Verification Security Disclosure

1. What we collect on every scan of your verification page

When someone scans your physical service dog ID card (via QR or NFC) and your verification page loads, our server and a small client-side script collect the following data:

1a. Server-side (HTTP request)

• IP address (used for geo-lookup; stored as a SHA-256 hash for the scan record)
• Approximate IP-derived location: city, region (state/province), country, ISP, ASN, and approximate latitude/longitude. Source: ip-api.com, cached 24h. This is not GPS — it's an estimate from the network address, and can be wrong for VPN users, mobile carrier NAT, or corporate proxies.
• Browser User-Agent string (the browser and OS the scanner is using)
• HTTP Referer header (the page they came from, if any)
• Timestamp of the scan

1b. Client-side (JavaScript)

• Device fingerprint hash — a 32-bit non-cryptographic hash combining the signals below. Used to detect when the same device returns to scan multiple handlers (a fraud pattern).
• Canvas signature — a hash of how the browser renders a small test image. Mildly identifying.
• WebGL GPU renderer string — e.g. "NVIDIA GeForce GTX 1080" or "Apple M2".
• Audio context signature — a hash of an inaudible audio buffer rendered by the browser.
• Timezone, browser language, screen resolution and device pixel ratio.
• Connection type (e.g. "4g", "wifi") where the browser exposes it.
• Battery level + charging status (Chrome Android only; deprecated in most browsers — usually absent).
• JavaScript Referrer (fallback only — server-side Referer is preferred).

1c. Capture detection events (only if triggered)

• The detection method that fired (e.g. printscreen-key, mac-screenshot-shortcut, visibility-flicker-450ms)
• The timestamp the detection occurred
• A flag marking the scan as a suspected-capture event

What we do NOT collect: your name, phone number, email address, exact GPS location, camera/microphone access, contacts, files on your device, or any payment details. These would all require explicit OS-level permission prompts that we never display.

2. Why we collect it (legal basis)

UK GDPR / EU GDPR: Article 6(1)(f) — legitimate interests pursued by the data controller, namely the prevention of fraud and the protection of registered handlers from misuse of their verification page.

California Consumer Privacy Act (CCPA / CPRA): §1798.105(d)(2) — exception for detecting security incidents, protecting against malicious activity, fraud, or illegal activity.

Legitimate Interests Assessment (summary):

• Purpose: Prevent fraudulent reuse of verification pages and provide handlers a documented forensic trail when their page is captured or saved.
• Necessity: Without this data, a captured screenshot of a handler's page cannot be traced back to who captured it or where. Anonymous capture is the dominant fraud pattern in the US service dog registry market.
• Proportionality: We collect only what's strictly needed for fraud detection. We do not enrich the data with third-party datasets. We do not sell, share, or use any of this data for advertising. We do not build behavioral profiles.
• Balancing test: The data subject (the person scanning) is also the data subject most likely to be misusing the page. The registered handler (also a data subject) has a stronger interest in fraud prevention than the scanner has in anonymity for an action they performed on someone else's profile page. We make this trade-off transparent via the privacy notice on the verification page.

3. Retention

Verification scan records (including all data listed in section 1) are retained for 90 days from the scan date, then automatically deleted from our database. This window is justified as:

• Long enough for a misuse pattern to surface (a captured screenshot rarely surfaces same-day)
• Short enough to minimize personal-data exposure if our infrastructure is ever breached
• Aligned with comparable fraud-detection retention windows in the financial industry (30–180 days typical)

Handlers can request earlier deletion at any time via support@adaservicedog.com.

4. What our system can and cannot do

5. Your rights as the registered handler

• Access: Request a copy of all scan records associated with your registration
• Deletion: Request immediate deletion of your scan records (we will action within 30 days)
• Object: Object to specific processing by emailing us — we will pause or stop if your objection outweighs our legitimate interest
• Portability: Request your scan records in machine-readable JSON format
• Notification opt-out: Turn off capture-detected emails in your dashboard under Privacy & Alerts (we will continue logging captures to your audit trail)

6. Your rights as someone scanning a handler's page

If you scanned a service dog verification page and want to know what we collected about you:

• Email support@adaservicedog.com with the approximate date/time of the scan and the dog's name or registration number if known
• We will respond within 30 days under UK GDPR Article 12 or CCPA §1798.130, whichever applies to your jurisdiction
• You may request deletion. Note: where the handler has flagged your capture as suspected misuse, we may retain the record to defend the handler's legitimate interest, in which case we will explain the retention reason

7. Contact

For all matters relating to this disclosure, verification scan data, or our security system:

Email: support@adaservicedog.com

Postal: NS Design ID Cards, 9 Coolnagarde Avenue, Omagh, BT78 1GA, United Kingdom

For broader data-protection matters, see our full Privacy Policy.