Last updated: 5 June 2026

Privacy Policy

Internet Audit is a trading name of Internet Audit Limited, a company registered in England and Wales under company number 14466989. This policy explains how we use personal data when you request a self-check digital footprint audit.

The service is designed for people checking their own information only. You must not use Internet Audit to investigate another person, screen someone for employment, tenancy, credit, insurance, law-enforcement, eligibility, or make any other decision about another person.

Who Is Responsible

Internet Audit Limited, company number 14466989, is the controller for personal data processed through Internet Audit, except where a third-party provider acts as an independent controller for its own service. For privacy questions or rights requests, email [email protected].

Information We Collect

Audit details you enter, including name, date of birth, town or city, country, email address, mobile number, Instagram username, TikTok username, and consent confirmations.
Payment and checkout metadata needed to confirm that a paid audit has been purchased. Card details are handled by Stripe and are not collected by Internet Audit.
Referral information where you arrive through an affiliate link, such as the affiliate code, referral attribution, commission ledger entries, and first-party browser storage used to remember the referral for a limited period.
Audit results returned from configured services, such as public search results, breach indicators, Companies House officer records, social profile signals, username exposure checks, browser/network exposure signals, and AI summaries.
Technical data needed to run and secure the website, such as IP-derived country information, browser/device hints, session storage, security tokens, service logs, and error information.
Google Analytics 4 measurement signals, such as page activity, timestamp, referrer, browser/device information, IP-derived country, consent state, and analytics storage where this is permitted by geography or you accept analytics cookies.

How We Use Information

To create a checkout session, verify payment, and unlock the paid audit report.
To attribute eligible purchases and refunds to affiliates, calculate commission, show affiliate dashboard statistics, and keep payout records.
To run the self-check audit services you request, show the results in your browser session, and create a short-lived hosted report link after a paid audit completes.
To verify consent, enforce one-time or paid-access limits, prevent misuse, troubleshoot service issues, and maintain security.
To generate Internet Audit AI summaries, risk notes, and a web-backed final overview from reduced audit findings and submitted identifiers where the AI overview service is configured.
To provide customer support, respond to privacy requests, and keep records needed to comply with legal obligations.
To understand aggregate site usage and improve Internet Audit, using full analytics where permitted by geography, and otherwise using cookieless analytics unless you accept analytics cookies.

Lawful Bases

Contract: to provide the paid digital audit you request.
Consent: for optional checks, marketing permissions, and user confirmations.
Legitimate interests: to secure the service, prevent misuse, diagnose errors, keep short operational records, and improve reliability in a proportionate way.
Legal obligation: where we need to keep or disclose limited information for tax, accounting, fraud prevention, consumer protection, or regulatory reasons.

Third-Party Services And Recipients

Cloudflare: website hosting, security, edge country detection, serverless functions, and short-lived audit storage.
Stripe: checkout, payment processing, fraud prevention, and payment records.
HubSpot: customer relationship records, checkout status, report-link notes and expiry fields, marketing opt-in capture, and referral attribution fields where applicable.
Klaviyo: email delivery for report-ready messages and marketing consent syncing where configured.
Have I Been Pwned: email breach indicators where you provide an email address.
Companies House: UK officer and company register checks for UK submissions.
Apify and configured Apify actors: public web search, username checks, Instagram checks, TikTok checks, and Instagram following checks where configured.
OpenAI: AI summaries, public-result inferences, and web-backed overview research from reduced audit-result text and submitted identifiers.
OpenStreetMap/Nominatim: approximate geocoding of public social post locations where returned by configured social checks.
Google Analytics 4: consent-mode analytics pings, with analytics storage enabled where permitted by geography or after you accept analytics cookies.

We aim to send each provider only the minimum data needed for the selected check. Some providers may act as processors for us, and some may act as independent controllers under their own terms and privacy notices.

Retention

Paid audit request data, audit access tokens, and standard cached audit results are normally retained for up to one hour so the report can load after checkout.
Customer report links and frozen report snapshots are retained for up to 48 hours after generation. During that period, anyone with the long, unguessable link can open the report, and the link expires automatically after deletion from short-lived storage.
Browser session storage may keep audit details and access tokens in your own browser session so the report can load. You can clear this by closing the session or clearing site data.
Your analytics cookie choice is stored in your browser when you accept or decline the analytics notice, so we can remember whether Google Analytics may use analytics cookies in consent-required regions.
Referral codes may be stored in first-party browser storage for up to 30 days so an affiliate link can be attributed if checkout happens after the first page view.
Affiliate commission ledger and payout records may be kept for accounting, fraud prevention, dispute handling, and tax purposes.
Stripe, Cloudflare, Apify, OpenAI, Have I Been Pwned, Companies House, and other providers may keep their own logs or records under their own retention rules.
Accounting, fraud prevention, chargeback, support, or legal records may be kept for longer where required or proportionate.

International Transfers

Some providers may process data outside the United Kingdom or European Economic Area. Where required, we use appropriate safeguards such as adequacy regulations, standard contractual clauses, the UK International Data Transfer Addendum or Agreement, transfer risk assessments, and provider security commitments.

AI And Automated Analysis

AI summaries are used to explain audit findings in plain language for your own self-audit. The final overview may send reduced audit findings and submitted identifiers to OpenAI so it can research public sources and produce a concise synthesis. It is not based on hidden account access, and the service does not make legal, employment, tenant, credit, insurance, law-enforcement, eligibility, or other significant decisions about you.

Children

Internet Audit is not intended for children.

Your Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also have the right to withdraw consent for optional processing. Withdrawal will not affect processing already completed before withdrawal, such as a completed third-party search.

UK users can complain to the Information Commissioner's Office at ico.org.uk. If you are in the United States, you may have additional state privacy rights, including rights relating to sensitive or biometric information. Contact us using the email below and we will handle your request according to the laws that apply.

Contact

For privacy questions, consent withdrawal, deletion requests, or other data rights requests, email [email protected] and include enough information for us to identify the audit or purchase you are asking about.