Privacy Policy
Last updated: 10 March 2026
1. Introduction
CompanyTrack respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and share your personal data when you use our website and services, and tells you about your privacy rights and how the law protects you.
Please read this privacy policy together with our Terms of Service. This privacy policy supplements our other policies and is not intended to override them.
2. Who We Are
[Company Name] is the data controller responsible for your personal data (referred to as "we", "us", or "our" in this policy).
Contact details:
- Company name: [Company Name]
- Registered address: [Registered Address]
- Email: contact@companytrack.com
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.
3. Data We Collect About You
Personal data means any information about an individual from which that person can be identified. We may collect, use, store, and transfer the following kinds of personal data:
3.1 Information You Provide
- Identity Data: first name, last name, and username.
- Contact Data: email address.
- Financial Data: payment card details (processed securely by our payment provider — we do not store your full card details).
- Transaction Data: details of subscriptions and payments made through CompanyTrack.
- Profile Data: your account preferences, saved searches, watchlists, notes, and alert settings.
3.2 Information Collected Automatically
- Technical Data: IP address, browser type and version, time zone, operating system, device type, and platform.
- Usage Data: information about how you use CompanyTrack, including pages viewed, features used, search queries, and interaction patterns.
3.3 Information From Third Parties
We may receive data from third-party services that you use to sign up or log in to CompanyTrack (such as authentication providers), as well as analytics providers.
We do not collect any Special Categories of Personal Data (such as data about race, ethnicity, religious beliefs, health, sexual orientation, or political opinions).
4. How We Collect Your Data
- Direct interactions: when you create an account, subscribe to a plan, save searches, create watchlists, set up alerts, or contact us.
- Automated technologies: as you use CompanyTrack, we automatically collect Technical and Usage Data using cookies, session tokens, and similar technologies (see Section 9 below).
- Third-party services: we receive data from our authentication provider when you sign up or log in, and from analytics services that help us understand how CompanyTrack is used.
5. How We Use Your Data
We will only use your personal data where we have a lawful basis to do so. The main lawful bases we rely on are:
- Performance of a contract: where processing is necessary to provide you with our Services.
- Legitimate interests: where processing is necessary for our (or a third party's) legitimate interests, provided your rights do not override those interests.
- Legal obligation: where we need to comply with a legal or regulatory obligation.
- Consent: where you have given specific consent (e.g., for marketing communications).
Specifically, we use your data to:
| Purpose | Data used | Lawful basis |
|---|---|---|
| Create and manage your account | Identity, Contact | Contract performance |
| Process payments and manage subscriptions | Identity, Contact, Financial, Transaction | Contract performance |
| Provide our Services (search, watchlists, alerts, saved searches) | Identity, Profile, Usage | Contract performance |
| Generate AI-powered company analysis | Usage (search queries and selected companies) | Contract performance |
| Improve CompanyTrack and develop new features | Technical, Usage | Legitimate interests |
| Ensure security and prevent fraud | Identity, Technical | Legitimate interests |
| Notify you of changes to our Terms or services | Identity, Contact | Legal obligation |
| Send you marketing communications | Identity, Contact | Consent / Legitimate interests |
6. Who We Share Your Data With
We may share your personal data with the following categories of third parties, only to the extent necessary for the purposes described above:
- Authentication provider (Clerk): to manage user accounts, login, and session security.
- Payment processor (Stripe): to process subscription payments securely. Stripe handles your payment card details directly — we do not store full card numbers.
- Analytics providers: to help us understand how CompanyTrack is used and to improve our Services. We use privacy-focused analytics tools that minimise personal data collection.
- AI service providers: to generate company analysis and insights. We send only company data (not your personal data) to these services.
- Search infrastructure providers: to power company, director, and shareholder search functionality.
- Professional advisers: including lawyers, auditors, and insurers where necessary.
- Regulatory authorities: including HMRC and the ICO, where required by law.
We require all third-party service providers to respect the security of your personal data and to treat it in accordance with the law. We do not allow them to use your personal data for their own purposes and only permit them to process it for specified purposes and in accordance with our instructions.
7. International Transfers
Some of our third-party service providers are based outside the United Kingdom and the European Economic Area (EEA). Where your personal data is transferred outside the UK/EEA, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the relevant authorities, to provide a similar degree of protection for your data.
Please contact us if you would like further information about the specific safeguards applied to international transfers of your data.
8. Data Security
We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way. These include:
- Encrypted data transmission (HTTPS/TLS).
- Secure authentication and session management.
- Access controls limiting data access to authorised personnel only.
- Regular review of our security practices.
We have procedures in place to deal with any suspected personal data breach and will notify you and the relevant regulator where we are legally required to do so.
9. Cookies and Similar Technologies
CompanyTrack uses the following types of cookies and similar technologies:
- Essential cookies: session cookies required for authentication and security. These are necessary for CompanyTrack to function and cannot be disabled.
- Preference cookies: to remember your settings, such as your chosen theme (light or dark mode). These are stored in your browser's local storage.
- Analytics cookies: to help us understand how visitors use CompanyTrack so we can improve the service. We use privacy-focused analytics tools.
You can set your browser to refuse all or some cookies, or to alert you when cookies are being set. If you disable essential cookies, some parts of CompanyTrack may not function properly.
10. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and applicable legal requirements.
By law, we are required to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers, for legal and tax purposes.
When you delete your account, we will delete or anonymise your personal data, except where we are required by law to retain it.
11. Your Legal Rights
Under UK data protection law, you have the following rights in relation to your personal data:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of any inaccurate or incomplete data.
- Right to erasure: request deletion of your personal data in certain circumstances.
- Right to restrict processing: request that we limit how we use your data.
- Right to data portability: request transfer of your data to you or another provider in a structured, machine-readable format.
- Right to object: object to our processing of your data where we rely on legitimate interests.
- Right to withdraw consent: where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at contact@companytrack.com. We will respond to all legitimate requests within one month. If your request is particularly complex, we may require up to an additional two months, and we will notify you accordingly.
You will not normally have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
12. Marketing
We may use your Identity and Contact Data to send you information about CompanyTrack features, updates, and services that may be of interest to you.
You will only receive marketing communications from us if you have opted in to receive them, or if you are an existing customer and the marketing relates to similar products and services.
We will not share your personal data with third parties for their own marketing purposes without your explicit consent.
You can opt out of marketing communications at any time by contacting us at contact@companytrack.com or by using the unsubscribe link in any marketing email.
13. Third-Party Links
CompanyTrack may include links to third-party websites, plug-ins, and applications. We do not control these third-party websites and are not responsible for their privacy practices. When you leave CompanyTrack, we encourage you to read the privacy policy of every website you visit.
14. Children's Privacy
CompanyTrack is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that data promptly.
15. Changes to This Privacy Policy
We may update this privacy policy from time to time. The updated version will be posted on CompanyTrack with a revised "Last updated" date. We encourage you to review this policy periodically.
Where changes are significant, we will endeavour to notify you by email or through a notice on CompanyTrack.
16. Contact Us
If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact us:
- Email: contact@companytrack.com
- Post: [Company Name], [Registered Address]