Privacy notice

Last updated: 2026-04-29

Who we are

CompanyScope is operated by Janus Compliance. The data controller for personal data collected through this site is Janus Compliance. For questions, contact us through januscompliance.co.uk/contact.

What we collect, and why

We try to collect as little as possible. The categories below cover everything.

• Email address, when you subscribe to our list or request a Vendor Risk Note. Lawful basis: consent (subscription) or performance of a contract (paid request). Stored and processed by our email service provider (see "Subprocessors" below).
• The vendor name and use-case context you submit when requesting a reviewed note. Lawful basis: performance of a contract or pre-contractual measures at your request.
• Aggregated, non-identifying analytics data: which pages are viewed, approximate region, referring source. We use this to decide which profiles to write next. Lawful basis: legitimate interest (running a useful research site).
• Server logs retained briefly by our host for security and abuse prevention. Lawful basis: legitimate interest.

What we do not do

• We do not sell your data.
• We do not run third-party advertising trackers.
• We do not share your email or use-case context with the vendors we profile.
• We do not require an account to read profiles.

Subprocessors

The companies that process personal data on our behalf:

• Cloudflare — hosting, CDN, DNS. Some processing may occur outside the UK and EU under SCCs and the UK Addendum.
• Kit (formerly ConvertKit) — email list management. US-based. Processing covered by SCCs and the UK Addendum.
• Gumroad or Stripe — payment processing for paid Vendor Risk Notes (when we launch paid products). Decision will be recorded here when made.

How long we keep data

• Email subscriptions: until you unsubscribe.
• Reviewed-note request context: 24 months, then deleted, unless you become a paying customer.
• Paid customer records: 6 years (UK accounting record requirements).
• Server logs: typically 30 days, then rotated out.

Your rights

Under the UK GDPR and EU GDPR (where applicable), you have the right to access, correct, delete, port, or restrict processing of your personal data, and to withdraw consent. To exercise any right, contact us via januscompliance.co.uk/contact. You also have the right to complain to the Information Commissioner's Office (ico.org.uk) or your local data protection authority.

Cookies

This site does not set tracking cookies. The hosting platform may set strictly necessary cookies for security, fraud prevention, and load balancing. If we add a cookie banner because we add a third-party tool that requires consent, this section will be updated.

Changes to this notice

When this notice changes materially, the "Last updated" date at the top changes. For minor wording fixes that do not change processing, we may update without changing the date.