Privacy Policy

Last updated: March 19, 2026

1. Introduction

B2Trust ("we", "us", "our") operates the website b2trust.com — a free business registry search platform that aggregates publicly available company data from official government registries worldwide. This Privacy Policy explains how we collect, use, and protect information when you use our platform.

2. Information we collect

2.1 Information you provide

• Contact form submissions: When you contact us through our contact form, we collect your name, email address, company name (if provided), and message content.
• Account information: If you create an account, we collect your email address and display name.

2.2 Information collected automatically

• Usage data: We use Google Analytics to collect anonymised usage statistics, including pages visited, search queries performed on our platform, time spent on pages, and referring websites.
• Technical data: Browser type, operating system, device type, IP address (anonymised), and screen resolution.
• Cookies: We use essential cookies for site functionality and analytics cookies for understanding usage patterns. See Section 7 for details.

2.3 Information we do NOT collect

• We do not collect payment information — B2Trust is free to use.
• We do not collect sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, health data, etc.).
• We do not require personal identification documents.

3. Company data from public registries

B2Trust aggregates and displays company information sourced from publicly accessible government business registries, including but not limited to ARES (Czech Republic), KRS / Krajowy Rejestr Sądowy (Poland), Brønnøysundregistrene (Norway), Handelsregister (Germany), and VIES / EU VAT Information Exchange System.

This data is public by law and published by the respective government authorities. B2Trust does not collect, store, or process personal data of individuals through these registries — we only display business entity information (company names, registration numbers, addresses, legal forms, registration dates, and business activities) as made available by the official sources.

If any registry data incidentally contains personal data (such as a sole proprietor's name that is part of the company name), this data is processed on the basis of legitimate interest (Article 6(1)(f) GDPR) and is limited to what the government registry has made publicly available.

4. How we use your information

We use collected information to:

• Provide and maintain the B2Trust search platform
• Respond to your enquiries submitted through the contact form
• Analyse usage patterns to improve platform functionality and user experience
• Generate aggregated, non-identifying statistics about platform usage
• Ensure platform security and prevent abuse

We do not:

• Sell your personal data to third parties
• Use your data for targeted advertising
• Create individual user profiles for marketing purposes
• Share your contact information with third parties without your consent

5. Legal basis for processing (GDPR)

• Contact form data — processed on the basis of Consent (Article 6(1)(a)): you choose to submit the form.
• Account data — processed on the basis of Contract performance (Article 6(1)(b)): necessary to provide the service.
• Analytics data — processed on the basis of Legitimate interest (Article 6(1)(f)): to improve our platform.
• Public registry data — processed on the basis of Legitimate interest (Article 6(1)(f)): data already made public by government authorities.

6. Data sharing and third parties

We share data only with:

• Netlify — our hosting and form processing provider (processes contact form submissions). Netlify's privacy policy: https://www.netlify.com/privacy/
• Supabase — our database provider (stores account data and platform content). Supabase's privacy policy: https://supabase.com/privacy
• Google Analytics — anonymised usage analytics. Google's privacy policy: https://policies.google.com/privacy

We do not sell, rent, or trade your personal information.

7. Cookies

We use two types of cookies:

• Essential cookies — required for site functionality and session management. These expire at the end of your browser session.
• Analytics cookies (Google Analytics) — used for anonymous usage statistics. These may be retained for up to 2 years.

You can disable analytics cookies through your browser settings. The platform will continue to function without them.

8. Data retention

• Contact form submissions: Retained for up to 12 months, then deleted.
• Account data: Retained for the duration of your account. Deleted within 30 days of account deletion request.
• Analytics data: Aggregated and anonymised — retained indefinitely in aggregate form. Individual-level data is retained for up to 14 months (Google Analytics default).
• Public registry data: Refreshed periodically from source registries. We do not retain historical versions of registry data.

9. Your rights (GDPR)

If you are located in the European Economic Area, you have the right to:

• Access — request a copy of your personal data
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data
• Restriction — request limitation of processing
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interest
• Withdraw consent — withdraw consent at any time (for consent-based processing)

To exercise any of these rights, contact us at the email address listed below. We will respond within 30 days.

Note: Rights regarding public registry data are limited, as this data is sourced from government authorities and its publication is governed by the respective national laws.

10. Data security

We implement appropriate technical and organisational measures to protect your data, including encrypted data transmission (HTTPS/TLS), secure hosting infrastructure (Netlify, Supabase), access controls and authentication for administrative functions, and regular security reviews.

11. International data transfers

Your data may be processed in countries outside the European Economic Area where our service providers operate. All transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) where applicable.

12. Children

B2Trust is a business-oriented platform and is not directed at children under 16. We do not knowingly collect data from children.

13. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the platform after changes constitutes acceptance.

14. Contact

For privacy-related enquiries, data access requests, or complaints:

B2Trust
Email: privacy@b2trust.com
Website: https://b2trust.com/contact

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.