Legal

Privacy policy

This policy explains what personal data Probitas collects, why we use it, who we share it with, and the control you have over it.

Effective 19 June 2026Probitas Research

01The short version

We collect as little as we can. We host on UK servers. We do not sell your data. A report and the search behind it are kept for 90 days so your shared link keeps working, then deleted. You can ask us what we hold, and ask us to delete it, at any time.

The rest of this page is the detail behind that summary. It is written to meet the UK General Data Protection Regulation and the Data Protection Act 2018, but in language a person can actually follow.

02Who is responsible for your data

The controller of your personal data is Probitas Research. That means we decide what data is collected and why. You can reach our team about anything in this policy at privacy@probitas-research.com or hello@probitas-research.com.

03What we collect

We try to collect only what the service genuinely needs. In practice that is:

What you give us
The name or number of the company, charity or person you ask us to check; an email address if you want a report delivered or sent to you; and the details you type into a form, such as the contact form or an enterprise enquiry (your name, work email, organisation and message).
What we create for you
Your credit balance and the code that represents it, a record of the checks you have run, and the reports we have generated for you.
What we collect automatically
Basic technical information your browser sends, such as your IP address and device type, and limited logs we keep to run the service securely, prevent abuse and apply rate limits.
What we get from others
If you sign in with Google, we receive your name and email address from Google to identify your account. If you pay by card, our payment processor confirms the payment to us; we never see your full card number.

04How and why we use it

We use personal data to:

  • run the checks you ask for and deliver the reports you pay for;
  • take payment, issue and manage your credits, and send you receipts;
  • email you a report or a credit code, and reply when you contact us;
  • keep the service secure, prevent fraud and abuse, and enforce our limits;
  • understand how the service is used so we can make it better;
  • meet our own legal and accounting obligations.

We do not use the names you submit, or the reports we produce, to build a marketing profile of you, and we do not sell them.

05Our lawful bases

Under UK data protection law we must have a lawful basis for each use. Ours are:

  • Performing our contract with you, to run a check you have asked for, take payment and deliver the result;
  • Our legitimate interests, to keep the service secure, prevent abuse, respond to your enquiries and improve what we offer, balanced against your rights;
  • Complying with a legal obligation, for example keeping financial records for the period the law requires;
  • Your consent, where we ask for it, such as for any optional analytics or marketing, which you can withdraw at any time.

06The people named in a report

Probitas reads public records, so a report can name directors, trustees, officers and others connected to the company or charity being checked. That information already exists in public registers such as Companies House, the Charity Commission and published sanctions lists. We gather it, cite it to its source, and present it; we do not invent it.

If you submit a check, you are responsible for having a lawful reason to do so. If you are someone named in a report and you have a question about it, please contact us at privacy@probitas-research.com and we will explain what we hold and where it came from, and handle any rights you wish to exercise.

07Who we share data with

We do not sell personal data, and we do not share it for anyone else's marketing. We share it only with the service providers we need to run Probitas, and only as far as they need it. These are:

  • our hosting and infrastructure provider, which stores data on UK servers;
  • our payment processor, Stripe, which handles card payments;
  • our email provider, which delivers reports, codes and replies;
  • Google, if you choose to sign in with it.

Each provider acts under a contract that requires it to protect your data and use it only on our instructions. We may also disclose data where the law requires it, or to establish, exercise or defend a legal claim, or to protect the rights and safety of others.

08How long we keep things

We keep personal data only as long as we have a reason to:

  • Reports and the searches behind them are kept for 90 days, so your shared link keeps working, and then deleted.
  • Your credit balance and code are kept while the credits remain usable, so we can honour them.
  • Contact and enquiry messages are kept while we deal with them and for a reasonable period afterwards.
  • Payment and accounting records are kept for as long as tax and company law require, usually six years.
  • Security logs are kept for a short period and then removed.

09How we keep data safe

We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, and keeping the surface that handles personal data as small as we can. No system is perfectly secure, and we cannot promise absolute safety, but we treat your data with the care we would want for our own. If a breach ever affects your rights, we will tell you and the regulator as the law requires.

10Where your data is held

We host on servers in the United Kingdom. Some of the providers we use, such as our payment and email services, may process limited data outside the UK. Where that happens, we rely on safeguards approved under UK data protection law, such as the International Data Transfer Agreement or an adequacy decision, so your data keeps the same protection wherever it is processed.

11Your rights

Under UK data protection law you have the right to:

  • ask what personal data we hold about you and get a copy of it;
  • have inaccurate data corrected;
  • have your data deleted, where there is no good reason for us to keep it;
  • restrict or object to how we use it, including any processing based on our legitimate interests;
  • ask us to transfer your data to another provider, where that applies;
  • withdraw consent at any time, where we relied on consent.

To exercise any of these, email privacy@probitas-research.com. We will respond within one month, and we will not charge you for a reasonable request. We may need to confirm your identity first, so that we do not hand your data to the wrong person.

12Cookies and analytics

We keep cookies to a minimum. We use the cookies and similar storage that are strictly necessary to run the site, such as keeping you signed in and holding your credit code in your own browser. We do not use advertising cookies. If we introduce optional analytics that are not strictly necessary, we will ask for your consent first, and you will be able to change your mind.

13Children

Probitas is a service for professional and organisational use and is not directed at children. We do not knowingly collect data from anyone under 18. If you believe a child has given us their data, please tell us and we will delete it.

14Changes to this policy

We may update this policy as the service or the law changes. When we do, we will update the effective date at the top of this page, and where a change materially affects you we will take reasonable steps to let you know. Please check back from time to time.

15How to contact us, and how to complain

For anything about your data or this policy, email privacy@probitas-research.com or use the contact form.

If you are not happy with how we have handled your data, we would like the chance to put it right, so please come to us first. You also have the right to complain to the Information Commissioner's Office, the UK regulator, at ico.org.uk or on 0303 123 1113.

Probitas Research. Data enquiries: privacy@probitas-research.com.