Privacy Statement

This is a draft privacy statement for v1. Counsel review pending before public launch.

What we collect

• Verification queries. When you look up a REP Number™, we log the request: a hashed client identifier (not your raw IP address), the result class, a request correlation id, and the timestamp. We do not collect your name or contact information for a verification query.
• Discrepancy submissions. If you submit a discrepancy report, we store the contact email you provide, the description text, the REP Number™ you reference, and the CAPTCHA verification result.
• Cookies. We use a small consent cookie to remember your analytics preference. We do not use third-party advertising cookies.

What we do not collect

• We do not store your raw IP address.
• We do not accept Protected Health Information (PHI) at any input. The discrepancy form rejects submissions matching obvious PHI patterns and the registry does not accept PHI under any circumstance.
• We do not transmit personal data to analytics backends. REP Numbers used in analytics events are hashed before transmission.

How we use data

• Verification logs. Used to operate the registry, debug incidents, defend against abuse, and produce aggregated statistics. Retained per the scheme records-retention policy.
• Discrepancy submissions. Used to investigate reports of records that look wrong. The contact email may be used to follow up on the report.

Your rights

You may contact scheme operations at any time to request information about data we hold relating to your REP Number™ verification activity, or to request that a record about you be reviewed.

Contact

Use the Report a Discrepancy form, or contact scheme operations through the For Hospitals & VCOs intake for organisational inquiries.