Privacy notice

Short version: we don't track you, we don't run analytics, we don't set advertising cookies, and we don't sell anything. Standard server logs are kept for diagnostics. Personal information shown on company pages comes from the Companies House public register.

What we collect about visitors

Our web server (Microsoft Azure App Service) logs each request: the requesting IP address, the URL you visited, the time, the user-agent string from your browser, and the HTTP response code. These logs are retained for around 30 days and used only for diagnosing errors, blocking abuse, and capacity planning. They're not shared with third parties.

We don't use Google Analytics or any other behavioural tracking. We don't set cookies for visitors who haven't logged in (there is no login at present). If we add features in future that require cookies (for example, paid accounts), we'll add a cookie notice at that point.

Personal data on company pages

Company pages display information that Companies House makes public on its own website at find-and-update.company-information.service.gov.uk. This includes:

• Officers' (directors', secretaries') names, roles, appointment / resignation dates, occupation, nationality, country of residence, and partial date of birth (month + year — Companies House never publishes the day).
• Persons with significant control (PSCs) — name, nature of control, nationality, country of residence, partial date of birth.
• Registered office addresses (not residential addresses).

UK directors and PSCs have statutory rights at Companies House to apply to redact certain elements of their record (for example, suppressing a date of birth, or having an address removed under section 1088 of the Companies Act 2006 in cases of personal safety). Once Companies House actions a redaction, it propagates to us at our next refresh of the relevant data source — typically within 1–30 days depending on the source.

If you want us to suppress your record on Company Analyst before Companies House completes their process, email hello@companyanalyst.co.uk with the company number and your name. We'll respond within five working days.

Lawful basis (GDPR / UK GDPR)

For visitor logs: legitimate interest (operating and securing the site). For displaying personal data from the public register: public task — the data has already been processed by Companies House under their statutory function and is published for the express purpose of public scrutiny of UK companies.

Where data is stored

All application data is held in Microsoft Azure UK South (West London). No data is transferred outside the UK or EEA. The exception is the per-company AI analysis generation: at the moment of generation, public company data is sent to Anthropic's API in the United States; Anthropic doesn't see who's viewing, and the analysis is cached so the same call isn't repeated. Anthropic's data-handling commitments are at anthropic.com/legal/privacy.

Your rights

Under UK GDPR you have rights of access, rectification, restriction, objection, and (in some cases) erasure. To exercise any of these, email hello@companyanalyst.co.uk with enough detail to identify the record. If you're not satisfied with our response, you can complain to the Information Commissioner's Office at ico.org.uk.

Contact & controller

Data controller: the operator of companyanalyst.co.uk. Contact: hello@companyanalyst.co.uk.

Last updated: 27 May 2026.