s settings.

We ascribe some overall authenticity ratings when generating verification data as described above. If your device settings deny the Application access or permissions in relation to some of the different types of data used for the purposes of verification, then the rating may be lower.

Your content when you use our ‘Snapshot’ functionality

The Application includes a ‘snapshot’ functionality, allowing you to share a photo or video captured by you through the Application. When you use this function, a copy of the content, together with the metadata you have chosen to include with the snapshot, will be saved on our servers and made available using a public link which you can share. We will not store your photo or video content at the time of capture, but only if you choose to share it using the ‘snapshot’ function.


In Short When you submit any content and additional requested information such as contact details to our media partners using the Application, we merely transmit and do not retain that content and information. We act as a data processor in doing so, and our media partners are data controllers. You should read their privacy policies for further details about how they use your personal data.

One of the functions of the Application is to allow users to submit media content to our media partners. In submitting that content, you may be asked to provide other information like your name and contact details for submission to our media partners. In each case, our role is merely to transmit that content and data securely to the media partner. We do not decide what information they request from you and we do not retain any of the content or associated information after transmission.

Our media partners are data controllers in their own right and are using your personal data for their own purposes. We do not have any control over them. In each case, their use of your personal data will be governed by their own privacy policy (or equivalent notice), which they will communicate to you through the Application or otherwise. We recommend that you ensure that you have read and understood any information provided by them in relation to their use of your personal data, and any other terms which might apply to the submission process.

You should contact our media partners directly to exercise any legal rights you may have in relation to any personal data held by them.


In Short: We process your information in order to afford you the core functionality provided by the Application and to comply with our legal obligations.

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Application to:

  1. Verify the authenticity of photos and videos you capture through the Application.
  2. Provide the features and services we make available through the Application (including hosting ‘snapshot’ content).
  3. Compile anonymous statistical data and analysis for use internally or with third parties.
  4. Increase the efficiency and operation of the Application and otherwise support it.
  5. Monitor and analyze usage and trends to improve your experience with the Application.
  6. Assist law enforcement as required by law.

We’re also required by law to identify the legal basis on which we handle personal data. These legal bases are set out in Article 6 of the General Data Protection Regulation (“GDPR”).

In each of the cases above, our legal basis of processing is the furtherance of our legitimate interests (Article 6.1(f) GDPR), namely our interests in delivering and improving the functionality of our Application, except that when we use data to assist law enforcement our legal basis of processing is compliance with our legal obligations (Article 6.1(c) GDPR).


In Short: We only share information with your consent, to comply with laws, to protect your rights, or to fulfil core functionality provided to you by our platform.

The core functionality provided by our platform is to provide an authenticity rating to the content, time and location of a photo or video that you captured using our Application to yourself, to an audience with which you have chosen to share this media through social media or other digital channels, and to specific third parties you chose to share your content with such as our media partners.

Shared by You – by File Transfer

If you have captured media items (photo or video) using the Application, you can share those items with recipients in the same way as any other media items on your mobile device without using the Application (for example, by SMS message or via upload to social media applications). However, media items captured through the Application, even if shared by other means, will contain additional metadata captured by the Application which you would therefore also be sharing with the relevant third party. If you would like to mask the granularity of this metadata we recommend sharing media through ‘snapshot’ functionality. You should be aware that if you choose to share media items on any other platforms (like social media platforms) they may have their own privacy policies which you should read.

Shared by You – using ‘snapshot’ functionality

When you share a media item (photo or video) captured by you through the Application using the Application’s own ‘snapshot’ functionality you are creating a public link sharing the content, time and location relating to the media item. You can then elect to alter the granularity by which time and location readings are shown, reducing or increasing the specificity of available metadata. You can take down any media item which you have shared at any time.

Media partners

As described above, we may transfer content and associated information to media partners when you use the functions of the Application to submit that content and information.

By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with official entities for fraud protection and credit risk reduction.

Third-Party Service Providers

We may share some of your information with third parties that perform services for us or on our behalf, including data analysis, hosting services and customer service as required for providing you with the core functionality of our application. Any transfer of data to third-party providers is performed over an encrypted channel, and we only share with any such service provider the minimal subset of data required for the specific task they perform.

Sale or Bankruptcy

If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party.

We are not responsible for the actions of third parties with whom you share personal data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.

International transfers

Our servers are within the EEA and we do not transfer personal data outside the EEA in our capacity as a data controller. However, you should note:

  • that if you make content available using the ‘snapshot’ function, that content and metadata may be available to anyone with the public link, who may be anywhere in the world; and
  • our media partners, who are controllers in their own right, may be located outside the EEA, or may transfer data outside the EEA. You should read their privacy policies for further information.


In Short: Yes, we use Google Maps on Android and Apple Maps on iOS for the purpose of providing better service.

The Android version of our Application uses Google Maps APIs. You may find the Google Maps APIs Terms of Service here. To better understand Google’s Privacy Policy, please refer to this linkBy using our Android Maps API Implementation, you agree to be bound by Google’s Terms of Service.

The iOS version of our Application uses Apple Maps APIs. You may find the Apple Maps Terms of Service here. To better understand Apple’s Privacy Policy, please refer to this linkBy using our Apple Maps API Implementation, you agree to be bound by Apple’s Terms of Service.


In Short: We aim to protect your personal information through a system of organisational and technical security measures.

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.


In Short: We retain data only as long as is reasonably necessary.

We retain any personal data collected for no longer than is necessary for the purposes for which that data was obtained. Since the core function of our Application and service is to allow verification of media content (which may be published or used in evidence some time after its creation), verification data will be kept until we are instructed to delete it or until the instance of the Application with which it is associated becomes inactive. If any instance of the Application is inactive (i.e. if it is not used for a period of two years) then we will delete all verification data associated with the unique ID associated with that instance. Users can also request deletion of any data associated with their unique ID at any time.


In Short: You have rights that allow you greater access to and control over your personal information. You may uninstall the Application and request to delete any data collected thought it at any time.

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at the contact details listed below if you wish to make a request or if you believe we are unlawfully processing your personal information. You also have the right to complain to your local data protection supervisory authority, you can find their contact details here.

Specifically in relation to your right to erasure you may trigger deletion of all of your personal data directly through the Application.

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.


If you have questions or comments about this Privacy Policy you may email us at [email protected] or by post to:

Serelay Ltd
Atlas Building
Harwell Campus, Oxfordshire
OX11 0QS
United Kingdom

Supported by




Atlas Building R27,
Harwell Science Park
OX11 0QX
United Kingdom