LEGAL

PRIVACY POLICY

Last updated: 2026-05-21

DATA CONTROLLER

The data controller for this website is Crossleys Forensics, a company incorporated on the Isle of Man. You can contact us at hello@phantomtrace.co.uk .

This policy applies to personal data collected through phantomtrace.co.uk. It does not cover data processed through the PhantomTrace investigation platform itself, which is governed by a separate data-processing agreement.

WHAT WE COLLECT

We collect the following categories of personal data through this website:

  • Contact form data: name, company, role, email address, phone number (optional), country (optional), and any information you include in the notes field.
  • Free-scan request data: app URL or store link, and email address.
  • Analytics data: page views, session duration, referrer, browser type, and approximate location (country/city) — collected only with your consent via Google Analytics 4.
  • Technical data: IP address, HTTP headers, and request logs — processed by Cloudflare as part of DDoS protection and CDN delivery.

WHY WE COLLECT IT

Contact and enquiry data

Purpose: To respond to your request and assess whether PhantomTrace is a fit for your needs.

Lawful basis: Legitimate interests (UK GDPR Art. 6(1)(f)) — responding to a business enquiry you initiated.

Analytics data

Purpose: To understand how visitors use the site so we can improve it.

Lawful basis: Consent (UK GDPR Art. 6(1)(a)). Analytics cookies are not set until you accept via the cookie banner.

Technical / security data

Purpose: To deliver the site securely and protect it from abuse.

Lawful basis: Legitimate interests (UK GDPR Art. 6(1)(f)).

HOW WE SHARE IT

We do not sell personal data. We share it only with the following processors, each under a data-processing agreement:

  • Resend — transactional email delivery for form submission notifications.
  • Google Analytics (Google LLC) — website analytics, activated only with consent.
  • Cloudflare Inc. — CDN, DDoS protection, and Turnstile (bot mitigation). Cloudflare processes request data as a necessary part of delivering the site.

INTERNATIONAL TRANSFERS

Google Analytics data is transferred to the United States. Google LLC participates in the EU–US Data Privacy Framework and its UK extension. Cloudflare and Resend process data in data centres that may be located outside the UK; both operate under standard contractual clauses or equivalent safeguards.

RETENTION

Contact and enquiry data is retained for 24 months from the date of submission, unless you ask us to delete it sooner or we enter into a commercial relationship that governs its further use.

Analytics data is retained for 14 months in Google Analytics (the maximum configurable period). Cloudflare log data is retained for up to 7 days.

YOUR RIGHTS

Under UK GDPR you have the right to: access the personal data we hold about you; request rectification or erasure; object to processing based on legitimate interests; request restriction of processing; and withdraw consent at any time where consent is the lawful basis.

To exercise any of these rights, email hello@phantomtrace.co.uk . We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk .

UPDATES

We may update this policy. Material changes will be noted with a revised "Last updated" date above. Continued use of the site after an update constitutes acceptance of the revised policy.