Legal

Privacy Policy.

Effective 3 July 2026

1. Scope

This policy explains how PeopleProbe (“we”, “us”) handles personal data. It covers two distinct groups: customers — the account holders who commission research — and research subjects — the people and entities named in that research. Both are addressed below, because their data is handled differently.

2. Data we hold about customers

  • Account data. Name, email address, and sign-in records. We use magic-link authentication; we never store a password.
  • Billing data. Credit purchases and the credit ledger. Card details are collected and stored by Stripe, our payment processor; we hold only a customer reference and transaction records.
  • Usage data. The searches you run, the stated purpose of each search, reports generated, and service logs kept for security and reliability.

3. Data we process about research subjects

When a customer commissions an investigation, we gather publicly available information about the named subject: company registries, court and regulatory records, sanctions and watchlists, press coverage, academic and professional records, and comparable open sources. We compile this into an evidence-graded report for the commissioning customer. We do not access credit files, private databases, or non-public personal information, and we do not build a standing database of individuals — research data is gathered per investigation and retained as described in section 7.

4. Why we process data (legal bases)

  • Customers: performance of our contract with you (running the service, billing), and our legitimate interests in securing and improving it.
  • Research subjects: our and our customers' legitimate interests in lawful due diligence — fraud prevention, KYC/AML compliance, counterparty vetting, journalism, and personal security — balanced against the subject's rights. We process only information already in the public domain, we grade rather than assert it, and every search carries a recorded lawful purpose. Where processing serves compliance with a legal obligation (such as AML screening), that obligation is the basis.

5. Who we share data with

We do not sell personal data, and we have not sold it in the preceding twelve months. We share data only with processors who run the service on our behalf — hosting and database infrastructure (Vercel, Supabase), payments (Stripe), email delivery, search providers, and AI model providers that process search text to assemble reports — each bound by contract to process it only on our instructions. We disclose data where the law requires it, or to protect the rights, safety, or property of any person. Reports go to the customer who commissioned them and no one else.

6. International transfers

Our infrastructure providers operate in the United States and the European Union. Where personal data leaves the UK or EEA, the transfer is protected by standard contractual clauses or an adequacy decision.

7. Retention

  • Account and billing records: for the life of the account, then up to six years as required for tax and accounting.
  • Reports and research data: for the life of the commissioning account, so customers can retrieve their deliverables; deleted on account closure or verified deletion request, subject to legal holds.
  • Service logs: up to twelve months.

8. Security

Data is encrypted in transit and at rest. Report artifacts are stored in a private bucket and reachable only through expiring signed URLs issued to the owning account. Access to production systems is restricted and logged. No system is perfectly secure; if a breach affects your data, we will notify you and the relevant authority as the law requires.

9. Your rights

If you are in the UK or EEA (GDPR): you have the right to access, rectify, and erase your personal data; to restrict or object to its processing — including processing based on legitimate interests; to data portability; and to lodge a complaint with your supervisory authority.

If you are a California resident (CCPA/CPRA): you have the right to know what personal information we hold about you, to delete it, to correct it, and to be free from discrimination for exercising those rights. We do not sell or share personal information for cross-context behavioural advertising.

If you are the subject of a report: the same rights apply to you. You may ask whether we hold research output naming you, contest the accuracy of a finding, or request deletion. Because findings are drawn from public records, a correction may take the form of a re-grade or annotation where the underlying public record itself has not changed. We respond within thirty days.

Exercise any of these rights at privacy@probepeople.com. We will verify your identity before acting, and we may retain what the law requires us to keep.

10. Cookies

We use only the cookies needed to keep you signed in and secure the service. There is no advertising or cross-site tracking.

11. Children

The service is for professional use and is not directed to children under 16. We do not knowingly hold account data on children.

12. Changes

We may update this policy. Material changes are notified by email or in the product before they take effect; the current version is always at this address.

13. Contact

Privacy questions and data-subject requests: privacy@probepeople.com. See also our Terms of Service, including the prohibition on FCRA-regulated uses.