Privacy Policy

Effective date: 13 April 2026

This Privacy Policy explains how KNEWTE UK LIMITED collects, uses, stores, shares, and protects personal data when you use knewte.com, KNEWTE applications, related websites, communications, and support services.

This policy also explains when KNEWTE acts as a controller and when KNEWTE acts as a processor on behalf of business customers using the KNEWTE platform and apps.

1. Who We Are

KNEWTE UK LIMITED is a company registered in England and Wales with company number 13980396.

KNEWTE is a business-only platform. Our services are intended for businesses such as companies, LLPs, partnerships, sole traders, charities, public bodies, and other organisations.

2. When We Act as Controller and When We Act as Processor

2.1 KNEWTE as Controller

KNEWTE acts as a controller where we decide why and how personal data is used for our own business purposes, including:

• website and platform operation;
• account registration and account administration;
• business verification and fraud prevention;
• subscription management, invoicing, and payment administration;
• service communications and support;
• security monitoring, abuse prevention, and audit logging;
• legal and regulatory compliance; and
• internal analytics, service improvement, and business operations.

2.2 KNEWTE as Processor

KNEWTE acts as a processor where our business customers use the KNEWTE platform or a KNEWTE app to process personal data for their own business purposes, and we process that data on their behalf and under their instructions.

For example, where a customer uses an app such as Reference Check to create records, send requests, collect responses, or store app data relating to candidates, referees, clients, customers, or other business contacts, that customer will usually be the controller and KNEWTE will usually act as processor.

3. Personal Data We Collect

The categories of personal data we collect depend on how you use KNEWTE, what type of account you have, what apps are used, and whether we receive data directly from you or from another person or organisation.

3.1 Account and Profile Information

• name;
• email address;
• telephone or mobile number where provided;
• username, login details, verification status, and account identifiers;
• profile details such as title, role, and ordinary profile information where provided.

3.2 Business and Subscription Information

• business name and business contact information;
• billing and subscription records;
• invoice and payment administration information;
• records relating to app purchases, trials, credits, and renewals;
• business verification information where required for compliance or fraud prevention.

3.3 Usage, Device, and Technical Information

• IP address;
• device, browser, and operating system information;
• log records, access times, actions performed, and audit trails;
• security, authentication, and account activity data;
• approximate location derived from IP where applicable.

3.4 Support and Communications Information

• support requests and correspondence;
• service messages, verification emails, and notifications;
• records of account issues, complaints, or disputes.

3.5 App and Customer Data

Depending on the app used by the customer, KNEWTE may process business records and customer content submitted by or for the customer, including business contact records, operational data, app workflow data, notes, communications, and audit records.

3.6 Reference Check Data

Where the Reference Check app is used, personal data may include:

• candidate names, email addresses, telephone numbers, job-related details, and date of birth where used by the customer;
• referee names, email addresses, telephone numbers, and related contact details;
• reference responses, comments, ratings, notes, messages, and workflow records;
• recruitment-related communications and audit logs.

3.7 Payment Information

Payments are processed through third-party payment providers such as Stripe. KNEWTE does not store full payment card details on its own servers. We may receive limited payment-related information such as billing status, payment confirmation, transaction references, and masked or tokenised payment details where necessary for account administration.

4. Sources of Personal Data

We may collect personal data:

• directly from you when you create an account, contact us, use the platform, or submit information;
• from your business or account administrator;
• from other users acting on behalf of your business;
• from customers using KNEWTE apps on behalf of their organisations;
• from candidates, referees, clients, customers, suppliers, or other business contacts where app workflows involve those individuals;
• from payment providers, verification providers, or fraud-prevention processes;
• automatically through cookies, logs, analytics, and technical monitoring of our websites and services.

5. How We Use Personal Data

We use personal data for the following purposes, depending on the relationship and context:

5.1 Platform and Account Administration

• creating and managing accounts;
• enabling access to apps and services;
• managing business profiles, users, and permissions;
• processing trials, subscriptions, credits, renewals, and account settings.

5.2 Billing and Financial Administration

• processing and administering subscriptions and purchases;
• issuing invoices and maintaining billing records;
• managing payment status, failed payments, and fraud prevention.

5.3 Service Delivery and Support

• delivering app functionality and communications;
• responding to support requests and account enquiries;
• sending essential service messages, verification codes, and operational notices.

5.4 Security and Compliance

• protecting accounts and the platform;
• detecting and preventing fraud, misuse, spam, and security incidents;
• maintaining logs, audits, and incident records;
• complying with legal, tax, accounting, sanctions, anti-money laundering, and regulatory obligations.

5.5 Service Improvement and Business Operations

• improving platform performance, reliability, and security;
• developing and improving apps and features;
• generating aggregated or de-identified analytics and usage insights.

6. Our Lawful Bases

We process personal data only where we have a valid lawful basis under applicable data protection law. Depending on the purpose, this may include:

6.1 Contract

We process personal data where necessary to provide the platform, create accounts, manage subscriptions, deliver apps and services, respond to service requests, and perform our contractual obligations.

6.2 Legitimate Interests

We process personal data where necessary for our legitimate interests, provided those interests are not overridden by the rights and freedoms of individuals. These interests include platform security, fraud prevention, service administration, internal reporting, service improvement, business management, and support.

6.3 Legal Obligation

We process personal data where necessary to comply with legal, tax, accounting, compliance, regulatory, law-enforcement, or reporting obligations.

6.4 Consent

Where we rely on consent, such as for certain optional communications or similar activities, you may withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

7. When We Share Personal Data

We may share personal data where necessary with:

• Amazon Web Services (AWS) for hosting, cloud infrastructure, storage, backup, and email-related infrastructure;
• Stripe and other payment providers for payment processing and payment administration;
• service providers supporting communications, infrastructure, security, analytics, or support functions;
• professional advisers, auditors, insurers, and regulators where reasonably necessary;
• law enforcement, courts, public authorities, or regulators where required by law or necessary to protect legal rights;
• affiliates, contractors, or subprocessors where necessary to operate the platform and lawful safeguards are in place.

Where we engage processors or subprocessors, they are required to process personal data only on appropriate instructions and to protect it using appropriate safeguards.

8. International Transfers

KNEWTE's primary hosting environment is in London, United Kingdom. However, some personal data may be accessed from outside the UK by authorised contractors, personnel, or service providers where this is necessary for support, maintenance, administration, or related service functions.

Where personal data is transferred or accessed outside the UK, we will do so only where lawful safeguards are in place, such as UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or another valid transfer mechanism recognised by applicable law.

9. Data Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, for the duration of the relevant service relationship, and for any additional period required or permitted by law.

• account, app, and customer data may be retained for up to 90 days after closure or termination before deletion, unless a longer retention period applies;
• certain financial, tax, contract, audit, billing, and compliance records may be retained for up to 6 years or longer where required or permitted by law;
• data may remain in backups or archives for a limited period after deletion from live systems;
• where an app provides export, download, copy, or similar functionality, it is the customer's responsibility to use those tools before access ends.

For more detail, please see our Data Retention Policy.

10. Security

We use technical and organisational measures designed to protect personal data and platform information. These may include encryption in transit, encryption or equivalent protections for certain stored personal data, access controls, role-based access, monitoring, backup processes, and incident response measures.

No system can be guaranteed to be completely secure. Users and customers are also responsible for maintaining secure passwords, managing permissions correctly, and protecting the devices and environments from which they access KNEWTE.

11. Your Data Protection Rights

Depending on the circumstances and the applicable lawful basis, you may have rights including:

• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restriction of processing;
• the right to object;
• the right to data portability;
• rights relating to automated decision-making, where applicable.

If we rely on consent, you also have the right to withdraw consent at any time.

To exercise your rights, contact us at support@knewte.co.uk. We may need to verify identity and authority before taking action, especially where requests relate to business accounts or data controlled by a customer.

You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe your personal data has been handled unlawfully or unfairly.

12. Automated Decision-Making

KNEWTE does not currently make solely automated decisions about individuals that produce legal effects or similarly significant effects.

13. Children’s Data

KNEWTE is a business platform and is not intended for use by children. We do not knowingly design our services for children or intentionally collect children’s personal data for our own purposes.

14. Reference Check App Privacy Information

The Reference Check app is used by business customers to manage recruitment-related reference-check workflows. In that context, KNEWTE usually acts as a processor on behalf of the relevant customer.

14.1 Types of Personal Data

Reference Check data may include:

• candidate and referee names;
• email addresses and telephone numbers;
• job-related details;
• candidate date of birth where used by the customer;
• reference responses, comments, ratings, notes, and communications;
• workflow logs and audit records.

14.2 Source of Data

This information may be provided by the customer, the candidate, the referee, or another authorised user acting for the customer.

14.3 Role of the Customer

The customer is usually the controller and is responsible for deciding why the Reference Check app is used, what information is requested, what lawful basis applies, what notices are given, and how reference information is assessed.

14.4 KNEWTE’s Role

KNEWTE provides the app workflow, communications, hosting, support, and related processing on behalf of the customer, subject to the customer’s instructions and our Data Processing Addendum.

14.5 If You Are a Candidate or Referee

If your personal data is being used in connection with a reference check, the business using the Reference Check app is usually the first point of contact for questions about why your data is being used and how your rights apply. You may also contact KNEWTE if you have questions about our role or this policy.

15. Cookies and Similar Technologies

We may use cookies and similar technologies to operate the website and platform, maintain security, remember settings, and understand service usage. For more information, please see our Cookie Policy.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Where appropriate, we will post the updated version on our website or in the Service and update the effective date above.

17. Contact Us