Privacy Policy

Who We Are

This Privacy Policy applies to Stata Integrated Solutions Limited, trading as Cloakback ("Cloakback", "we", "us", "our"). We are a company registered in England and Wales under company number 15195139, with VAT number 488087243.

Cloakback is the data controller for personal data we collect about our customers and visitors to this website. Where we process personal data on behalf of our customers — such as searching for and requesting the removal of customer data from third-party websites — we act as a data processor, and the customer remains the data controller for that information.

We are committed to protecting your privacy and handling your personal data in accordance with UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Data We Collect

Customer information

When you become a Cloakback customer, we collect basic contact details — typically your name and email address — so we can deliver the service to you and communicate with you about your case. We do not operate a self-service customer portal at this time, so you are not required to create an account or set a password.

Service data — keywords and images

To deliver our service, you provide us with the personal information you want us to monitor for. This may include:

• Your name(s) and known aliases
• Postal address(es)
• Phone number(s)
• Email address(es)
• Photographs or other images you wish to monitor for unauthorised use
• Other identifying information you choose to submit

Payment information

Payment is processed by our payment provider (Stripe). We do not store full payment card details on our systems. We retain transaction records, including the amount, date, and the last four digits of the card used, for accounting and tax purposes.

Scan results

We store the results of scans performed on your behalf, including the URLs, page titles, and brief excerpts of content where your information was identified.

Technical information

When you visit our website or use our service, we automatically collect limited technical information including IP address, browser type, device information, and access logs for security and operational purposes.

How We Use Your Data

We use the personal data we collect for the following purposes:

• To deliver our service — scanning the web and data broker sites for the information you have asked us to monitor, and submitting removal requests on your behalf
• To communicate with you — sending scan result notifications, service updates, and responses to your enquiries
• To manage our relationship with you — service delivery, billing, and customer support
• To improve our service — analysing aggregated, anonymised usage data to enhance functionality
• To comply with legal obligations — including tax, accounting, and law enforcement requests where lawfully required
• To protect our service — detecting fraud, abuse, and security threats

Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases for processing your personal data:

Contract performance

Processing your contact details, service data, and payment details is necessary for the performance of our contract with you to deliver the Cloakback service.

Explicit consent

Where you provide images for reverse image search, we rely on your explicit consent. You may withdraw this consent at any time by contacting us, after which the relevant images will be permanently removed from our systems.

Legitimate interests

We rely on legitimate interests for security monitoring, fraud prevention, and service improvement. We have assessed that these interests do not override your fundamental rights and freedoms.

Legal obligation

Where we are required to retain transaction records, respond to lawful requests from regulators or law enforcement, or comply with statutory obligations, we process data on the basis of our legal obligations.

Sharing & Third-Party Processors

We use a small number of carefully selected third-party processors to deliver the Cloakback service. These processors act under our instruction and are bound by contractual data protection obligations.

Service providers we use:

• SerpAPI — for executing search engine queries and reverse image searches on your behalf
• SendGrid (Twilio) — for sending transactional emails including scan notifications and service updates
• Stripe — for processing payments
• Cloud hosting providers — for storing your data and operating our service

Third-party websites contacted on your behalf

When submitting removal requests, we may need to interact with data broker websites, search engines, hosting platforms, and other third parties. We share only the minimum information necessary to action your removal request.

Legal disclosures

We may disclose your data where required by law, in response to a valid legal request, or to protect our rights, property, or safety, or that of our users or the public.

Data Retention

We retain your personal data only for as long as necessary to deliver our service and meet our legal obligations:

• Customer contact data — retained while we are providing you with the service and for 30 days afterwards
• Keywords and images — retained while we are actively providing the service to you; deleted within 30 days of service ending or on your request
• Scan results — retained for the duration of your subscription plus 12 months for service continuity
• Payment and transaction records — retained for 7 years to comply with UK accounting and tax law (HMRC requirement)
• Communications — retained for up to 3 years for customer service and quality purposes

After the applicable retention period expires, your data is securely deleted or anonymised.

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access — to request a copy of the personal data we hold about you
• Right to rectification — to ask us to correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — to request deletion of your personal data
• Right to restrict processing — to ask us to suspend processing in certain circumstances
• Right to data portability — to receive your data in a structured, commonly used format
• Right to object — to object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
• Right to lodge a complaint — with the Information Commissioner's Office (ICO)

To exercise any of these rights, please contact us at the address in Section 12. We will respond within one month, and there is normally no charge.

Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

• Encryption of data in transit (TLS/HTTPS) and at rest where appropriate
• Access controls and authentication for our systems
• Regular security reviews and updates
• Secure server hosting in UK or EU data centres
• Staff training on data protection and confidentiality

While we take reasonable steps to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

Cookies

We use a minimal number of cookies to operate our service:

• Essential cookies — required to keep you logged in and protect against fraud. These cannot be disabled.
• Functional cookies — remember your preferences and settings

We do not use third-party tracking, advertising, or analytics cookies. You can configure your browser to refuse cookies, but doing so may affect functionality of the service.

International Data Transfers

Where personal data is transferred outside the UK or European Economic Area (for example, to SerpAPI servers in the United States), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK Information Commissioner
• Reliance on adequacy decisions where applicable
• Additional technical measures including encryption

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our service, our practices, or the law. The "Last updated" date at the top of this page will indicate when changes were made. Material changes will be notified to you by email.

Contact & Complaints

If you have questions about this Privacy Policy, wish to exercise your rights, or have a complaint about how we handle your data, please contact us:

If you are unsatisfied with our response, you have the right to complain to the UK Information Commissioner's Office (ICO):