CE+ Validation App — Privacy Policy
Last updated: October 2023
This Privacy Policy describes how the CE+ Validation app ("we", "us", or "our") collects, uses, and shares your information when you use our mobile application. This app is published by Cyber Ask Ltd and is available on Android.
1. Information We Collect
Our app is designed specifically for Cyber Essentials Plus (CE+) compliance testing. To perform this validation, we collect technical metadata from your device:
| Data Category | Specific Data Points | Purpose |
|---|---|---|
| Device Identification | Manufacturer, Brand, Model | CE+ device inventory validation |
| Operating System | OS version, API level, Security Patch level | Verify OS currency requirements |
| Security Configuration | Root status (su binaries), Encryption status, Screen lock status, Auto-lock timeout | Verify CE+ security controls on-device |
| System Status | Last boot time, Auto-update enabled | CE+ patching & update compliance |
| Administrative Status | MDM enrolment status | Device management compliance check |
| User-Provided Data | Unique validation code provided by your organisation | Link result to the correct assessment |
- Personal identifiers — Name, Email address, Phone Number
- Location data (GPS or network-based)
- Contacts or Calendar information
- Photos, media files, or documents
- Browsing history or app usage data
- Audio, camera, or microphone data
2. How We Use Your Information
The collected metadata is used solely for the following purposes:
- Verifying that the device meets the security standards required for Cyber Essentials Plus certification as defined by the NCSC and the relevant certification scheme.
- Providing a CE+ compliance report to your organisation confirming the device's validation status.
We do not use this data for advertising, behavioural tracking, analytics, or any purpose beyond CE+ compliance validation.
3. Data Sharing
We share the collected device metadata only with the server endpoint configured by your organisation for validation purposes. This is typically your organisation's internal CE+ validation server or your Certification Body's system.
We do not:
- Sell your data to third parties
- Share data with advertisers or analytics providers
- Retain or access the data after transmission to your organisation's endpoint
4. Data Retention and Deletion
The CE+ Validation app is designed as a one-time use utility. Once the validation result has been submitted to your organisation's endpoint:
- No data is retained within the app itself beyond the active session.
- The data held on the receiving server is subject to your organisation's data retention policy — please consult your IT department or CE+ assessor for details.
- You are encouraged to uninstall the app immediately after the validation is complete.
5. Security
All data transmitted from the device to the validation server is protected using HTTPS (TLS encryption). We use industry-standard protocols to ensure the integrity and confidentiality of the transmitted metadata.
The app requests only the specific device permissions necessary to read the technical metadata listed above. It does not request access to location, contacts, camera, microphone, or storage.
6. Children's Privacy
The CE+ Validation app is a specialist compliance tool intended for use by IT administrators, security professionals, and employees acting under the instruction of their organisation's IT or security team. It is not intended for use by children under the age of 13. We do not knowingly collect data from children.
7. Your Rights
As this app collects only anonymised technical device metadata and links it only to an organisation-issued validation code (not a personal identifier), standard individual data subject rights (access, erasure, portability) primarily apply to the data held on the receiving server operated by your organisation. Please contact your organisation's IT department or data protection officer to exercise these rights in relation to server-side data.
For any questions about the app itself, contact us using the details below.
8. Contact Us
If you have questions about this Privacy Policy or about the CE+ Validation app, please contact:
Cyber Ask Ltd
Email: [email protected]
Phone: +44(0)7346 808791
Registered in England & Wales. Company No. 15113248.
Alternatively, contact your organisation's IT department or the CE+ auditor who provided you with the unique validation code.
9. Changes to This Policy
We may update this Privacy Policy to reflect changes in the app's functionality or applicable regulations. Updates will be reflected in the "last updated" date above and within the app's Play Store listing. Continued use of the app following any update constitutes acceptance of the revised policy.
See Also
For the Cyber Ask Ltd website privacy policy (covering cyberask.co.uk), please see: Cyber Ask Ltd Website Privacy Policy.