✨ New: Starter plan at €42/mo — 14-day trial, no credit card required.
GDPR

Our GDPR posture, in plain language.

A reference for Data Protection Officers and procurement teams. The formal DPA is provided on request and is authoritative.

Last reviewed: 2026-04-16

Roles

Visitorscheck acts as a processor on behalf of each customer, who is the controller of the data they collect through the script on their own website.

Data categories

Observed: IP address, User-Agent, Referrer, URL path, timestamp, UTM params, and — when a visitor submits a work email in a form — only that email's domain (never the full email).

Derived: company name, domain, sector, country, company size band.

Not collected: names, full emails, phone numbers, device fingerprints, cookies.

Legal basis

Legitimate Interest (Art. 6(1)(f)). An LIA is available on request. Residential IPs are excluded before enrichment to keep the balancing test on the B2B side.

Data location

All infrastructure is hosted in the EU. No transfers to third countries.

Sub-processors

IPinfo (IP-to-company enrichment), Stripe (billing), and an EU-based hosting provider. Full list available on request; 30-day notice on changes.

Rights requests

End-users' rights (access, rectification, erasure) are fulfilled via the customer as controller; we respond to customer-forwarded requests within 5 business days.

Breach notification

Customers notified within 24 hours of confirmed breach. We maintain an incident register and quarterly DPIA review.

This document is a plain-language summary maintained by Allround Web. The authoritative legal text is being finalised with counsel for launch — if anything here is material to your decision to use Visitorscheck, please reach out and we'll share the draft.