1. Introduction
This Privacy Policy explains how Linefront Limited collects and uses personal data when you:
- Visit our website
- Log into our Platform
- Submit information through onboarding workflows
Linefront is committed to protecting personal data in line with UK GDPR and the Data Protection Act 2018.
3. Our Role
Linefront acts as:
- Data Processor — when processing data on behalf of Clients
- Data Controller — for website analytics, account management, and business operations
4. What Data We Collect
a) Website Data
- IP address
- Device and browser data
- Usage analytics
b) Account Data
- Name
- Email
- Phone number
- Login credentials
c) Application / Workflow Data
Depending on the Client's use case:
- Identity data
- Contact details
- Financial or verification data
- Uploaded documents
5. How We Use Data
We use data to:
- Provide and operate the Platform
- Enable login and authentication
- Process onboarding workflows
- Improve services and performance
- Ensure security and prevent fraud
Where we act as Processor, we only process data on Client instructions.
6. Automated Processing and AI
Linefront may use automated processing technologies, including artificial intelligence, to:
- Analyse documents and data
- Extract and structure information
- Support verification and risk assessment processes
- Assist Clients in making decisions
Important: These processes may involve automated analysis of personal data. In most cases, Linefront acts as a Data Processor, and such processing is carried out on behalf of our Clients.
Decision-Making
Linefront does not make final decisions about individuals. Any decisions (e.g. approvals, eligibility outcomes) are made by the Client.
Your Rights
Where automated decision-making applies, you may have rights under data protection law, including:
- The right to request human intervention
- The right to contest a decision
- The right to obtain an explanation of the decision
You should contact the relevant Client (the organisation you are interacting with) to exercise these rights.
7. Legal Bases
Depending on context:
- Contract performance (e.g. providing access)
- Legal obligation
- Legitimate interests (security, analytics)
- Consent (where required, e.g. certain checks)
8. Credit and Verification Checks
Where applicable:
- We may facilitate checks via TransUnion
- These are typically soft credit checks (no impact on score)
- Hard checks will only occur where clearly disclosed
Clients are responsible for ensuring lawful use.
9. Data Storage and Transfers
- Data is hosted securely (e.g. cloud infrastructure such as AWS)
- Stored in the UK and/or EEA
- Transfers outside these regions use appropriate safeguards
10. Security
We implement measures including:
- Encryption
- Access controls
- Monitoring and logging
- Secure authentication
11. Data Retention
- Data is retained based on Client instructions
- Deleted or returned after service ends
- May be retained where legally required
12. Your Rights
You have the right to:
- Access your data
- Correct inaccuracies
- Request deletion
- Restrict processing
- Object to processing
- Data portability
We assist Clients in fulfilling these rights.
13. Data Breaches
We maintain incident response procedures and will notify Clients without undue delay.
14. Sub-processors
We use trusted sub-processors (e.g. hosting providers), all bound by data protection obligations.