RLReferenceLock
Log inStart membership

Security & Privacy

ReferenceLock is built with security and privacy at its core. This page outlines how we protect references, user data, and account access — with a focus on GDPR and safe, controlled sharing.

At a glance

Secure sharing • Read-only employer links • Timestamped records • User-controlled access

Contact usView pricing

GDPR & Data Protection

ReferenceLock is designed with GDPR principles in mind, including data minimisation, purpose limitation, and secure processing. We only collect and store what’s needed to request, store, and share references.

  • Lawful basis and transparent processing
  • Data minimisation and purpose limitation
  • User-controlled sharing and access
  • Support for data subject rights

Security of Processing

We apply organisational and technical measures to help protect your data against unauthorised access, alteration, disclosure, or loss.

  • Secure transmission (HTTPS) for all traffic
  • Access controls and least-privilege principles
  • Separation of public share links from member access
  • Monitoring and auditing practices (where applicable)

Access Control & Sharing

Employers can view shared references only through a unique, read-only link. Members control what is shared and can revoke access at any time.

  • Read-only employer share links
  • Member controls for creating and revoking links
  • No employer account required to view shared references
  • Sharing designed to reduce friction while maintaining privacy

Audit Trail & Verification

References include an auditable trail so you can demonstrate when references were requested, received, shared, viewed, or exported (where enabled).

  • Timestamped reference events
  • Referee identity markers (where available)
  • Downloadable records (where enabled)
  • Visibility designed to support safer recruitment practices

Data Retention & User Control

You remain in control of your account and reference data. You can request export or deletion in line with applicable requirements.

  • User-controlled data access
  • Export options (where enabled)
  • Deletion requests supported
  • Retention policies aligned to service needs and legal obligations

Important note

This page is a high-level overview and not a legal contract. If you need a formal security pack, Data Processing Agreement (DPA), or detailed compliance documentation, please contact us.