Scoreholder Ltd - Privacy Policy

Last updated: 1 July 2025

Welcome to the Privacy Policy of Scoreholder Ltd ("Scoreholder", "we", "us" or "our"). Scoreholder operates a web-based scoring application (available at scoreholder.com) that serves users globally. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services. It applies to all users of Scoreholder worldwide. We avoid region-specific policies; instead, this single Privacy Policy applies to all our users worldwide, from New Zealand to the EU, the US (including California), the UK, Australia, Dubai, and beyond.

By using our services, you acknowledge that your personal data will be handled as described in this Policy. If you do not agree with our practices, please do not use our services or provide us with your information.

1. Scope of Policy & Definitions

Scope. This Privacy Policy applies to all personal information we collect or process about individuals who use our websites, applications, and services (collectively, the "Services"), or who otherwise interact with us (for example, by contacting support or participating in events). It covers how we handle personal data of users in all jurisdictions we serve.

Definitions. In this Policy:

If any terms are not defined in this Policy, they have the meanings given to them in the relevant data protection laws. This Policy does not cover the practices of third-party websites, services or applications that you may access through our Services - those are governed by the respective third parties' privacy policies.

2. Information We Collect

We believe in being transparent about what data we collect. We collect information you provide to us directly, information we collect automatically about your use of our Services, and in some cases information from third parties. The types of personal data we may collect include:

We will indicate when personal information is requested (e.g. on forms) and whether it is mandatory or optional. If you choose not to provide certain information, you may not be able to use some features of the Services.

3. How We Use Your Information

We use personal data for various purposes in connection with providing and improving our Services. We strive to limit our use of data to what is necessary and relevant. The main purposes for which Scoreholder processes your personal information include:

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for a related purpose that is compatible with the original purpose (and we will inform you as required by law). If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

4. Legal Bases for Processing Personal Data

We only process personal data when we have a valid legal reason to do so. Depending on the context, one or more of the following legal bases may apply:

Each of the categories above is handled in a transparent and privacy-conscious manner. We do not share personal information with third parties beyond what is described in this section without notifying you or obtaining your consent. We also implement all required notices and choice mechanisms (such as opt-outs) to ensure our information sharing practices meet the requirements of applicable data protection laws and respect your privacy preferences.

5. International Data Transfers

Scoreholder stores all personal data on secure cloud servers in Singapore operated by trusted providers (AWS and DigitalOcean). Authorised team members in New Zealand and France may access these systems remotely for support, maintenance, and product improvement, so your information may be processed outside your home country.

When personal data leaves its original jurisdiction we apply the safeguards required by that region's privacy laws. For EU data we rely on the European Commission Standard Contractual Clauses; for UK data, the UK International Data Transfer Agreement; and for other regions (e.g., New Zealand, Australia, DIFC, relevant US states) we use equivalent contractual or legally-approved mechanisms. These measures ensure the recipient protects your information to standards essentially equivalent to those in your country.

We also secure all transfers with encryption, strict access controls, and continuous monitoring. You may request details of our transfer safeguards at any time. By using Scoreholder, you consent to these international transfers, which we will always carry out in accordance with this Privacy Policy and applicable law.

6. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In practice, this means:

When we have no ongoing legitimate need to process your personal information, we will either delete it or anonymise it (so it can no longer be associated with you). If deletion or anonymisation is not immediately possible (for example, because the data is stored in backup archives), we will securely store the data and isolate it from any further use until deletion is feasible.

7. Cookies & Tracking Technologies

Cookies are small data files placed on your device when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. We, and our third-party analytics and advertising partners, use cookies and similar tracking technologies in the following ways:

Your Choices for Cookies: When you first visit our website, you may see a cookies notice or banner. Where required by law, we will ask for your consent to use certain cookies. You can choose to accept or reject those. Regardless, you can always control cookies through your browser settings. Most web browsers allow you to refuse new cookies, delete existing cookies, or notify you when new cookies are set. However, please note that if you delete or disable cookies, some features of our Services may not function properly.

8. Do-Not-Track Signals & Global Privacy Control

Do-Not-Track (DNT): Modern browsers let you send a DNT header to signal that you prefer not to be tracked across sites. Because no industry-wide standard exists, most websites, including ours, cannot reliably act on that header. We therefore do not alter cookies or tracking scripts in response to DNT at this time, but we continue to watch regulatory and technical developments and will update our practice if a uniform standard emerges.

Global Privacy Control (GPC): GPC is a newer, legally recognised browser signal that tells businesses you wish to opt out of any "sale" or cross-context sharing of your personal data for targeted advertising or the inclusion of your identifiable results in any paid analytics or data products we offer. Whenever we detect a valid GPC signal, we treat it as a binding opt-out under laws such as the CCPA/CPRA and similar U.S. state statutes. Concretely, we will:

  1. Suppress third-party trackers used for behavioural ads or data resale.
  2. Flag your account so that future disclosures that qualify as a "sale" are blocked.
  3. Log the request to ensure ongoing compliance.
  4. GPC operates at the browser or device level; enable it on each browser or device you use if you want full coverage. GPC does not disable essential cookies that are required for core functionality; use our cookie banner or your browser settings to manage those individually.

If, for technical reasons, we cannot immediately honour an opt-out signal, you may always exercise your rights manually by contacting our support team.

9. Your Rights & Choices

We respect your rights to know about and control your personal data. Because we serve users in many jurisdictions, we extend many important privacy rights to all users globally, even if local laws do not require it. Below is a summary of your principal rights and choices regarding your personal information, available to you regardless of where you live (with any legal variances noted where relevant). To exercise any of these rights, please see the instructions at the end of this section.

Exercising Your Rights: To exercise any of your rights above, please contact us using the information in the Contact Us section below. You can make a request related to your personal data at any time. For certain requests (like accessing or deleting data), we will need to verify your identity to ensure we're fulfilling the request for the correct person, to protect your privacy. Verification might involve confirming information we already have on file (like sending the request from your registered email or answering a few questions about your account). For some rights, we also offer self-service options:

Response Time: We will respond to your request as soon as possible, and within any timeframe required by law. For example, GDPR requires a response within one month (extendable in complex cases), and CCPA generally within 45 days. We aim to get back to you faster than that, typically within a few weeks at most. If we need more time or cannot fulfill your request (due to a legal exception), we will inform you and explain the reason.

Authorised Agents: If you want to designate someone else to make a request on your behalf (such as a lawyer or authorised representative), we will require proof that you have authorised that person (for example, a written authorisation or proof of power of attorney), and we may still ask you or the agent to verify directly with us.

We value your control over your personal information. Please do not hesitate to reach out regarding any of these rights or with any questions about your privacy choices. We are here to help.

10. Data Security

Protecting personal information is a core priority at Scoreholder. We apply industry-standard technical and organisational safeguards to prevent unauthorised access, alteration, disclosure, or destruction of the data we hold. Key measures include:

11. Dispute Resolution and Privacy Questions

We are committed to resolving any concerns about your privacy and the handling of your personal data. If you have questions, concerns, or complaints regarding this Privacy Policy or our data practices, we encourage you to contact us directly so that we can address and resolve the issue.

Contacting Scoreholder:
You can reach our privacy team or Data Protection Officer at [email protected]. Please include "Privacy Request" in the subject line and provide detail about your question or request.

We will acknowledge and investigate any complaint or question, and respond within a reasonable timeframe. Our goal is to find a fair resolution to any issue you might have.

Dispute Resolution: Most privacy or data use concerns can be resolved quickly through our support or privacy team. However, if you are not satisfied with our response or believe we are not complying with our legal obligations, you have the right to escalate the matter:

We value the trust you place in Scoreholder. If you have any questions about this Privacy Policy or our privacy practices, please contact us. We will be happy to answer and will work diligently to address any issue to your satisfaction.

12. Updates to This Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make changes, we will notify you by updating the "Effective Date" at the top of this Policy. In the case of material changes (significant changes that affect your rights or how we use your data), we will take additional steps to inform you: for example, by posting a prominent notice on our website or sending you a direct notification (via email or via your account).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Policy constitutes your acceptance of the updated terms. If you do not agree with any updates or changes, you should stop using the Services and can request that we delete your personal data.

We keep prior versions of this Privacy Policy for your review (if applicable, we can provide an archive or summary of changes upon request, so you can see how terms have evolved).



Thank you for reading our Privacy Policy. We are dedicated to safeguarding your personal data and being transparent about our practices. Your privacy and trust are important to us, and we will continue to do our utmost to protect them.

If you have any questions or concerns about this Policy or your privacy when using Scoreholder, please reach out to us at [email protected].