← Back to Home

Privacy Policy

Last updated: March 2026  ·  Effective: March 2026

Contents

  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Legal Basis for Processing
  5. Data Sharing & Disclosure
  6. Data Retention
  7. Security Measures
  8. Your Rights
  9. Cookies & Analytics
  10. Contact Us

1. Who We Are

Privacy Insight Solutions (“we,” “us,” or “our”) is a privacy and security consulting firm based in the Netherlands, providing digital exposure audits, credential and leak investigations, threat mitigation, data broker removal, and related OSINT services to individuals and organizations.

As an establishment in the Netherlands, we are subject to the General Data Protection Regulation (GDPR) as implemented under Dutch law, and operate under the supervision of the Autoriteit Persoonsgegevens (AP).

We can be reached at: privacy@privacyinsightsolutions.com

2. Information We Collect

2.1 Information You Provide Directly

When you contact us or engage our services, we may collect:

  • Name or alias (anonymous inquiries are accepted)
  • Email address
  • The content of your message or inquiry
  • Service-specific identifiers you provide for audit purposes (e.g., name, email address, username, general location)
  • For The Shield service: explicit written consent for 30-day pattern-of-life monitoring of your publicly visible online activity, collected prior to commencement and retained for the duration of the engagement only

We do not ask for passwords, Social Security numbers, financial account credentials, or government-issued ID numbers during initial contact.

2.2 Information Collected Automatically

For web analytics, we use Pirsch Analytics. Pirsch Analytics is a cookie-free web analytics software that was developed according to the Privacy by Design principle. To analyse visitor flows, Pirsch Analytics uses a hashing algorithm to generate a 16-digit number as the visitor ID when the page request is received. The input values are the IP address, the user agent, the date and a salt.

The visitor’s IP address is not persisted in whole or in part, and is anonymised completely and non-reversibly by the hash. The inclusion of the date and the use of one salt per website ensures that website visitors cannot be recognised for more than 24 hours and cannot be tracked across multiple websites. A rough localisation (country/city) is performed via a locally integrated database.

The aggregated, anonymised data collected includes:

  • Page views and navigation paths
  • Referring website (if any)
  • Country-level location (not city or IP address)
  • Browser type and operating system

No personal identifiers are stored. No cookies are set. No cross-site tracking occurs.

3. How We Use Your Information

We use the information we collect solely to:

  • Respond to your inquiry or service request
  • Deliver the specific service you have engaged us for
  • Communicate updates relevant to your active engagement
  • Comply with applicable legal obligations

We do not use your information for marketing, advertising, profiling, or sale to third parties.

For individuals in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:

  • Contractual necessity — to perform the service you have requested
  • Legitimate interests — to respond to inquiries and improve our services, where these interests are not overridden by your rights
  • Legal obligation — where processing is required by applicable law
  • Consent — where you have explicitly provided it, which you may withdraw at any time

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

  • Form processing: Contact form submissions and guide requests are processed through Netlify Forms, a built-in feature of our hosting provider (Netlify, Inc.). Submissions are stored in our Netlify dashboard and forwarded to our email address. No data is sent to third-party form services. For details, see Netlify’s privacy policy.
  • Service delivery: Secure, encrypted communication tools used to deliver findings (e.g., encrypted email). These tools are selected for their minimal data retention practices.
  • Legal compliance: If required by a valid court order, subpoena, or applicable law. We will notify you to the extent permitted by law.
  • Business continuity: In the event of a merger or acquisition, your data would only be transferred under equivalent privacy protections and with prior notice.

6. Data Retention

We follow a strict minimal-retention policy:

  • Case-specific findings (audit results, exposure data, investigation notes) are cryptographically deleted within 48 hours of final delivery to the client. For multi-week engagements (The Eraser, The Shield), data is held only for the duration of the active engagement and deleted within 48 hours of final delivery.
  • Pattern-of-life monitoring data (The Shield service only) is collected solely during the agreed 30-day monitoring window, used exclusively to produce the engagement report, and deleted within 48 hours of that report’s delivery. It is not retained beyond delivery under any circumstance.
  • Contact inquiries are retained only as long as necessary to respond and are deleted within 30 days of case closure.
  • Transaction records (invoice date, service tier, payment confirmation) are retained for up to 7 years as required by financial regulations.

For full details, see our Data Purge Policy.

7. Security Measures

We implement the following technical and organizational measures to protect your data:

  • All data in transit is protected via TLS 1.2 or higher encryption
  • We prioritize zero-knowledge communication tools for sensitive findings
  • Access to case data is restricted to the analyst assigned to your engagement
  • Case data is cryptographically shredded upon completion of the retention period
  • We do not store sensitive findings in cloud services with third-party access

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We encourage clients to use encrypted email (ProtonMail or Tutanota) for all sensitive communications.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access — Request a copy of the personal data we hold about you
  • Right to Rectification — Request correction of inaccurate data
  • Right to Erasure — Request deletion of your personal data (“right to be forgotten”)
  • Right to Restriction — Request that we limit how we use your data
  • Right to Data Portability — Receive your data in a structured, machine-readable format
  • Right to Object — Object to processing based on legitimate interests
  • Right to Withdraw Consent — Where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at privacy@privacyinsightsolutions.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies & Analytics

This website does not use tracking cookies or advertising cookies. We use Pirsch Analytics, a privacy-first, cookie-free analytics tool made in the EU and hosted on German servers, which:

  • Sets no cookies of any kind
  • Does not collect personal identifiers
  • Does not track users across websites
  • Anonymises IP addresses completely and non-reversibly via hashing
  • Is fully GDPR, CCPA, and PECR compliant
  • Stores only aggregated, anonymised statistics

Page views are additionally tracked server-side via a first-party endpoint on our own domain, ensuring no third-party scripts are required for basic analytics. No raw visitor data is shared with or sold to third parties.

Form handling: Our contact form and guide request form are processed by Netlify Forms, a built-in feature of our hosting provider. No third-party form services are used. No additional cookies are set by the form handler.

Local browser storage: Three interactive tools on this site — the Executive Exposure Checklist, the EU Breach Response Checklist, and the US Breach Response Checklist — save your in-progress checkbox state to your browser's localStorage so you can return to a partially completed checklist on the same device. This data lives only on your device, is never transmitted to us or to any third party, and can be cleared at any time via your browser's site-data controls.

Independent verification: This site has been inspected by Blacklight (The Markup’s real-time privacy inspector) and received the following results:

  • 0 ad trackers found
  • 0 third-party cookies found
  • No tracking that evades cookie blockers
  • No session recording
  • No keystroke capture
  • No Facebook, TikTok, or X pixel
  • No Google Analytics remarketing

10. Contact Us

For any privacy-related questions, requests, or concerns, please contact us:

We aim to respond to all privacy inquiries within 5 business days.