Privacy Policy

Last updated: 21 May 2026

In short: We do not sell your personal data. We do not share your personal data with third parties for marketing or advertising. The only third parties we share data with are the service providers we strictly need to deliver the Service (payments, transactional email, analytics) — each is detailed in Section 7 below.

1. Data Controller

The data controller for personal data processed through Company Shark is:

Kernow Digital Ltd
Company No. 14041056
Registered in England & Wales
Email: [email protected]

2. Data We Collect

We collect and process the following personal data:

  • Account information: Username, email address, and password (stored as a secure one-way hash — we cannot read your password).
  • Email verification status: Whether you have verified your email address, and the timestamp of verification.
  • Search history: Records of searches performed on the platform, including search terms and filters used.
  • Usage analytics: Information about how you use the Service, including search counts, export counts, login activity, and feature usage. Used to monitor service performance, enforce fair-use limits, and detect abuse.
  • Session data: IP address, browser user-agent, and session identifiers for authentication, security, and abuse detection.
  • Analytics events (via Google Analytics 4): Aggregated, pseudonymous information about how visitors interact with the public marketing pages and the dashboard — pages viewed, referring source, approximate location (country/city level only), device type. See Section 7 for details and your opt-out options.

2a. What We Do Not Do

We want to be explicit on what we will not do with your data:

  • We do not sell your personal data to anyone, for any purpose, ever.
  • We do not share your personal data with third parties for marketing, advertising, or profiling purposes.
  • We do not rent your contact details to data brokers, lead lists, or marketing platforms.
  • We do not use your account or search activity to advertise to you on other websites.
  • We do not retain payment card numbers — only Stripe sees those.

3. Payment Data

All payment processing is handled entirely by Stripe, which is PCI DSS compliant. We do not store, process, or have access to your full card details. We store only:

  • Your Stripe customer ID (an opaque identifier).
  • Your Stripe subscription ID.
  • Subscription status and billing dates.

For information on how Stripe handles your payment data, see Stripe's Privacy Policy.

4. Companies House Data

The company data you search and view through the platform is sourced from the Companies House public register. This data is publicly available and does not constitute personal data under GDPR. We act as a data processor presenting publicly available information.

5. Lawful Basis for Processing

We process your personal data on the following lawful bases:

  • Contract performance (Article 6(1)(b) GDPR): Processing your account data is necessary to provide you with the Service you have signed up for.
  • Legitimate interest (Article 6(1)(f) GDPR): We use usage analytics to improve the Service, monitor system performance, and prevent abuse.

6. Data Retention

We retain your personal data as follows:

  • Account data: Retained for as long as your account is active. Upon account deletion, your personal data will be removed within 30 days.
  • Search history: Retained according to your subscription tier (7 days for Free, 30 days for Pro, unlimited for Business).
  • Usage analytics: Retained in anonymised form for up to 24 months for service improvement purposes.

7. Third-Party Processors

We share strictly the personal data necessary with the following third-party processors. We do not share data with anyone for marketing or advertising purposes:

  • Stripe (payment processing) — Processes subscription payments securely. Receives your name, email address, and payment card details (which you enter directly into Stripe's secure form — we never see your card details). Privacy Policy
  • Resend (transactional email) — Delivers account-related emails on our behalf: email verification, welcome, password reset, broadcast announcements. Receives your username, email address, and the content of those emails. Privacy Policy
  • Google Analytics 4 (usage analytics) — Helps us understand how visitors find and use the Service so we can improve it. Receives pseudonymous information about page views, referrers, approximate location (country / city only — IP addresses are anonymised before storage), and device type. We do not enable advertising features, do not link Google Analytics to Google Ads, and have IP anonymisation enabled. Google Privacy Policy. You can opt out via the Google Analytics Opt-out Browser Add-on.
  • Google Search Console (SEO monitoring) — Provides us with aggregate, anonymous information about how Company Shark appears in Google search results. No personal data about our users is shared with Google Search Console — it only receives aggregated search query statistics from Google about traffic to our public pages.
  • Companies House API — We send your search queries to retrieve public UK company data. No personal user data is shared with Companies House.
  • Our hosting provider (cPanel / VPS) — Stores the database and application files. Bound by hosting contract to act as a data processor only.

None of these processors are permitted to use your data for their own marketing purposes. All are bound by data-processing agreements or equivalent contractual terms.

8. Your Rights

Under the UK GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your personal data (subject to legal obligations).
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interest.
  • Right to restrict processing: Request restriction of processing in certain circumstances.

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month.

9. Cookies

We use essential cookies (for login and session management) and analytics cookies (set by Google Analytics) to understand how the Service is used. For full details on each cookie and how to opt out, please see our Cookie Policy.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit.
  • Passwords stored using industry-standard one-way hashing (bcrypt).
  • Secure, HTTP-only session cookies.
  • Regular security reviews and updates.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users by email. The "last updated" date at the top of this page indicates when the policy was last revised.

12. Contact & Complaints

If you have any questions or concerns about this Privacy Policy or wish to make a complaint, please contact:

Kernow Digital Ltd
Email: [email protected]

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.