Privacy Policy

Last updated 2nd June 2020


Serelay Ltd (“we” or “us”) respects the privacy of our users (“you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information and certain device information when you use our mobile application (the “Application”). The Application is not intended for children and we do not knowingly collect personal data relating to children.

It is important that you read this privacy policy so that you are fully aware of how and why we are using your data.

We may make changes to this Privacy Policy from time to time, primarily to reflect improvements in the quality and scope of the Application’s functionality. As the Application does not solicit your contact details, we have no means by which to directly and immediately inform you of updates to this Privacy Policy but will inform you through a notice in the Application when next you use it.

This Privacy Policy does not apply to third-party online/mobile stores (namely, the Apple App Store or Google Play Store) which you use to install the Application or make payments.

Our role as a data controller

We act as data controller in relation to your personal data. This Privacy Policy is primarily concerned with providing you with information about our use and handling of your personal data. To clarify:

a data controller determines the purposes for which personal data is to be collected and used, and the means of handling of that personal data.


Information collected through our Application

In Short: We may collect information regarding your geolocation and other features of your mobile device when you use our Application. We do not receive your photo or video content at the time of capture, but only receive a unique “fingerprint” of verification data related to that content. We will only receive your photo or video content if you choose to share it using our “certification” feature.

We automatically collect certain information when you use the Application. This information does not reveal your specific identity (like your name or contact information), but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Application and other technical information. This information is primarily needed to maintain the security and operation of our Application, and in order to afford you the core verification functionality provided by the Application.

Media and Fingerprints

We do not ourselves receive or make any use of any photographs or videos taken by you using the Application at the time of capture. Instead, when you take a photo or video using the Application, the Application automatically creates unique “fingerprint” of verification data for that content, computed based on the data points relating to that content at the point of capture (such as location, environment, time and time zone, and visible local Wi-Fi and Bluetooth networks), which we receive and which can be used to verify that content.

Your unique ID

A unique ID is generated each time the Application is installed. That ID is not associated with you individually, or even with your individual mobile device, but with the particular instance of installation of the Application. The unique ID is associated with the verification data we receive from the use of that instance – so if a user wants us to delete all verification data we hold, they only need to tell us the unique ID.

Mobile device data, and changing your device settings

The Application may request access or permissions to:

  • track location-based information from your device;
  • use certain features from your mobile device, including your mobile device’s Bluetooth, camera, microphone, storage and other features; and
  • access device information such as your mobile device ID number, model, and manufacturer, version of your operating system, country, location, and any other data you choose to provide.

You can change the access or permission granted to the Application at any time using your device’s settings.

We ascribe some overall authenticity ratings when generating verification data as described above. If your device settings deny the Application access or permissions in relation to some of the different types of data used for the purposes of verification, then the rating may be lower.

Your content when you use our ‘Certification’ functionality

The Application allows you to certify a photo by creating a copy of it with an embedded verification link. Anyone you share this photo with will be able to verify the photo’s content, time and location by visiting this link. When you use this function, a copy of the content, together with the metadata you have chosen to include, will be saved on our servers. This is the only case in which your content will be stored on our servers, and you will need to explicitly and separately initiate it for each photo you wish to certify.


In Short: We process your information in order to afford you the core functionality provided by the Application and to comply with our legal obligations.

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Application to:

  1. Certify the authenticity of photos and videos you capture through the Application.
  2. Provide the features and services we make available through the Application (including hosting ‘certified’ content).
  3. Compile anonymous statistical data and analysis for use internally or with third parties.
  4. Increase the efficiency and operation of the Application and otherwise support it.
  5. Monitor and analyze usage and trends to improve your experience with the Application.
  6. Assist law enforcement as required by law.

We’re also required by law to identify the legal basis on which we handle personal data. These legal bases are set out in Article 6 of the General Data Protection Regulation (“GDPR”).

In each of the cases above, our legal basis of processing is the furtherance of our legitimate interests (Article 6.1(f) GDPR), namely our interests in delivering and improving the functionality of our Application, except that when we use data to assist law enforcement our legal basis of processing is compliance with our legal obligations (Article 6.1(c) GDPR).


In Short: We only share information with your consent, to comply with laws, to protect your rights, or to fulfil core functionality provided to you by our platform.

The core functionality provided by our platform is to provide an authenticity rating to the content, time and location of a photo or video that you captured using our Application to yourself, to an audience with which you have chosen to share this media through social media or other digital channels.

Shared by You – Certification

The Application allows you to certify a photo by creating a copy of it with an embedded verification link. Anyone you share this photo with will be able verify the photo’s content, time and location by visiting this link. You can elect to alter the granularity by which time and location readings are shown, reducing or increasing the specificity of available metadata. You can take down any such link you have created at any time.

By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with official entities for fraud protection and credit risk reduction.

Third-Party Service Providers

We may share some of your information with third parties that perform services for us or on our behalf, including data analysis, hosting services and customer service as required for providing you with the core functionality of our application. Any transfer of data to third-party providers is performed over an encrypted channel, and we only share with any such service provider the minimal subset of data required for the specific task they perform.

Sale or Bankruptcy

If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party.

We are not responsible for the actions of third parties with whom you share personal data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.

International transfers

Our servers are within the EEA and we do not transfer personal data outside the EEA in our capacity as a data controller. However, you should note:

  • that if you make content available using the ‘certification’ function, that content and metadata may be available to anyone with the public link, who may be anywhere in the world; and
  • our media partners, who are controllers in their own right, may be located outside the EEA, or may transfer data outside the EEA. You should read their privacy policies for further information.


In Short: Yes, we use Google Maps on Android and Apple Maps on iOS for the purpose of providing better service.

The Android version of our Application uses Google Maps APIs. You may find the Google Maps APIs Terms of Service here. To better understand Google’s Privacy Policy, please refer to this linkBy using our Android Maps API Implementation, you agree to be bound by Google’s Terms of Service.

The iOS version of our Application uses Apple Maps APIs. You may find the Apple Maps Terms of Service here. To better understand Apple’s Privacy Policy, please refer to this linkBy using our Apple Maps API Implementation, you agree to be bound by Apple’s Terms of Service.


In Short: We aim to protect your personal information through a system of organisational and technical security measures.

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.


In Short: We retain data only as long as is reasonably necessary.

We retain any personal data collected for no longer than is necessary for the purposes for which that data was obtained. Since the core function of our Application and service is to allow verification of media content (which may be published or used in evidence some time after its creation), verification data will be kept until we are instructed to delete it or until the instance of the Application with which it is associated becomes inactive. If any instance of the Application is inactive (i.e. if it is not used for a period of two years) then we will delete all verification data associated with the unique ID associated with that instance. Users can also request deletion of any data associated with their unique ID at any time.


In Short: You have rights that allow you greater access to and control over your personal information. You may uninstall the Application and request to delete any data collected thought it at any time.

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at the contact details listed below if you wish to make a request or if you believe we are unlawfully processing your personal information. You also have the right to complain to your local data protection supervisory authority, you can find their contact details here.

Specifically in relation to your right to erasure you may trigger deletion of all of your personal data directly through the Application.

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.


If you have questions or comments about this Privacy Policy you may email us at [email protected] or by post to:

Serelay Ltd
Atlas Building
Harwell Campus, Oxfordshire
OX11 0QS
United Kingdom

Supported by


Atlas Building R27,
Harwell Science Park
OX11 0QX
United Kingdom