BlackEyes LogoBLACKEYES

Privacy Policy

Last updated: 12 March 2026

1. Who we are

BLACKEYES.IO is operated from the United Kingdom.

For privacy-related enquiries, contact us at: contact us

We are the data controller for the personal data processed through this service, as defined under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What this policy covers

This policy explains how we collect, use, store, and protect personal data relating to:

  • Visitors to our website
  • Registered users of the BLACKEYES.IO platform
  • Individuals whose information may appear in investigation reports

3. Information we collect

a) Account information

When you register, we collect your email address and a securely hashed password. We also store account metadata such as credit balance, account status, and subscription status.

b) Investigation data

When you submit an email address for investigation, we store the target email address and the generated report. Reports are compiled from publicly available sources and existing data breach records.

c) Technical data

We automatically collect standard technical data including IP address, browser type, device information, and pages visited. This is used for security, performance monitoring, and service improvement.

d) Payment data

Payment processing is handled by a third-party payment provider. We do not store your card details. The payment provider may collect information necessary to process payments in accordance with their own privacy policy.

e) Communications

If you contact us for support, we retain the content of those communications to resolve your enquiry.

4. How we collect information

  • Directly from you — when you register, submit investigations, or contact us
  • Automatically — through cookies and server logs when you use our website
  • From third-party sources — publicly available data and breach databases, used to compile investigation reports

5. Legal basis for processing

Under the UK GDPR, we process personal data on the following legal bases:

  • Contract performance (Article 6(1)(b)) — to provide the investigation service you have requested, manage your account, and process credits
  • Legitimate interests (Article 6(1)(f)) — to compile investigation reports from publicly available data and breach records, prevent fraud and abuse, and improve our service. We have conducted a legitimate interest assessment to ensure our interests do not override the rights of data subjects
  • Consent (Article 6(1)(a)) — for any marketing communications, which you may withdraw at any time
  • Legal obligation (Article 6(1)(c)) — to comply with tax, accounting, and law enforcement requirements

6. How we use your information

  • Provide the investigation service and generate reports
  • Manage your account, credits, and authentication
  • Process payments
  • Send transactional emails (account confirmation, password resets)
  • Detect and prevent fraud, abuse, and violations of our terms
  • Monitor and improve service performance and reliability
  • Comply with legal obligations

7. Investigation reports and third-party data

Our investigation reports compile information from publicly available sources, including public social media profiles, public records, company registries, domain registrations, and existing data breach records.

Reports are generated using artificial intelligence (large language models) and automated processes. AI systems may produce errors, including misidentification of individuals, fabricated or inaccurate information, outdated data, or incorrect associations between unrelated data points. We do not verify, validate, or guarantee the accuracy of information contained in reports. Reports are provided for informational purposes only and should not be relied upon without independent verification.

All data collection is passive. We do not contact or notify investigation subjects, and we do not access any private systems or accounts.

Rights of investigation subjects

If you believe your personal data appears in a BLACKEYES.IO investigation report and you wish to exercise your data protection rights, please contact us at contact us. We will respond to valid requests within one calendar month as required by UK GDPR.

8. Data sharing and third parties

We do not sell your personal data. We do not share investigation results with anyone other than the account holder who requested them.

We use trusted third-party service providers for essential platform operations including hosting, database management, email delivery, and payment processing. These providers are contractually bound to protect your data.

We may also disclose data where required by law, regulation, or valid legal process.

9. International data transfers

Some of our third-party service providers process data outside the United Kingdom. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or reliance on adequacy decisions, as required by UK GDPR.

10. Data retention

  • Account data — retained while your account is active and for 90 days after account deletion
  • Investigation reports — retained in your account until you delete them or close your account
  • Server logs — retained for up to 90 days
  • Payment records — retained for 6 years as required by UK tax law
  • Support communications — retained for up to 2 years

11. Data security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), access controls, and secure authentication. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Your rights

Under UK GDPR, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data in certain circumstances
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at contact us. We will respond within one calendar month.

13. Automated processing

Investigation reports are generated through automated processing, including the use of artificial intelligence to compile and summarise publicly available information. No decisions with legal or similarly significant effects on individuals are made solely through automated means.

14. Cookies

We use essential cookies required for the website to function, including authentication and session management. We do not use advertising or tracking cookies. By using our website, you consent to the use of essential cookies.

15. Age restriction

BLACKEYES.IO is not available to anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that a user is under 18, we will terminate their account and delete their data.

16. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a prominent notice on our website. The “last updated” date at the top of this page indicates when the policy was last revised.

17. Contact

For any privacy-related enquiries or to exercise your data protection rights, please contact us.

← Back to home