Legal
Privacy Notice & Policy
This notice summarises the OSINTA.AI privacy posture: why data is processed, how it is protected, and how GDPR rights requests are handled.
Last updated: 18 June 2026
Data Controller and Contact
- Data Controller
- OSINTA LTD
- Address
- 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
- info@osinta.ai
The data controller responsible for the personal data described in this notice is OSINTA LTD, a company registered in England and Wales under company number 17263144.
Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. The company holds ICO registration reference ZC174082. For any privacy or data protection matter you can contact us at info@osinta.ai.
Legal inquiries: support@osinta.ai
1) Service scope
OSINTA helps each person see and understand their OWN public digital footprint — drawn from public sources and the inputs they choose to connect. Never anyone else's.
This notice explains the personal data processed in the course of providing the service, processing purposes, transfer and retention principles, and your rights under GDPR and applicable data protection laws.
2) Categories of personal data processed
To provide and securely operate the service, the following categories may be processed:
- Identity information: name, surname (in account/contact context).
- Contact information: email, optional phone number.
- Account and transaction security: IP address, session/login-logout records, security logs; passwords are stored only in hashed form.
- Payment/subscription: transaction/subscription identifiers produced by your payment provider (card information is not stored by us).
- Usage data: platform transaction history, outputs, and support requests (as applicable).
3) Processing purposes and legal basis
Your personal data may be processed for the following purposes under GDPR Art.6 and applicable data protection laws:
- Contract formation and performance: account creation, authentication, service delivery, reporting, and support.
- Legal obligation compliance: statutory record-keeping/reporting obligations and billing processes.
- Legitimate interest: service security, abuse prevention, performance/quality improvements, and product reliability.
- Explicit consent (where applicable): product updates, marketing communications, and optional communications.
4) Data transfers (domestic / international)
Data may be shared with service providers necessary for service delivery, such as cloud hosting, email/communications, error tracking, analytics (if applicable), and payment infrastructure.
If a lawful request is received from authorised public authorities, sharing may occur within the scope of legal obligations.
If transfer outside the EEA is required, appropriate safeguards (e.g., Standard Contractual Clauses) are applied and transfer scope is kept to a minimum.
5) Retention periods
Personal data is retained for as long as necessary for the processing purpose and within the limits of retention periods prescribed by applicable law.
Retention periods may vary based on account status, contractual relationship, legal retention obligations, and technical/operational requirements.
6) Your rights and requests
Under GDPR Art.15-22 and applicable data protection laws, you have rights including access, rectification, erasure, restriction of processing, objection, and (where applicable) data portability.
You may submit requests via email. Identity verification may be required.
To exercise any of the rights above, email us at info@osinta.ai or use the data-request route on this site. Tell us which right you wish to exercise and enough detail for us to locate your data.
To protect your data, we may need to verify your identity before we act. Under the UK GDPR we will respond without undue delay and within one month of receiving your request; if a request is especially complex we may extend this and will tell you why.
7) Updates
This notice may be updated from time to time. Significant changes will be communicated through reasonable means.
8) Service providers we use
We rely on a small set of service providers (sub-processors) to operate the service. Each is used only for the purpose described, under appropriate data processing terms:
- SendGrid — email for this website: waitlist confirmations and contact enquiries.
- Plausible Analytics — cookieless, privacy-first website analytics that holds no personal data.
- Vercel — hosting and content delivery for this website and the application.
- Anthropic and OpenAI — the third-party AI services that generate OSINTA AI assistant replies from the messages you send to the assistant.
- Twilio — one-time passcodes, by SMS and email, for sign-in verification.
- Apple — Sign in with Apple, and push notifications.
- Google — Sign in with Google.
- Open-web search providers — to search public sources for your own digital footprint; the search terms are drawn from your own details, such as your name.
- Data-breach check providers — to check whether your own email address appears in known data breaches; a one-way hash of your email, or for some checks your email address, is sent for this check.
- Internet-infrastructure check providers — to check public records for domains or IP addresses associated with you.
- A full, named list of our sub-processors is available on request.
9) Your right to complain
If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk. We would, however, welcome the chance to address your concerns first — please contact us at info@osinta.ai.
Review our compliance approach
Use the Trust Center and documentation for policy-level review; contact us about your own privacy requests.