Legal

1. Who we are

ClearCheck ("ClearCheck", "we", "us") is a civic-technology platform accessible at clearcheck.tech. ClearCheck operates as an independent stolen device registry for device verification and stolen device reporting. We are the data controller for all personal information collected through this platform.

Contact: support@clearcheck.tech

2. What data we collect

When you create an account:

• Full name
• Phone number
• Email address
• IP address at time of registration

When you report a stolen device:

• Device details (type, make, model, IMEI, serial number)
• Theft details (date, location, method, description)

When you search the registry:

• The IMEI or serial number you searched
• Search result status (clean, stolen, not found)
• Your IP address at time of search
• If you verify your identity on a stolen result: your name, phone number, and email address

When you subscribe to a paid plan:

• Payment is processed entirely by our payment gateway provider. ClearCheck does not store your card details.
• We record your subscription plan and expiry date.

We do not collect: payment card details, national ID numbers (unless voluntarily provided), or any data from minors.

3. Why we collect it & legal basis

Under applicable data protection legislation, our legal bases are:

• Consent — You provide explicit, active consent via the checkbox on the account creation form before any personal data is collected. Consent is voluntary and may be withdrawn at any time by contacting us.
• Contract — Processing your account and subscription details is necessary to deliver the service you signed up for.
• Legitimate interests — Search logs and IP addresses are collected to detect abuse, prevent false reports, and maintain service integrity.
• Legal obligation — We may process data where required by law or valid court order.

We do not use your data for marketing, profiling, or any commercial purpose beyond operating the registry.

4. How we use your data

• To verify your identity via OTP before creating an account or accepting a report
• To create and manage your stolen device reports and registered devices
• To notify you if someone searches your stolen device and verifies their identity
• To share your contact details with a finder who verifies their identity on your stolen device — this is the core recovery mechanism of the platform
• To notify authorised administrators and relevant authorities of new theft reports
• To process your subscription payment through our payment gateway provider
• To detect and prevent abuse, false reports, and scraping of the registry
• To generate anonymised statistics shown publicly on the homepage

Public search results show only device details and theft location — your personal information is never shown publicly.

5. Who we share data with

We do not sell, rent, or trade your personal data. We share data only as follows:

• Registered device owners — If you search a stolen device and verify your identity, your name, phone number, and email are shared with the device owner to facilitate recovery. You are informed of this before verifying.
• Authorised administrators — Can view full case details for the purpose of managing and investigating theft cases.
• Relevant authorities — New theft reports are notified to relevant law enforcement email addresses. Full data may be disclosed if required by a valid court order.
• SMS provider — Your phone number is processed by our SMS provider to deliver OTP verification codes.
• Email provider — Your email address is processed by our email provider to deliver account and case notifications.
• Payment gateway provider — Your payment details are processed entirely by our payment gateway provider. ClearCheck does not receive or store card details.

6. How long we keep data

• Account data — Retained for as long as your account is active, or until you request deletion.
• Report and device data — Retained for 5 years from submission, or until you request deletion.
• OTP sessions — Deleted automatically after 10 minutes.
• Search logs — Retained for 12 months, then automatically deleted.
• Authentication token — Stored in your browser to keep you signed in for up to 24 hours, after which you must sign in again.
• Payment records — Subscription status and expiry date retained for 7 years for financial compliance purposes.

7. Your rights

Under the applicable data protection legislation:

• Right to access — Request a copy of the data we hold about you.
• Right to rectification — Request correction of inaccurate data.
• Right to erasure — Request deletion of your data.
• Right to withdraw consent — Withdraw consent at any time.
• Right to lodge a complaint — With the the relevant data protection authority in your jurisdiction.

Contact us at support@clearcheck.tech. We will respond within 30 days.

8. Security

• HTTPS encryption for all data in transit (TLS 1.2 / 1.3)
• Phone number verification via OTP before any report is accepted
• Database access restricted to localhost
• Role-based access control
• Passwords stored using bcrypt hashing — never in plain text

9. Cookies & logs

ClearCheck does not use tracking cookies or third-party analytics. Browser storage used:

• Authentication token — Stored in your browser to keep you signed in for up to 24 hours.
• User profile — Your name and account details stored locally to personalise your dashboard experience.

No advertising cookies, tracking pixels, or third-party analytics scripts are used on this platform.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be indicated by a new effective date. Continued use of the platform constitutes acceptance.

11. South Africa — POPIA Compliance

ClearCheck complies with the Protection of Personal Information Act (POPIA), 2013. For South African users, the following additional provisions apply:

• Responsible Party: ClearCheck is the Responsible Party for all personal information collected through clearcheck.tech
• Lawful basis: We process your information on the grounds of contract, legitimate interest, consent, and legal obligation under POPIA
• Cross-border transfers: South African Data is Cached in Johannesburg Data Centers. Where data is transferred outside South Africa, we ensure adequate protection in accordance with Section 72 of POPIA
• Your rights: You have the right to access, correct, delete, and object to the processing of your personal information. Contact us at support@clearcheck.tech — we will respond within 30 days
• Information Regulator: You may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za or inforeg@justice.gov.za

12. United Kingdom — UK GDPR Compliance

ClearCheck complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For UK users, the following additional provisions apply:

• Data Controller: ClearCheck is the Data Controller for personal data collected through clearcheck.tech
• Lawful basis: We process your data under contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), consent (Art. 6(1)(a)), and legal obligation (Art. 6(1)(c))
• International transfers: Where data is transferred outside the UK, we ensure appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the ICO
• Your rights: You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object (Art. 21). Contact us at support@clearcheck.tech — we will respond within one calendar month
• Cookies: We use only strictly necessary cookies for authentication. No advertising or tracking cookies are used
• ICO: You may lodge a complaint with the UK Information Commissioner at ico.org.uk or 0303 123 1113

13. Contact

For any questions, requests or complaints relating to this Privacy Policy: