Privacy Policy
Last updated: June 29, 2026
1. Introduction
B2Trust ("we", "us", "our") operates the website b2trust.com — a free business registry search platform that aggregates publicly available company data from official government registries worldwide. This Privacy Policy explains how we collect, use, and protect information when you use our platform.
Data Controller. B2Trust sp. z o.o., with its registered office at Wigury 15, 26-021 Daleszyce, Poland, is the controller of the personal data processed through this platform. You can contact us using the details in Section 14.
2. Information we collect
2.1 Information you provide
- Contact form submissions: When you contact us through our contact form, we collect your name, email address, company name (if provided), and message content.
- Account information: If you create an account, we collect your email address and display name.
2.2 Information collected automatically
- Usage data: We use Google Analytics to collect anonymised usage statistics, including pages visited, search queries performed on our platform, time spent on pages, and referring websites.
- Technical data: Browser type, operating system, device type, approximate (city-level) location, and screen resolution. Where an IP address is processed — for example by Google Analytics to derive coarse geolocation, or by our hosting and error-monitoring providers for security — it is used transiently and is not stored by us in identifiable form.
- Cookies: We use essential cookies for site functionality and, only with your consent, analytics cookies. See Section 7 for details.
2.3 Information we do NOT collect
- We do not collect payment information — B2Trust is free to use.
- We do not collect sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, health data, etc.).
- We do not require personal identification documents.
3. Company data from public registries
B2Trust aggregates and displays company information sourced from publicly accessible government business registries, including but not limited to ARES (Czech Republic), KRS / Krajowy Rejestr Sądowy (Poland), Brønnøysundregistrene (Norway), Handelsregister (Germany), and VIES / EU VAT Information Exchange System.
This data is public by law and published by the respective government authorities. B2Trust does not collect, store, or process personal data of individuals through these registries — we only display business entity information (company names, registration numbers, addresses, legal forms, registration dates, and business activities) as made available by the official sources.
If any registry data incidentally contains personal data (such as a sole proprietor's name that is part of the company name), this data is processed on the basis of legitimate interest (Article 6(1)(f) GDPR) and is limited to what the government registry has made publicly available.
4. How we use your information
We use collected information to:
- Provide and maintain the B2Trust search platform
- Respond to your enquiries submitted through the contact form
- Analyse usage patterns to improve platform functionality and user experience
- Generate aggregated, non-identifying statistics about platform usage
- Ensure platform security and prevent abuse
We do not:
- Sell your personal data to third parties
- Use your data for targeted advertising
- Create individual user profiles for marketing purposes
- Share your contact information with third parties without your consent
5. Legal basis for processing (GDPR)
- Contact form data — Consent (Article 6(1)(a)): you choose to submit the form.
- Account data — Contract performance (Article 6(1)(b)): necessary to provide the service.
- Analytics data — Consent (Article 6(1)(a)): analytics cookies are set only after you opt in through our cookie banner, as required for non-essential cookies by the ePrivacy Directive (Article 5(3)). You may withdraw your consent at any time.
- Public registry data — Legitimate interest (Article 6(1)(f)): data already made public by government authorities.
6. Data sharing and third parties
We share data only with the following processors:
- Netlify, Inc. — hosting and serverless compute for the platform. Privacy policy: https://www.netlify.com/privacy/
- Supabase — database provider; stores account data, platform content, and contact-form submissions. Privacy policy: https://supabase.com/privacy
- Resend, Inc. — transactional email delivery; processes contact details (name, email, message) to deliver our reply notifications. Privacy policy: https://resend.com/legal/privacy-policy
- Google LLC (Google Analytics) — anonymised usage analytics, set only after you consent. Privacy policy: https://policies.google.com/privacy
- Sentry (Functional Software, Inc.) — error and performance telemetry; may process technical data such as IP address and error context. Privacy policy: https://sentry.io/privacy/
We do not sell, rent, or trade your personal information.
7. Cookies
We use two categories of cookies:
- Essential cookies — required for site functionality and session management. They do not require consent and expire at the end of your browser session.
- Analytics cookies (Google Analytics) — set only after you opt in through our cookie banner. They are used for anonymous usage statistics and may be retained for up to 2 years.
Analytics remain disabled until you consent, and you can withdraw consent or change your preferences at any time; the platform functions fully without them. For the full list of cookies, the third parties we share data with, and how to manage your preferences, see our Cookie Policy.
8. Data retention
- Contact form submissions: Retained for up to 12 months, then deleted.
- Account data: Retained for the duration of your account. Deleted within 30 days of an account-deletion request.
- Analytics data: Aggregated, anonymised data is retained indefinitely in aggregate form; individual-level data is retained for up to 14 months (Google Analytics default).
- Public registry data (cache and business identity index): To deliver fast search results, B2Trust maintains a cache of company records retrieved from source registries and a business identity index that grows as searches are performed. This data reflects information already made public by government authorities and is processed on the basis of legitimate interest (Article 6(1)(f); see Section 3). Cached records are refreshed periodically from the source registries; we do not publish historical change-logs of individual registry entries.
9. Your rights (GDPR)
If you are located in the European Economic Area, you have the right to:
- Access — request a copy of your personal data
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data
- Restriction — request limitation of processing
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — withdraw consent at any time (for consent-based processing)
To exercise any of these rights, contact us at the email address listed below. We will respond within 30 days.
Note: Rights regarding public registry data are limited, as this data is sourced from government authorities and its publication is governed by the respective national laws.
10. Data security
We implement appropriate technical and organisational measures to protect your data, including encrypted data transmission (HTTPS/TLS), secure hosting infrastructure (Netlify, Supabase), access controls and authentication for administrative functions, and regular security reviews.
11. International data transfers
Some data is processed outside the European Economic Area (EEA) by our service providers:
- Hosting and serverless compute (Netlify, Inc.) — United States
- Analytics (Google LLC) — United States
- Email delivery (Resend, Inc.) — United States
- Database (Supabase) — London, United Kingdom
- Error telemetry (Sentry) — Frankfurt, Germany (within the EEA)
Transfers to the United States are protected by Standard Contractual Clauses (SCCs) approved by the European Commission. Data hosted in the United Kingdom is covered by the European Commission's adequacy decision for the United Kingdom; data hosted in Germany remains within the EEA.
12. Children
B2Trust is a business-oriented platform and is not directed at children. We do not knowingly collect data from anyone under 16. Please note that our Terms of Service separately require users to be at least 18 years old to enter into the agreement — the two thresholds serve different purposes (the data-protection consent age versus contractual capacity).
13. Changes to this policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the platform after changes constitutes acceptance.
14. Contact
For privacy-related enquiries, data access requests, or complaints:
B2Trust sp. z o.o.
Wigury 15, 26-021 Daleszyce, Poland
Email: privacy@b2trust.com
Website: https://b2trust.com/contact
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.