Legal

Privacy Policy

Effective date: 1 June 2026 · Last updated: 1 June 2026
Controller: Aviada Agentic AI Solutions Limited · Contact: ash@leisearch.pro

This policy explains what personal data LEISearch collects, why we collect it, who we share it with, and what rights you have. LEISearch is operated by Aviada Agentic AI Solutions Limited ("Aviada", "we", "us"). We are the data controller for personal data collected through leisearch.pro and the LEISearch API.

1. What data we collect and why

API customers

Data	Purpose	Legal basis
Name, email address	Account provisioning, API key delivery, billing communications	Contract performance (Art. 6(1)(b) GDPR)
Payment data (card details, billing address)	Subscription billing via Stripe. We never store raw card numbers — Stripe processes and vaults all payment data.	Contract performance
API key (hashed)	Authentication and rate limiting. The raw key is shown once and never stored in plaintext.	Contract performance
API request logs (endpoint, timestamp, response code, IP address hash)	Rate limiting, abuse prevention, audit trail, service improvement	Legitimate interests (Art. 6(1)(f) GDPR)
Stripe customer ID, subscription ID	Subscription management and billing portal access	Contract performance

Free search users

Data	Purpose	Legal basis
Search queries (entity names, LEI codes)	Returning search results. Queries are not linked to any individual and are not retained beyond the request lifecycle.	Legitimate interests
IP address (hashed on receipt)	Rate limiting and abuse prevention. Raw IP addresses are never stored.	Legitimate interests

Free API key enquiries

When you email ash@leisearch.pro to request a free API key, we collect your name and email address solely to provision your key and send it to you. This data is held in our email system and is not transferred to any marketing platform.

2. Data we do not collect

We do not use tracking cookies, advertising pixels, or behavioural analytics. We do not sell personal data. We do not build advertising profiles. We do not collect sensitive personal data as defined by Article 9 GDPR.

3. Subprocessors

We rely on the following third-party subprocessors to deliver the service. Each is bound by a Data Processing Agreement and appropriate standard contractual clauses where required.

Subprocessor	Purpose	Data location	Safeguard
Google LLC	Cloud infrastructure and hosting	EU	EU Standard Contractual Clauses
Neon Inc.	Database hosting	USA	EU Standard Contractual Clauses
Stripe, Inc.	Payment processing and subscription management	USA / global	EU Standard Contractual Clauses; EU-U.S. Data Privacy Framework certified
GoDaddy Inc. / Microsoft Corporation	Email hosting	USA / EU	EU Standard Contractual Clauses
Netlify, Inc.	Website hosting	USA / global CDN	EU Standard Contractual Clauses

4. Data retention

Data type	Retention period
API key records (hashed)	Duration of subscription plus 7 years for financial record-keeping obligations
Billing records	7 years (UK tax and accounting obligations)
API request audit logs	12 months rolling, then automatically deleted
Billing event logs	7 years
Pending API key store (one-time retrieval)	Short-term only; automatically deleted immediately after retrieval or expiry
Email correspondence	3 years from last contact

5. International transfers

Our primary infrastructure is hosted within the European Economic Area. Certain subprocessors — including our database provider, payment processor, and email provider — process data in the United States. All such transfers are made under EU Standard Contractual Clauses approved by the European Commission and equivalent UK mechanisms.

6. Your rights

Under the UK GDPR and EU GDPR, you have the following rights:

Access — request a copy of the personal data we hold about you
Rectification — request correction of inaccurate data
Erasure — request deletion of your data where we have no legal obligation to retain it
Restriction — request that we restrict processing of your data
Portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interests
Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at ash@leisearch.pro. We will respond within one calendar month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or your local supervisory authority within the EEA.

7. Security

We implement appropriate technical and organisational measures to protect personal data, including:

Encryption of all data in transit and at rest
API keys stored using industry-standard one-way hashing; plaintext keys are never persisted
IP addresses hashed on receipt and never stored in raw form
Credentials stored in a dedicated secrets management service, not in code or configuration files
Access to production systems restricted to named individuals with multi-factor authentication
Security scanning applied to every code deployment

8. Cookies

LEISearch does not use cookies for tracking, advertising, or analytics. The website does not set any persistent cookies. No cookie consent banner is required.

9. Children's data

LEISearch is a business-to-business service intended for use by organisations and professionals. We do not knowingly collect data from individuals under the age of 18. If you believe we have inadvertently collected such data, contact us immediately at ash@leisearch.pro.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to API customers by email at least 30 days before they take effect. The effective date at the top of this page will always reflect the date of the most recent revision. Continued use of the service after the effective date constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions, data subject requests, or concerns:

Aviada Agentic AI Solutions Limited
Email: ash@leisearch.pro
Website: leisearch.pro