Privacy Policy
This Privacy Policy describes how SearchOps Ltd ("SearchOps", "we", "us", "our") collects, uses, discloses and safeguards your personal data when you visit our website or use the SearchOps platform (the "Service"). Your personal data is protected by the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR). We are committed to handling your data transparently, lawfully and securely.
At a glance
What we collect: account details, billing data, product usage, and the business-location data you add to the Service.
Why: to provide, secure and improve the Service, and to meet our legal obligations.
Who we share with: a small number of trusted sub-processors bound by data processing agreements. We never sell your personal data.
Your rights: access, correction, deletion, portability, objection, and complaint to your data protection authority. Email info@searchops.co.uk to exercise them.
1. Who we are
SearchOps Ltd is a company registered in England and Wales with its registered office at 86 Paul St, London EC2A 4NE, UK. For the purposes of the UK GDPR, the EU GDPR (where applicable), and other data protection laws covered in this policy, SearchOps Ltd is the controller of the personal data described below.
You can contact our privacy team at any time at info@searchops.co.uk or by writing to us at the address above.
2. Scope of this policy
This policy applies to personal data we process as a data controller, that is, when we decide how and why it is processed. When our customers use SearchOps to process personal data relating to their own end users, we act as a processor on the customer's behalf; that relationship is governed by our Data Processing Addendum, which forms part of our customer agreement.
3. Personal data we collect
We collect the following categories of personal data:
3.1 Information you provide to us
- Account data. Name, email address, password (stored only as a one-way hash by our authentication provider), organisation or agency name, role.
- Billing data. Name, billing address, VAT or tax number, last four digits and brand of your payment card, country of issue, and transaction history. Full card numbers are handled directly by our PCI-DSS compliant payment processor and are not stored on our servers.
- Customer content. The business locations, keywords, scan configurations, reports and any other data you input into the Service.
- Support communications. The content of any emails, chats or tickets you send us.
3.2 Information we collect automatically
- Usage data. Pages and features accessed, actions taken, credit consumption, timestamps, referring URLs.
- Device and log data. IP address, browser type and version, operating system, device identifiers, language preference, error logs, and request metadata.
- Cookies and similar technologies. See our Cookie Policy for details.
3.3 Information from third parties
We may receive data from integrations you choose to connect (for example, Google Business Profile data when you link a GBP account), from search data providers who deliver results on our behalf, and from service providers we use for fraud prevention and billing.
4. How we use your personal data and our lawful bases
We only process your personal data when we have a lawful basis to do so. For UK and EEA users we rely on the bases set out in the UK GDPR and EU GDPR. For US, Canadian and Australian users the equivalent concepts are described in the regional section below.
| Purpose | Lawful basis |
|---|---|
| Creating and administering your account | Performance of a contract |
| Delivering the Service, including running scans and audits | Performance of a contract |
| Processing payments and maintaining billing records | Performance of a contract; legal obligation (tax and accounting) |
| Securing the Service, preventing abuse and investigating misuse | Legitimate interests (protecting our platform and users) |
| Improving and developing product features | Legitimate interests (building a better product) |
| Providing customer support | Performance of a contract; legitimate interests |
| Service announcements and essential account notices | Legitimate interests; legal obligation |
| Marketing communications about new features | Consent (which you can withdraw at any time) |
| Responding to legal requests and preventing fraud | Legal obligation; legitimate interests |
Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests are not overridden by your rights and freedoms. You can ask for more information about any such assessment by contacting us.
5. How we share your personal data
We do not sell your personal data and we do not share it for cross-context behavioural advertising as those terms are defined under the CCPA. We share data only where necessary to operate the Service and always under appropriate contractual protections.
5.1 Service providers (sub-processors)
We rely on a small number of trusted third-party service providers for functions such as application hosting, database and authentication infrastructure, payment processing, search data retrieval, and AI-powered analysis. Each provider is bound by a data processing agreement that requires them to process personal data only on our documented instructions and to apply appropriate security measures.
A current list of our sub-processors is available on request by contacting info@searchops.co.uk. Where required, we will give customers advance notice of material changes to our sub-processor list.
5.2 Legal and compliance
We may disclose personal data where we are legally required to do so, for example in response to a valid court order, regulator request or lawful investigation, or where disclosure is necessary to protect our rights, property or the safety of others.
5.3 Corporate transactions
If we are involved in a merger, acquisition, financing, reorganisation, bankruptcy or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users and ensure that any successor is bound by privacy obligations consistent with this policy.
6. International data transfers
Some of our service providers are located outside the United Kingdom and the European Economic Area. Where personal data is transferred to a country that has not been recognised as providing an adequate level of data protection, we rely on appropriate safeguards such as:
- The UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.
- The EU Standard Contractual Clauses (for transfers from the EEA).
- Adequacy decisions made by the UK Government or the European Commission.
- For transfers from Canada and Australia, contractual safeguards consistent with PIPEDA section 4.1.3 and Australian Privacy Principle 8.
You can request a copy of the relevant safeguards by emailing info@searchops.co.uk.
7. How long we keep your personal data
We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by law.
| Category | Retention period |
|---|---|
| Active account data | For the life of the account |
| Closed-account data | Up to 90 days after closure, then deleted or anonymised |
| Customer content (scans, audits, reports) | For the life of the account; deletable on request at any time |
| Billing and tax records | 7 years from the end of the relevant financial year |
| Support communications | Up to 3 years after the last interaction |
| Security and access logs | Up to 90 days |
| Marketing records (where consent was given) | Until consent is withdrawn, plus up to 2 years of suppression data |
8. Security
We take the security of your personal data seriously and apply appropriate technical and organisational measures, including:
- Encryption of data in transit using TLS 1.3.
- Encryption of data at rest using AES-256.
- Role-based access controls, principle-of-least-privilege, and audit logging.
- Strong password storage with salted one-way hashing.
- Regular backups, infrastructure patching, and vulnerability management.
- Staff training on data protection and security.
No system can be guaranteed to be 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it (or as required by your local notifiable-breach regime), and affected individuals without undue delay where required.
9. Automated decision-making and profiling
We do not use your personal data to make solely automated decisions that produce legal effects concerning you or similarly significantly affect you. Some features of the Service use automated analysis to surface insights about business data you provide, but these are decision-support tools and always subject to human review. Quebec residents have a specific right to request human review of any decision based exclusively on automated processing under Law 25.
10. Children's privacy
SearchOps is a B2B product intended for professional use. It is not directed at children and we do not knowingly collect personal data from anyone under the age of 16 (or the equivalent age of digital consent in your jurisdiction; 13 under COPPA in the United States). If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Your rights by region
We honour the rights granted to you by your local data protection law. The section below sets out the specific rights that apply in each of the regions where we have a substantial user base — your region is listed first.
Your rights by region
You appear to be visiting from United Kingdom, so we have surfaced the relevant statute and regulator first. Whichever region you are in, please contact us at info@searchops.co.uk to exercise any right listed below.
United KingdomYour region
Your personal data is protected by the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).
Your rights include:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your personal data (the right to be forgotten).
- Restriction — ask us to limit how we use your data.
- Objection — object to processing based on legitimate interests or for direct marketing.
- Portability — receive your data in a structured, machine-readable format.
- Withdraw consent — at any time, without affecting prior lawful processing.
- Complaint — lodge a complaint with the ICO.
We are registered with the ICO as a data controller. You also have the right to complain to the ICO without contacting us first, although we would appreciate the opportunity to address your concerns directly.
Lead supervisory authority: UK Information Commissioner's Office (ICO).
United States (California and other state laws)
If you are a US resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) and equivalent state laws in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA) and others may give you additional rights.
Your rights include:
- Right to know — what personal information we collect, use, disclose and (where applicable) share.
- Right to delete — request deletion of personal information we have collected from you.
- Right to correct — request correction of inaccurate personal information.
- Right to opt out of sale or sharing — including for cross-context behavioural advertising. We do not sell or share your data, so there is nothing to opt out of, but the right remains exercisable.
- Right to limit use of sensitive personal information.
- Right to non-discrimination — we will never charge you more or provide a lower-quality service for exercising your privacy rights.
- Right to data portability — receive your personal information in a portable, readily usable format.
We honour the Global Privacy Control (GPC) browser signal as a valid opt-out request where required. To exercise any US privacy right email info@searchops.co.uk with "US privacy request" in the subject line, or use the Cookie preferences link in the footer. You may also lodge a complaint with the CPPA or your state Attorney General.
Lead supervisory authority: California Privacy Protection Agency (CPPA).
Canada (PIPEDA and Quebec Law 25)
If you are in Canada, your personal information is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA). Residents of Quebec also benefit from An Act respecting the protection of personal information in the private sector (Law 25), and residents of Alberta, British Columbia and Ontario benefit from substantially similar provincial statutes.
Your rights include:
- Access — request access to your personal information and an account of how it has been used and disclosed.
- Correction — request correction of inaccurate or incomplete personal information.
- Withdraw consent — withdraw consent for processing at any time, subject to legal or contractual restrictions.
- Portability (Quebec) — receive your personal information in a structured, commonly used technological format under Law 25.
- Right to be forgotten (Quebec) — request de-indexing or erasure under Law 25.
- Object to automated decision-making (Quebec) — request human review of decisions based exclusively on automated processing.
- Complaint — lodge a complaint with the OPC or the Commission d'accès à l'information du Québec (CAI).
Where we rely on consent for non-essential cookies and personal information processing, Quebec residents may withdraw that consent at any time via the Cookie preferences link in the footer or by emailing info@searchops.co.uk.
Lead supervisory authority: Office of the Privacy Commissioner of Canada (OPC).
Australia (Privacy Act 1988 and the APPs)
If you are in Australia, the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) apply to how we handle your personal information. Where applicable we also comply with the Spam Act 2003 and the Notifiable Data Breaches scheme.
Your rights include:
- Access — request access to the personal information we hold about you (APP 12).
- Correction — request correction of inaccurate, out-of-date, incomplete, irrelevant or misleading information (APP 13).
- Anonymity and pseudonymity — interact with us anonymously or using a pseudonym where lawful and practicable (APP 2).
- Direct marketing opt-out — opt out of any direct marketing communications at any time (APP 7).
- Cross-border disclosure transparency — be informed before personal information is disclosed overseas (APP 8).
- Complaint — lodge a complaint with the OAIC if you are not satisfied with our handling of a privacy concern.
We will respond to access and correction requests within a reasonable period — usually within 30 days — and free of charge. We will notify the OAIC and affected individuals of any eligible data breach without undue delay under the Notifiable Data Breaches scheme. Email info@searchops.co.uk to make a request.
Lead supervisory authority: Office of the Australian Information Commissioner (OAIC).
12. Third-party links
The Service may contain links to third-party websites or services that are not operated by us. This policy does not apply to those third parties, and we encourage you to review their own privacy notices before providing any personal data.
13. Changes to this policy
We may update this policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. When we make a material change, we will notify affected users by email or through the Service at least fourteen (14) days before the change takes effect. The "Last updated" date at the top of this page will always reflect the current version, and prior versions are available on request.
14. Contact
If you have any questions about this policy or how we handle your personal data, please contact us at info@searchops.co.uk or by post at:
SearchOps Ltd
86 Paul St
London EC2A 4NE
United Kingdom