verification data usage

When you verify with our apps to allow you to be able to use Boost and Young Person's tickets, you are asked to give personal data including uploading some form of ID such as a passport or birth certificate. This data is then checked for verification by our app provider, Passenger, to ensure that the person requesting verification is who they say they are and that they are eligible for the discounted ticket. 

Passenger do not store this information after the verification request has been processed.

For further information on how we handle your data, and other sensitive information, please check our privacy policy. 

Security measures

Passenger Technology Group uses Amazon Web Services (AWS), with data centres based in London. Identification material is stored on AWS S3, with a restrictive security policy. Material is encrypted at rest with AES-256 and transferred via TLS. External system requests are with temporary pre-signed URLs.

The identification material image is destroyed as soon as it has either been approved, rejected or if the request expires.

The Online Verification System is segregated from the rest of the mobile ticketing system, ensuring identification materials cannot be accessed if mobile ticketing was compromised.

Where manual checks are performed, these are carried out by Passenger Technology Group employees and contractors, with a right to work in the UK check and a DBS check.