Privacy Policy

Last updated: 8 May 2026 · B2Verify

Our core commitment

B2Verify does not sell, rent, or share your personal data with third parties. We do not use your data for advertising. We do not process the personal data of individuals who appear in business records — that data is sourced from public UK registers and is not collected by us.

1. Who We Are

B2Verify is the data controller for personal data you provide when creating an account or contacting us. Contact: hello@b2verify.com.

2. What Personal Data We Collect

We only collect what is strictly necessary:

  • Account data: your name and email address, collected when you create an account via Clerk.
  • Usage data: search query counts (not the queries themselves) to enforce monthly limits.
  • Payment data: handled entirely by Stripe. We never see or store card details.
  • Account requirement: all searches require a free user account. We do not place tracking cookies for unauthenticated visitors.

Business data we display (directors, addresses, filings) is sourced from Companies House public registers under the Open Government Licence. We do not collect or store this data in association with your account.

3. How We Use Your Data

  • To provide and maintain your account and subscription
  • To enforce search quotas and subscription limits
  • To send transactional emails (account creation, billing receipts)
  • To detect and prevent misuse or fraud

We do not use your data for:

  • Advertising or marketing to third parties
  • Selling or sharing with data brokers
  • Profiling our users or making automated decisions about them

Separately, our platform analyses public business register data sourced from Companies House under the Open Government Licence v3.0. This analysis surfaces structural and compliance patterns as Trust Scores, risk bands, and Notices on company profiles. These are advisory observations, not adjudicative findings — they do not constitute a determination of any individual's character, conduct, or business intent.

4. Public Register Data Processing & Your Rights

Public Register Data Processing

B2Verify processes data published by Companies House under the Open Government Licence v3.0. This includes information about company directors, secretaries, and Persons with Significant Control (PSCs) — much of which constitutes personal data under UK GDPR.

Your rights regarding this data

If you are an individual whose personal data appears in our analysis (e.g., as a director, secretary, or PSC of a UK company), you have the following rights under UK GDPR:

  • Right of access (Article 15): You may request a copy of the personal data we hold about you and information about how it is processed.
  • Right to rectification (Article 16): If data we display is inaccurate, you may request correction. Note that for source data published by Companies House, you may also need to file a correction with Companies House directly; we sync from the public register.
  • Right to object (Article 21): You may object to specific processing, including any pattern observation (Identity Inconsistency Notice, Recurring Pattern Notice, Complex Ownership Notice) raised on a company you control or appear in.

How to exercise these rights

Submit a request via our correction widget at /business/{company-number}/correction or by emailing privacy@b2verify.com. We will respond within 5 business days.

Note on accuracy

Pattern observations are derived from public register data and may have legitimate explanations not visible from the register alone. Where you provide context, we will display it alongside the observation.

5. Legal Basis for Processing (UK GDPR)

  • Contract performance: processing your account and subscription details
  • Legitimate interests: security monitoring and fraud prevention
  • Consent: optional marketing communications (where applicable)

6. Third-Party Services

We use a minimal set of sub-processors:

ClerkAuthentication and account managementPolicy ↗
StripePayment processing. No card data is stored by us.Policy ↗
VercelHosting and infrastructure (EU/UK data centres)Policy ↗

No other third parties receive your personal data.

7. Cookies

What we store on your device

We use cookies only for essential functions: authentication session (Clerk), CSRF protection, and analytics consent state. We do not use marketing trackers, advertising cookies, or cross-site profiling cookies. Earlier versions of this policy referenced an anon_search_used cookie; this cookie is not used by the current version of B2Verify.

Strictly necessary (always on): session cookies managed by Clerk for authenticated users. We do not place tracking cookies for unauthenticated visitors. All searches require a free account.

Analytics (consent required): if you accept the cookie banner we load Google Analytics 4 (aggregated usage metrics, IP anonymised) and Microsoft Clarity (anonymised session replay and heatmaps) so we can see which pages are useful and where users get stuck. No advertising cookies are ever set. Clear cookie_consent from localStorage to withdraw consent.

8. Data Retention

Account data is retained for as long as your account is active plus 90 days after deletion (to handle disputes or chargebacks). Stripe billing records are retained as required by financial regulations (typically 7 years).

9. Your Rights Under UK GDPR

You have the right to:

  • Access a copy of your personal data
  • Correct inaccurate data
  • Request erasure (right to be forgotten)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise any of these rights, email hello@b2verify.com. We will respond within 30 days. You may also lodge a complaint with the ICO (Information Commissioner's Office).

10. International Transfers

Your data is processed within the UK and EU. Where US-based sub-processors are used (Clerk, Stripe), transfers are covered by Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).

11. Changes to This Policy

We will notify registered users by email if we make material changes. The “last updated” date at the top of this page will always reflect the current version.

12. Trust Badge Analytics Privacy

When a verified company embeds the B2Verify trust badge on their website, we log click-through analytics. For each click we store: company number, timestamp, hashed IP address, hashed user-agent string. Hashes use SHA-256 with a daily-rotating salt and cannot be reversed to identify individual visitors. Raw IP addresses and user-agent strings are not stored. This data is visible only to the badge owner in their dashboard and is never shared with third parties or aggregated into public statistics.

13. Error Monitoring (Sentry)

We use Sentry to monitor production errors. Sentry is configured with sendDefaultPii: false, meaning we do not send personally identifying information by default. Error events include: route name, error type, stack trace, and a hashed user identifier (where applicable). We use this data solely to diagnose and fix bugs. Sentry's data processing agreement is available at sentry.io/legal/dpa.

14. Public Status Page

We publish real-time service status at status.b2verify.com (powered by BetterStack). This page shows uptime metrics for our public endpoints. No user-identifying information is published.

15. 7-day Pro Trial Transparency

When you start a 7-day Pro trial, we record: trial start date, payment method (handled by Stripe — we do not store card numbers), and trial end date. You will receive a reminder email 24 hours before the trial ends. You may cancel at any time from your dashboard or by emailing support@b2verify.com.

16. IP-based Trial-stacking Protection

To prevent abuse of free trials, we maintain a temporary record of IP addresses that have started Pro trials, stored in Redis under key trial_ip:{ip} with a 30-day TTL. This processing is justified under UK GDPR Article 6(1)(f) (legitimate interest in preventing fraud). The IP record is hashed and is not linked to user accounts.