Last updated: 21 May 2026

Privacy Policy

Internet Audit is a trading name of HR Web Services Limited, a company registered in England and Wales under company number 14466989. This policy explains how we use personal data when you request a self-check digital footprint audit.

The service is designed for people checking their own information only. You must not use Internet Audit to investigate another person, screen someone for employment, tenancy, credit, insurance, law-enforcement, eligibility, or make any other decision about another person.

Who Is Responsible

HR Web Services Limited, company number 14466989, is the controller for personal data processed through Internet Audit, except where a third-party provider acts as an independent controller for its own service. For privacy questions or rights requests, email [email protected].

Information We Collect

  • Audit details you enter, including name, date of birth, town or city, country, email address, mobile number, Instagram username, TikTok username, and consent confirmations.
  • Payment and checkout metadata needed to confirm that a paid audit has been purchased. Card details are handled by Stripe and are not collected by Internet Audit.
  • Audit results returned from configured services, such as public search results, breach indicators, Companies House officer records, social profile signals, username exposure checks, browser/network exposure signals, and AI summaries.
  • Optional live selfie data only if you purchase reverse face search, complete the live camera check, and give separate biometric consent.
  • Technical data needed to run and secure the website, such as IP-derived country information, browser/device hints, session storage, security tokens, service logs, and error information.

How We Use Information

  • To create a checkout session, verify payment, and unlock the paid audit report.
  • To run the self-check audit services you request and show the results in your browser session.
  • To verify consent, enforce one-time or paid-access limits, prevent misuse, troubleshoot service issues, and maintain security.
  • To generate Internet Audit AI summaries, risk notes, and a web-backed final overview from reduced audit findings and submitted identifiers where the AI overview service is configured.
  • To provide customer support, respond to privacy requests, and keep records needed to comply with legal obligations.

Lawful Bases

  • Contract: to provide the paid digital audit you request.
  • Consent: for optional checks and confirmations, including reverse face search and any biometric processing.
  • Legitimate interests: to secure the service, prevent misuse, diagnose errors, keep short operational records, and improve reliability in a proportionate way.
  • Legal obligation: where we need to keep or disclose limited information for tax, accounting, fraud prevention, consumer protection, or regulatory reasons.

Reverse face search may involve biometric data used to identify or match a person. Where UK GDPR special category rules apply, we rely on your explicit consent for that optional check. You can stop before submitting the live selfie; once submitted, the search may already have been sent to FaceCheck.ID.

Third-Party Services And Recipients

  • Cloudflare: website hosting, security, edge country detection, serverless functions, and short-lived audit storage.
  • Stripe: checkout, payment processing, fraud prevention, and payment records.
  • Have I Been Pwned: email breach indicators where you provide an email address.
  • Companies House: UK officer and company register checks for UK submissions.
  • Apify and configured Apify actors: public web search, username checks, Instagram checks, TikTok checks, and Instagram following checks where configured.
  • OpenAI: AI summaries, public-result inferences, and web-backed overview research from reduced audit-result text and submitted identifiers.
  • FaceCheck.ID: optional one-time reverse face search after separate biometric consent and liveness verification.
  • OpenStreetMap/Nominatim: approximate geocoding of public social post locations where returned by configured social checks.

We aim to send each provider only the minimum data needed for the selected check. Some providers may act as processors for us, and some may act as independent controllers under their own terms and privacy notices.

Reverse Face Search

  • Reverse face search is optional, self-check only, and only available to users who confirm they are 18 or over.
  • The browser performs a live camera/liveness check before submission. Arbitrary photo upload is not the intended flow.
  • If submitted, the live selfie is transmitted through Internet Audit servers to FaceCheck.ID for one search.
  • Internet Audit does not intentionally cache the live selfie, biometric embeddings, FaceCheck result payload, or face-search history.
  • FaceCheck results are returned directly to your browser, are not cached in our audit result store, and are reduced to source URLs, broad similarity bands, and capped low-resolution preview thumbnails for immediate review.
  • We call FaceCheck.ID's delete endpoint with short retries after the search and show whether deletion confirmation was available.
  • Face search results are unverified leads and may include inaccurate lookalikes or sensitive public sources.

Retention

  • Paid audit request data, audit access tokens, and standard cached audit results are normally retained for up to one hour so the report can load after checkout.
  • FaceCheck result payloads and preview thumbnails are not cached by Internet Audit. A short-lived marker may be kept for up to one hour to prevent repeat reverse face searches for the same paid audit.
  • Browser session storage may keep audit details and access tokens in your own browser session so the report can load. You can clear this by closing the session or clearing site data.
  • Stripe, Cloudflare, FaceCheck.ID, Apify, OpenAI, Have I Been Pwned, Companies House, and other providers may keep their own logs or records under their own retention rules.
  • Accounting, fraud prevention, chargeback, support, or legal records may be kept for longer where required or proportionate.

International Transfers

Some providers may process data outside the United Kingdom or European Economic Area. Where required, we use appropriate safeguards such as adequacy regulations, standard contractual clauses, the UK International Data Transfer Addendum or Agreement, transfer risk assessments, and provider security commitments.

AI And Automated Analysis

AI summaries are used to explain audit findings in plain language for your own self-audit. The final overview may send reduced audit findings and submitted identifiers to OpenAI so it can research public sources and produce a concise synthesis. It is not based on hidden account access, and the service does not make legal, employment, tenant, credit, insurance, law-enforcement, eligibility, or other significant decisions about you.

Children

Internet Audit is not intended for children. Reverse face search is not available to anyone under 18.

Your Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also have the right to withdraw consent for optional processing. Withdrawal will not affect processing already completed before withdrawal, such as a completed third-party search.

UK users can complain to the Information Commissioner's Office at ico.org.uk. If you are in the United States, you may have additional state privacy rights, including rights relating to sensitive or biometric information. Contact us using the email below and we will handle your request according to the laws that apply.

Contact

For privacy questions, consent withdrawal, deletion requests, or other data rights requests, email [email protected] and include enough information for us to identify the audit or purchase you are asking about.