Privacy Policy & Data Protection

Transparency and your rights are at the core of IdentiScope

Last updated: April 2026 - Ireland / EU - GDPR + Data Protection Act 2018

Our Privacy Principles

Transparency

Clear information about what data we collect and why

Consent-Based

Explicit consent required before any assessment is run

Storage Limitation

Automatic deletion of assessment data after 24 hours

Data Minimisation

Only publicly available data necessary for analysis

What Data We Collect & How We Use It

Legal Basis for Processing

IdentiScope processes data under Article 6(1)(f) GDPR - legitimate interests: the protection of children from online harms. All processing is limited to what is strictly necessary for that purpose. Users provide explicit consent at first login via the Terms of Use screen.

Data We Collect & Retain

  • Your Twitter / X identity: Your Twitter username and user ID, obtained via OAuth. Used for authentication and to link accountability records to your account.
  • Audit records (per scan): Your Twitter ID, the SHA-256 hash of the scanned username, risk score, risk band, and timestamp. Retained for 24 hours, then auto-deleted.
  • Temporary scan reports: Risk score, keyword category counts, activity statistics, and recommendations. The full tweet feed is never stored. Retained for 24 hours, then auto-deleted via MongoDB TTL index.
  • Scanned usernames: Stored as SHA-256 hashes in the audit log. The plaintext username appears only in the temporary 24-hour scan report.

Data We Do NOT Collect

  • Private messages or direct messages
  • Passwords or login credentials of any kind
  • Full tweet text (only keyword matches and risk scores are retained)
  • Location data or IP addresses
  • Browsing history or tracking cookies
  • Third-party analytics or advertising data

How We Use Your Data

  • Authenticate you via Twitter / X OAuth (read-only scope)
  • Perform keyword-based risk assessment on requested public accounts
  • Generate safeguarding reports and alert parents to high-risk signals
  • Maintain an accountability audit trail to deter misuse

Your Rights Under GDPR

  • Right to Access

    Request a copy of all personal data we hold about you at any time.

  • Right to Erasure

    Request immediate deletion of your data. All associated records will be permanently removed.

  • Right to Withdraw Consent

    Withdraw consent for data processing at any time - triggers automatic data deletion.

  • Right to Rectification

    Request correction of inaccurate personal information we hold.

  • Right to Data Portability

    Request your data in a structured, machine-readable format.

  • Right to Object

    Object to data processing at any time for legitimate reasons.

Data Security

  • Encryption: All data encrypted in transit (TLS) and at rest
  • Authentication: Secure session management with mandatory 2FA
  • Pseudonymisation: Usernames hashed with SHA-256 before storage
  • Automatic Deletion: All assessment data deleted after 24 hours via MongoDB TTL index
  • No Third Parties: Zero data sharing with advertisers or analytics companies

No Surveillance, No Tracking

IdentiScope is not a surveillance tool. We do not:

  • Use cookies for tracking user behaviour
  • Employ third-party analytics or advertising
  • Monitor ongoing activity after assessment completion
  • Share data with law enforcement without legal obligation

Questions?

To exercise your rights or ask about our privacy practices, contact:

You may also lodge a complaint with the Data Protection Commission (Ireland).