Privacy Policy
Last updated: March 2026
1. Introduction
This Privacy Policy explains how AssessNow collects, uses, stores, shares, and protects your personal data when you use our website at assessnow.co.uk and all related services (the "Service").
We are committed to protecting your privacy and handling your data responsibly. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
By using the Service, you acknowledge that you have read and understood this Privacy Policy. For information about the terms governing your use of the Service, please see our Terms of Service.
2. Who We Are
AssessNow is operated by the company identified in Section 1 of our Terms of Service. For the purposes of data protection law, we are the data controller in respect of the personal data we collect through the Service.
If you have any questions about how we handle your data, you can contact us at support@assessnow.co.uk.
3. Definitions
"Personal data" means any information that identifies or can be used to identify a living individual, directly or indirectly.
"Processing" means any operation performed on personal data, including collection, recording, storage, use, sharing, and deletion.
"Assessment data" means the answers and information you provide during an Assessment, together with the results generated by our engine.
"Lead data" means the contact information and Assessment summary provided to Firms through the Lead Marketplace, where you have opted in.
4. Information We Collect
We collect the following categories of personal data:
Information you provide directly:
- Contact details: name, email address, and phone number (provided during Assessment, lead opt-in, firm registration, or the Connect form)
- Assessment inputs: answers to Assessment questions, including financial figures, employment details, business information, and immigration circumstances
- Firm registration details: firm name, SRA/IAA registration number, business address, website, and evidence documents
- Account credentials: email address and password (for firm accounts)
- Communications: any messages or correspondence you send to us
Information collected automatically:
- Technical data: IP address, browser type and version, operating system, device type, and screen resolution
- Usage data: pages visited, time spent, click patterns, and referral source
- Cookie data: as described in our Cookie Policy
Information from third parties:
- Payment data: Stripe provides us with confirmation of payment, partial card details (last four digits), and transaction references. We do not receive or store your full card number.
5. How and Why We Use Your Information
We use your personal data for the following purposes:
To provide the Service: processing your Assessment inputs, generating results, producing and delivering your Assessment Report by email and PDF, and maintaining your account.
To operate the Lead Marketplace: where you opt in, anonymising your Assessment data for the marketplace preview and providing your contact details to Firms upon purchase.
To process payments: charging Assessment fees, processing firm subscriptions and credit purchases, and managing billing through Stripe.
To communicate with you: sending transactional emails (Assessment Reports, password resets, team invitations), responding to enquiries, and sending service-related notices.
To maintain and improve the Service: monitoring performance, diagnosing technical issues, analysing usage patterns (in aggregate and anonymised form), and developing new features.
To ensure security and prevent misuse: enforcing rate limits, detecting and preventing fraudulent or unauthorised use, and maintaining the integrity of our systems.
To comply with legal obligations: responding to lawful requests from regulators or law enforcement, maintaining records as required by law, and fulfilling our obligations under applicable regulations.
6. Legal Bases for Processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. The table below sets out the legal bases we rely on for each category of processing.
| Purpose | Legal Basis |
|---|---|
| Providing Assessments, generating Reports, delivering results | Performance of a contract with you |
| Processing payments | Performance of a contract with you |
| Firm account management and team features | Performance of a contract with the Firm |
| Lead Marketplace (where you opt in) | Your explicit consent |
| Transactional emails (Reports, receipts, account notices) | Performance of a contract with you |
| Service security, fraud prevention, rate limiting | Our legitimate interests (protecting the Service and our users) |
| Analytics and service improvement (aggregated data) | Our legitimate interests (improving the Service) |
| Responding to your enquiries and support requests | Our legitimate interests (providing customer support) |
| Legal compliance and regulatory obligations | Legal obligation |
Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interests at any time.
Where we rely on your consent (specifically for Lead Marketplace opt-in), you may withdraw your consent at any time by contacting us at support@assessnow.co.uk. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
7. Automated Assessments
Our Service uses automated software engines to produce Assessment results based on the information you provide. No human review is involved in generating an individual Assessment.
The automated Assessment process applies published UK immigration rules to your inputs and produces an informational result. This process does not constitute solely automated decision-making that produces legal effects or similarly significant effects concerning you, within the meaning of Article 22 of the UK GDPR. Our Assessments are informational self-assessment tools. They do not determine any legal right, visa outcome, or immigration status.
If you have concerns about how an automated Assessment result was generated, or if you believe a result is inaccurate, you can contact us at support@assessnow.co.uk. You may also seek independent professional advice from a qualified immigration adviser.
8. Sharing and Disclosure
We do not sell your personal data. We share your data only in the following circumstances:
With your consent (Lead Marketplace). If you opt in after completing an Assessment, your contact details and a summary of your Assessment are made available to participating Firms through the Lead Marketplace. Lead previews are anonymised. Full details are revealed only upon purchase by a Firm.
With service providers (sub-processors). We use third-party service providers to operate the Service. These providers process data on our behalf and under our instructions. See Section 10 for details.
With payment processors. Payment is handled by Stripe. Your payment information is transmitted directly to Stripe and is subject to Stripe's privacy policy.
For legal reasons. We may disclose your data if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers. If AssessNow (or its operating company) is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your data.
9. Lead Marketplace Data
This section provides additional detail on how data flows through the Lead Marketplace.
Opt-in. Participation in the Lead Marketplace is entirely voluntary. You are asked whether you wish to be connected with a regulated immigration professional after completing your Assessment. If you choose not to opt in, your data is not shared.
What Firms see before purchase. Firms see an anonymised preview that includes: the type of Assessment completed, the general verdict category (such as "requirement met" or "further guidance needed"), and the visa or assessment category. No personally identifiable information is visible at this stage.
What Firms receive after purchase. Upon purchasing a Lead, Firms receive: your name, email address, phone number (if provided), the Assessment type, and a summary of the Assessment result. Firms do not receive your full Assessment answers or the detailed Assessment Report.
Controller status after purchase. From the moment a Firm receives your contact details, that Firm acts as an independent data controller of your personal data for its own client intake, compliance, and service delivery purposes. The Firm's processing is governed by its own privacy notice and its professional and regulatory obligations. You should review the Firm's privacy information when it contacts you.
Expected contact. By opting in, you consent to being contacted by up to three participating Firms (the default maximum) by email and/or telephone in connection with your enquiry. Each Firm is required, on first contact, to provide you with access to its privacy notice and a clear way to opt out of further communications from that Firm.
Exercising your rights. You can withdraw your consent to further sharing at any time before a Lead is purchased by contacting us at support@assessnow.co.uk. If a Firm has already purchased your Lead, you should exercise your data protection rights (including marketing opt-out) directly with that Firm. If you need assistance identifying or contacting the Firm, we will help route your request.
Firm obligations. Firms are contractually required to use Lead data solely for the purpose of offering immigration-related professional services and must handle all data in compliance with applicable data protection laws. Firms must not resell, redistribute, or share Lead data with third parties.
Lead limits and expiry. Each Lead may be purchased by a maximum number of Firms (the default is three). Leads expire after a defined period (the default is 90 days). After expiry or maximum purchases, the Lead is removed from the marketplace.
10. Our Sub-Processors
We use the following third-party service providers to operate the Service:
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase | Database hosting, authentication | Assessment data, account data, lead data | United Kingdom (AWS eu-west-2, London) |
| Stripe | Payment processing | Payment details, billing information | United States and EU |
| Resend | Transactional email delivery | Email addresses, email content | United States |
| Vercel | Website hosting and delivery | Technical data, page requests | Global (edge network, with origin in the United States) |
| Google Analytics | Website analytics (consent-gated) | Anonymised usage data, cookies | United States |
We review our sub-processors periodically and ensure that each has appropriate data protection measures in place. We maintain contractual arrangements with all sub-processors that require them to process data in accordance with our instructions and applicable data protection law.
If we add or replace a sub-processor in a way that materially changes how your personal data is processed, we will update this Privacy Policy and, where appropriate, notify Firm account holders in advance. Firms may contact us at support@assessnow.co.uk to discuss sub-processor arrangements further.
11. International Data Transfers
Some of our service providers process personal data outside the United Kingdom. Where a transfer is a "restricted transfer" under the UK GDPR and the destination country is not covered by UK adequacy regulations, we implement appropriate safeguards to ensure your data receives an equivalent level of protection.
Depending on the provider and transfer route, these safeguards include:
- the UK International Data Transfer Agreement (UK IDTA); or
- the EU Standard Contractual Clauses together with the UK Addendum.
We also carry out a transfer risk assessment where required and implement supplementary measures where appropriate, in line with the ICO's guidance on international transfers.
Our primary database (Supabase) is hosted in the United Kingdom (AWS eu-west-2, London). For processors based in the United States (including Stripe, Resend, Vercel, and Google), we rely on the safeguards described above and, where applicable, the UK Extension to the EU-US Data Privacy Framework.
You may request further information about the safeguards we use for international transfers by contacting us at support@assessnow.co.uk.
12. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following table sets out our general retention periods.
| Data Category | Retention Period | Reason |
|---|---|---|
| Assessment data and Reports | 24 months from Assessment date | Service provision, Accuracy Guarantee claims, support |
| Contact details (non-opted-in individuals) | 24 months from Assessment date | Linked to Assessment record |
| Lead data (opted-in individuals) | 90 days in marketplace, then 24 months in archive | Marketplace operation, then record-keeping |
| Firm account and subscription data | Duration of subscription plus 24 months | Contract performance, billing records |
| Firm registration and evidence documents | Duration of account plus 12 months | Regulatory compliance, dispute resolution |
| Payment records | 7 years from transaction date | HMRC tax and accounting obligations |
| Rate limit and security logs | 24 hours (automated deletion) | Security monitoring |
| Analytics data (Google Analytics) | Governed by Google Analytics retention settings | Service improvement |
| Cookie consent preferences | Until you clear browser data or revoke consent | PECR compliance |
When data is no longer needed, we securely delete or anonymise it. Anonymised data (which cannot be used to identify you) may be retained indefinitely for statistical and analytical purposes.
13. Your Rights Under UK GDPR
Under the UK GDPR, you have the following rights in relation to your personal data:
Right of access. You have the right to request a copy of the personal data we hold about you and information about how we process it.
Right to rectification. You have the right to request that we correct any inaccurate or incomplete personal data.
Right to erasure. You have the right to request that we delete your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected.
Right to restrict processing. You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of data you have contested.
Right to data portability. You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where processing is based on consent or contract and is carried out by automated means.
Right to object. You have the right to object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Right to withdraw consent. Where processing is based on your consent (such as Lead Marketplace opt-in), you may withdraw your consent at any time.
Right not to be subject to automated decision-making. As described in Section 7, our Assessments do not constitute automated decision-making with legal or similarly significant effects. However, if you have concerns, you may contact us to discuss them.
To exercise any of these rights, please contact us at support@assessnow.co.uk. We will respond to your request within one month. In complex cases, we may extend this by a further two months, and we will inform you if this is necessary.
We will not charge a fee for responding to a valid request, except in cases where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to act.
14. Children's Data
The Service is not directed at individuals under the age of 18, and we do not knowingly collect personal data from children. If you are under 18, you must not use the Service or provide any personal data to us.
If we become aware that we have collected personal data from a child under the age of 18, we will take steps to delete that data promptly. If you believe we may have collected data from a child, please contact us at support@assessnow.co.uk.
15. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.
Our security measures include: encryption of data in transit using TLS/SSL; access controls and authentication requirements for all system access; regular security reviews; use of reputable, security-audited third-party infrastructure providers; and separation of roles and permissions within our systems.
While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining robust protections.
16. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, providing details of the breach, the likely consequences, and the measures we are taking in response.
17. Cookies
We use cookies and similar technologies on the Service. Essential cookies (for authentication, session management, and consent preferences) are used without additional consent as they are necessary for the Service to function.
Analytics cookies (Google Analytics) are only activated after you provide explicit consent through our cookie banner.
For full details of the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.
18. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our data practices, legal requirements, or the Service. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a notice on the Service.
We encourage you to review this Privacy Policy periodically.
19. Complaints
If you are unhappy with how we have handled your personal data, we encourage you to contact us first so that we can try to resolve the matter. You can reach us at support@assessnow.co.uk.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.
Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113
20. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
Email: support@assessnow.co.uk