CompanyCheckr.com← Back to home

Privacy Policy

Last updated: 24 June 2026

This Privacy Policy explains how CompanyCheckr.com, operated by [YOUR REGISTERED COMPANY NAME LTD] ("we", "us"), collects and uses your personal data. We act as a data controller for the personal data described below and comply with the UK GDPR and the Data Protection Act 2018.

1. Who we are

Controller: [YOUR REGISTERED COMPANY NAME LTD], registered in England and Wales, registered office at [YOUR REGISTERED ADDRESS].
Contact: privacy@companycheckr.com

2. What data we collect

We collect only what we need to provide the Service:

  • Account data: email address, name (if provided), authentication identifiers, and (for OAuth sign-in) your provider profile basics.
  • Usage data: the companies and queries you look up, search history, plan and quota usage counters, and timestamps.
  • Billing data: processed by Stripe — we receive billing status and the last four digits of your card; we never see full card details.
  • Support data: messages you send us via the contact form, including your name, email, IP address (for spam protection), and content.
  • Technical data: IP address (truncated for analytics), browser type, device, and timestamps, captured in server logs.
  • Analytics: if you accept the cookie banner, we use Google Analytics 4 to record anonymised page views and events. See our Cookie Policy.

3. Lawful bases

We rely on the following lawful bases under UK GDPR Article 6:

  • Contract — to provide the Service, manage your account, process your searches, and bill you.
  • Legitimate interests — to keep the Service secure (abuse prevention, rate limiting, fraud detection), to improve the product, and to respond to your support queries.
  • Consent — for non-essential cookies and analytics. You can withdraw consent at any time via the cookie banner.
  • Legal obligation — to keep tax and accounting records, and to respond to lawful requests from regulators or law enforcement.

4. How we use your data

  • Provide search, news and AI insights you request.
  • Authenticate you and protect your account.
  • Process payments and send billing receipts.
  • Send service emails (account, billing, security, password reset).
  • Detect and prevent abuse, spam, and unauthorised access.
  • Improve the Service (aggregate, non-identifying analysis).

We do not sell your personal data and we do not use it for third-party advertising.

5. Public-register data

Company information returned by the Service comes from the public Companies House register, including names and addresses of directors and persons with significant control. That data is published by HM Government under the Open Government Licence. We display it as provided; we do not enrich it with non-public sources of personal data about individuals.

6. Sub-processors and recipients

We use carefully chosen suppliers to run the Service. Each is bound by contract to process your data only on our instructions and to keep it secure.

  • Lovable Cloud (backend infrastructure, database, file storage, auth, transactional email delivery) — hosted in the EU/UK region.
  • Cloudflare (CDN, edge compute, DDoS protection) — global.
  • Stripe (payment processing) — UK/EU/US.
  • Google Analytics 4 (consented analytics) — IP-anonymised; data processed in the EU/US under Standard Contractual Clauses.
  • OpenAI / Google Gemini via Lovable AI Gateway (AI insights and news summaries) — model providers; requests do not include your account identifiers.
  • Firecrawl / Perplexity / Tavily (news search APIs) — only the company query is sent; no account data.
  • Companies House API (public register lookup) — UK Government.

7. International transfers

Where data is transferred outside the UK, we rely on UK adequacy regulations, the UK International Data Transfer Addendum, or Standard Contractual Clauses, together with additional safeguards.

8. Retention

  • Account data: for the life of your account, plus 30 days after deletion.
  • Search history and saved notes: until you delete them or close your account.
  • Billing records: 7 years, as required by HMRC.
  • Support messages: 24 months.
  • Rate-limit / abuse logs: 30 days.
  • Server logs: 30 days.

9. Your rights

Under UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased (subject to retention obligations).
  • Restrict or object to processing.
  • Data portability (receive your data in a machine-readable format).
  • Withdraw consent for analytics at any time.
  • Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email privacy@companycheckr.com. We respond within one month.

10. Security

We protect your data with encryption in transit (TLS), encryption at rest, strict access controls, row-level security on our database, multi-factor authentication for administrative access, and routine security scans. No system is perfectly secure; if we become aware of a personal-data breach affecting you, we will notify you and the ICO as required by UK GDPR.

11. Children

The Service is not directed at children under 18 and we do not knowingly collect data from them.

12. Changes to this policy

We may update this Privacy Policy. Material changes will be notified by email or in-app at least 14 days before they take effect.