Privacy Policy

We protect your privacy. This notice explains what we collect, why we collect it, and how you can exercise your rights under GDPR/UK GDPR and other applicable laws.

Who We Are

swatted.wtf provides OSINT-style lookup tools. We act as a controller for account/session data and as a processor when proxying your lookup requests to third-party APIs.

Data We Collect

Account & session data: user ID, API key, session tokens, hashed IP, user agent/device, creation dates, permissions.
Usage data: lookup counts for rate limiting and abuse prevention.
Lookup content: queries you submit (proxied to third-party APIs you request).
Telemetry: minimal operational logs (errors, rate-limit events). No marketing profiling.

How We Use Data (Purposes & Legal Bases)

Service delivery & authentication (legitimate interests; contract-like necessity): account/session management, rate limiting, rendering lookup results.
Security & fraud prevention (legitimate interests): abuse detection, IP hashing, anti-automation controls.
Compliance (legal obligation/legitimate interests): responding to lawful requests and maintaining minimal audit trails.
Optional features (consent where required): only applied when you opt in.

Data Sharing

Third-party APIs (e.g., lookup providers) only when you request a lookup; their terms/privacy apply.
Service providers strictly for hosting and security operations.
Lawful requests when required by applicable law or to protect users and the service.
We do not sell personal data or use it for advertising.

Data Retention

We retain data only as long as necessary for service delivery, security, and legal compliance. Session/IP data is hashed where feasible. You can request deletion subject to security/legal exceptions.

User Rights (GDPR/UK GDPR/EEA)

Access: obtain a copy of personal data we hold.
Rectification: request correction of inaccurate data.
Erasure: request deletion where no overriding basis exists.
Restriction/Objection: limit or object to processing based on legitimate interests.
Portability: receive data you provided in a structured, commonly used format where feasible.
Complaint: lodge a complaint with your local data protection authority.

Cookies & Tracking

We use essential cookies/session tokens for authentication and rate-limiting. No third-party advertising cookies are used. If operational analytics are enabled, they are minimal; consent will be obtained where required.

Security Measures

HTTPS-only transport.
Hashed IP/session data and least-privilege access.
Rate limits and abuse monitoring to protect the service and users.

International Transfers

Data may be processed on infrastructure outside your country. We use reputable providers and apply appropriate safeguards where required.

Children

This service is not directed to children under 16, and we do not knowingly process their data.

Changes

We may update this policy; material changes will be posted here with an updated effective date. Continued use after updates constitutes acceptance.

Contact & Requests

To exercise your rights or ask questions, contact us via:

We will respond without undue delay and within statutory timelines.