1. Who we are

OneFirmIntel (“we”, “us”, “our”) is a company-intelligence service provided by 1EOR Global, the company that operates this service. For the purposes of UK data protection law, 1EOR Global is the “data controller” of the personal data described in this policy, except where we act as a processor for business customers (see our Data Processing Agreement).

You can contact us about anything in this policy at info@onefirmintel.com.

2. The personal data we process

(a) Account & contact data — your name, company, email address and a securely hashed password. We never store your password in plain text.

(b) Payment data — payments are processed by Stripe. We receive payment metadata (amount, currency, status, a payment reference) but we never see or store your full card number.

(c) Usage & technical data — a strictly necessary session cookie, security tokens, and privacy-preserving analytics. Our analytics store a salted hash of your IP address and browser (not the raw IP) so we cannot reconstruct it. See our Cookie Policy.

(d) Communications — messages you send us (e.g. support requests) and our replies.

3. Company-register data (personal data of company officers)

Our core dataset is sourced from official government company registers and openly-licensed public datasets across the markets we cover. This data is about companies, but it can include limited personal data of company officers and directors that those registers make public (for example a director’s name, role, year of birth where published, and a registered business address).

Our lawful basis for processing this register-sourced personal data is our legitimate interests (UK GDPR Article 6(1)(f)) and those of our business customers in carrying out due diligence, supplier discovery, counterparty verification and market research. We have weighed these interests against the rights of the individuals concerned. We take into account that the data is already published by official registers, we limit it to business-context information, and we do not use it to build profiles for advertising or to make solely automated decisions with legal effect. If you are an individual whose register data appears in our service, you can object to or request restriction/erasure of that processing (see section 8); we will assess each request and, where the law requires, comply.

4. Why we use your data and our lawful bases

• To provide the service (create your account, run searches, grant and spend credits) — performance of a contract.
• To take payment and issue receipts/invoices — performance of a contract and legal obligation (tax/accounting records).
• To secure the service and prevent abuse (login throttling, audit logs, watermarking exports) — legitimate interests.
• To send transactional email (email verification, receipts, password resets, service notices) — performance of a contract.
• To improve the service (privacy-preserving analytics) — legitimate interests.
• To send marketing, only where you have opted in or it is otherwise permitted — consent or legitimate interests, with an opt-out in every message.

5. Who we share data with

We share personal data only with service providers who process it on our behalf under contract: our payment processor (Stripe), our hosting and email provider (Hostinger), and our data-infrastructure provider used to serve company records. We do not sell the personal data of our account users. We may disclose data where required by law or to protect our legal rights.

6. International transfers

Some providers may process data outside the UK. Where they do, we rely on UK “adequacy” regulations or appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.

7. How long we keep data

We keep account data while your account is active and for a reasonable period afterwards. Payment and invoice records are kept for at least six years to meet UK tax and accounting obligations. Security and audit logs are kept for a limited period. We delete or anonymise data when it is no longer needed.

8. Your rights

Under UK data protection law you have the right to access your data; to have it corrected or erased; to restrict or object to processing; to data portability; and, where we rely on consent, to withdraw it at any time. To exercise any right, email info@onefirmintel.com. We will respond within one month.

You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113, though we ask that you contact us first so we can help.

9. Security

We use HTTPS everywhere, hashed passwords (Argon2id), database-backed sessions, CSRF protection, rate limiting, and access controls. No system is perfectly secure, but we take appropriate technical and organisational measures to protect your data.

10. Children

The service is for business use and is not directed at anyone under 18. We do not knowingly collect data from children.

11. Changes

We may update this policy from time to time. We will post the new version here and update the “last updated” date; material changes will be notified where appropriate.

12. Contact

Questions or requests: info@onefirmintel.com.