Privacy Policy
This Privacy Policy describes how SearchOps Ltd ("SearchOps", "we", "us", "our") collects, uses, discloses and safeguards your personal data when you visit searchops.co.uk or use the SearchOps platform (the "Service"). We are committed to protecting your privacy and handling your data transparently and responsibly.
At a glance
What we collect: account details, billing data, product usage, and the business-location data you add to the Service.
Why: to provide, secure and improve the Service, and to meet our legal obligations.
Who we share with: a small number of trusted sub-processors bound by data processing agreements. We never sell your personal data.
Your rights: access, correction, deletion, portability, objection, and complaint to your data protection authority. Email info@searchops.co.uk to exercise them.
1. Who we are
SearchOps Ltd is a company registered in England and Wales with its registered office at 86 Paul St, London EC2A 4NE, UK. For the purposes of the UK GDPR, the EU GDPR (where applicable), and other data protection laws, SearchOps Ltd is the controller of the personal data described in this policy.
You can contact our privacy team at any time at info@searchops.co.uk or by writing to us at the address above.
2. Scope of this policy
This policy applies to personal data we process as a data controller-that is, when we decide how and why it is processed. When our customers use SearchOps to process personal data relating to their own end users, we act as a processor on the customer's behalf; that relationship is governed by our Data Processing Addendum, which forms part of our customer agreement.
3. Personal data we collect
We collect the following categories of personal data:
3.1 Information you provide to us
- Account data. Name, email address, password (stored only as a one-way hash by our authentication provider), organization or agency name, role.
- Billing data. Name, billing address, VAT number, last four digits and brand of your payment card, country of issue, and transaction history. Full card numbers are handled directly by our PCI-DSS compliant payment processor and are not stored on our servers.
- Customer content. The business locations, keywords, scan configurations, reports and any other data you input into the Service.
- Support communications. The content of any emails, chats or tickets you send us.
3.2 Information we collect automatically
- Usage data. Pages and features accessed, actions taken, credit consumption, timestamps, referring URLs.
- Device and log data. IP address, browser type and version, operating system, device identifiers, language preference, error logs, and request metadata.
- Cookies and similar technologies. See our Cookie Policy for details.
3.3 Information from third parties
We may receive data from integrations you choose to connect (for example, Google Business Profile data when you link a GBP account), from search data providers who deliver results on our behalf, and from service providers we use for fraud prevention and billing.
4. How we use your personal data and our lawful bases
We only process your personal data when we have a lawful basis to do so under the UK GDPR and the EU GDPR. The table below maps our main purposes to their respective legal bases.
| Purpose | Lawful basis |
|---|---|
| Creating and administering your account | Performance of a contract |
| Delivering the Service, including running scans and audits | Performance of a contract |
| Processing payments and maintaining billing records | Performance of a contract; legal obligation (tax and accounting) |
| Securing the Service, preventing abuse and investigating misuse | Legitimate interests (protecting our platform and users) |
| Improving and developing product features | Legitimate interests (building a better product) |
| Providing customer support | Performance of a contract; legitimate interests |
| Service announcements and essential account notices | Legitimate interests; legal obligation |
| Marketing communications about new features | Consent (which you can withdraw at any time) |
| Responding to legal requests and preventing fraud | Legal obligation; legitimate interests |
Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests are not overridden by your rights and freedoms. You can ask for more information about any such assessment by contacting us.
5. How we share your personal data
We do not sell your personal data. We share it only where necessary to operate the Service and always under appropriate contractual protections.
5.1 Service providers (sub-processors)
We rely on a small number of trusted third-party service providers for functions such as application hosting, database and authentication infrastructure, payment processing, search data retrieval, and AI-powered analysis. Each provider is bound by a data processing agreement that requires them to process personal data only on our documented instructions and to apply appropriate security measures.
A current list of our sub-processors is available on request by contacting info@searchops.co.uk. Where required, we will give customers advance notice of material changes to our sub-processor list.
5.2 Legal and compliance
We may disclose personal data where we are legally required to do so, for example in response to a valid court order, regulator request or lawful investigation, or where disclosure is necessary to protect our rights, property or the safety of others.
5.3 Corporate transactions
If we are involved in a merger, acquisition, financing, reorganisation, bankruptcy or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users and ensure that any successor is bound by privacy obligations consistent with this policy.
6. International data transfers
Some of our service providers are located outside the United Kingdom and the European Economic Area. Where personal data is transferred to a country that has not been recognized as providing an adequate level of data protection, we rely on appropriate safeguards such as:
- The UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.
- The EU Standard Contractual Clauses (for transfers from the EEA).
- Adequacy decisions made by the UK Government or the European Commission.
You can request a copy of the relevant safeguards by emailing info@searchops.co.uk.
7. How long we keep your personal data
We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by law.
| Category | Retention period |
|---|---|
| Active account data | For the life of the account |
| Closed-account data | Up to 90 days after closure, then deleted or anonymised |
| Customer content (scans, audits, reports) | For the life of the account; deletable on request at any time |
| Billing and tax records | 7 years from the end of the relevant financial year |
| Support communications | Up to 3 years after the last interaction |
| Security and access logs | Up to 90 days |
| Marketing records (where consent was given) | Until consent is withdrawn, plus up to 2 years of suppression data |
8. Your rights
Subject to certain exemptions, you have the following rights in relation to your personal data under UK GDPR and EU GDPR:
- Access. Request a copy of the personal data we hold about you.
- Rectification. Ask us to correct inaccurate or incomplete data.
- Erasure. Ask us to delete your personal data in certain circumstances (the "right to be forgotten").
- Restriction. Ask us to limit how we use your data.
- Objection. Object to processing based on our legitimate interests or for direct marketing.
- Portability. Receive your data in a structured, commonly used, machine-readable format, or ask us to transmit it to another controller.
- Withdraw consent. Withdraw any consent you have given us at any time, without affecting the lawfulness of processing that took place before withdrawal.
- Lodge a complaint. With the UK Information Commissioner's Office or your local data protection authority.
To exercise any of these rights, email info@searchops.co.uk. We will respond within one month and will not charge a fee unless your request is manifestly unfounded or excessive. We may need to verify your identity before releasing personal data.
9. Security
We take the security of your personal data seriously and apply appropriate technical and organizational measures, including:
- Encryption of data in transit using TLS 1.3.
- Encryption of data at rest using AES-256.
- Role-based access controls, principle-of-least-privilege, and audit logging.
- Strong password storage with salted one-way hashing.
- Regular backups, infrastructure patching, and vulnerability management.
- Staff training on data protection and security.
No system can be guaranteed to be 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, and affected individuals without undue delay where required.
10. Automated decision-making and profiling
We do not use your personal data to make solely automated decisions that produce legal effects concerning you or similarly significantly affect you. Some features of the Service use automated analysis to surface insights about business data you provide, but these are decision-support tools and always subject to human review.
11. Children's privacy
SearchOps is a B2B product intended for professional use. It is not directed at children and we do not knowingly collect personal data from anyone under the age of 16 (or the equivalent age of digital consent in your jurisdiction). If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. International users
SearchOps is operated from the United Kingdom but is available worldwide. Depending on where you are located, additional or different data protection laws may apply to you.
12.1 European Economic Area
If you are located in the EEA, the EU GDPR applies to the processing of your personal data in addition to the UK GDPR. Your rights are substantively equivalent to those described in section 8. You may contact your local data protection supervisory authority if you have concerns about how we handle your personal data.
12.2 California residents
If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA") may give you additional rights, including the right to know what personal information we have collected about you, the right to request deletion, the right to request correction, the right to limit the use of sensitive personal information, and the right to opt out of the "sale" or "sharing" of personal information.
We do not sell your personal information and we do not share it for cross-context behavioral advertising as those terms are defined under the CCPA. To exercise any CCPA right, email info@searchops.co.uk with "CCPA request" in the subject line. We will not discriminate against you for exercising your privacy rights.
12.3 Other jurisdictions
Local data protection laws in your country or region may grant you additional rights that are not expressly listed here. Contact us at info@searchops.co.uk and we will work with you in good faith to honor any valid request.
13. Third-party links
The Service may contain links to third-party websites or services that are not operated by us. This policy does not apply to those third parties, and we encourage you to review their own privacy notices before providing any personal data.
14. Changes to this policy
We may update this policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. When we make a material change, we will notify affected users by email or through the Service at least fourteen (14) days before the change takes effect. The "Last updated" date at the top of this page will always reflect the current version, and prior versions are available on request.
15. Contact
If you have any questions about this policy or how we handle your personal data, please contact us at info@searchops.co.uk or by post at:
SearchOps Ltd
86 Paul St
London EC2A 4NE
United Kingdom
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or with your local supervisory authority in the EEA. We would appreciate the opportunity to address your concerns directly before you do so.