top of page

Privacy Policy

Last Updated: 28 May 2025

1. Introduction

Welcome to HUT11. We are committed to protecting the privacy and security of personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website, Hut11.co.uk, and when you engage with our Open Source Intelligence (OSINT) digital footprint analysis, and follow-up surveillance services. HUT11 specialises in OSINT investigations into digital footprints on the open web and dark web, and, where necessary, provides follow-up surveillance services. This policy applies to information collected through our website, during the provision of our services, and any other interactions you may have with HUT11.

2. Information We Collect

We may collect various types of personal information, including:

  • Information you provide directly:

    • When you contact us (e.g., via email, contact forms): Your name, email address, phone number, the content of your query, and any other information you choose to provide.

    • When you engage our services: Contact details, payment information, and information pertinent to the service you require. This may include information about yourself or, if you are commissioning a service regarding a third party (the "Person of Interest" or "POI"), information related to that POI that you lawfully provide to us.

  • Information collected automatically from our website:

    • Log data: IP address, browser type, operating system, referring web pages, pages visited, location (if enabled), and cookie information.

  • Information collected during the provision of our services (OSINT and Surveillance):

    • Digital Footprint Data (OSINT): Publicly available information from the internet, including social media, forums, public records, news articles, and mentions on the dark web related to a POI. This can include lifestyle details, social connections, organisational memberships, event attendance, and past online statements.

    • Surveillance Data: In cases where active operational surveillance is commissioned, we may collect information about a POI’s movements, activities, and interactions. This collection is conducted by our experienced team.

3. How We Use Your Information

We use the information collected for the following purposes:

  • To provide and manage our services

    • To conduct digital footprint analysis and OSINT investigations as requested by you.

    • To carry out follow-up surveillance operations when specifically commissioned and deemed appropriate.

    • To report findings to you, our client.

  • To communicate with you: To respond to enquiries, provide updates, and manage our client relationship.

  • For website administration and improvement: To operate and maintain our website, analyse usage, and improve user experience.

  • For legal and contractual obligations: To comply with applicable laws, regulations, and to enforce our terms of service.

  • Billing and account management.

4. Legal Basis for Processing Personal Information (UK GDPR)

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

  • Consent: We may rely on your consent to process certain personal information (e.g., for marketing communications, or for cookies on our website). You can withdraw your consent at any time.

  • Contractual Necessity: We process personal information to fulfil our contractual obligations to you when you engage our services.

  • Legitimate Interests:

    • For information collected about a POI during OSINT investigations or surveillance services commissioned by a client, we typically process this data based on the legitimate interests of our client (e.g., to understand a POI's digital exposure, for due diligence, to gather evidence in relation to specific concerns). HUT11 also has a legitimate interest in providing these services.

    • We conduct a balancing test for such processing, considering the impact on the POI's privacy. We aim to gather information proportionately and, where appropriate (as in the case of surveillance), will seek to explore less intrusive means first.

  • Legal Obligations: We may process your information where we are legally required to do so.

5. Data Sharing and Disclosure

HUT11 does not sell your personal information. We may share information under the following circumstances:

  • With You (Our Client): Findings from investigations and surveillance operations are reported to the client who commissioned the service.

  • Service Providers: We may engage third-party companies and individuals to perform services on our behalf (e.g., IT support, payment processing). These providers will have access to personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

  • Incogni (Partner Referral): If you choose to use the services of our partner, Incogni, for data removal, and you provide our referral code (HUT11 for your discount), we may have a referral arrangement, but the data sharing will be governed by your direct interaction with Incogni.

  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

  • Protection of Rights: We may disclose information where we believe it necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service, or as evidence in litigation.

6. Data Security

HUT11 takes the security of the data we handle extremely seriously. We implement appropriate technical and organisational measures to protect personal information from unauthorised access, use, disclosure, alteration, or destruction. This includes measures to safeguard highly sensitive information gathered during our investigations and surveillance operations. However, no method of transmission over the Internet or electronic storage is 100% secure.

7. Data Retention

We will retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Client information will be retained for the duration of the engagement and for a reasonable period thereafter as required by law or for legitimate business purposes.

  • Data collected on POIs during investigations will be retained for as long as necessary to provide the service to our client and as permitted by law, after which it will be securely deleted or anonymised.

8. Your Data Protection Rights (UK GDPR)

You have the following data protection rights:

  • Access: You have the right to request copies of your personal information.

  • Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

  • Erasure (Right to be Forgotten): You have the right to request that we erase your personal information, under certain conditions.

  • Restrict Processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.

  • Object to Processing: You have the right to object to our processing of your personal information, under certain conditions, particularly where we rely on legitimate interests.

  • Data Portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

To exercise any of these rights, please contact us using the details below.

Regarding Persons of Interest (POIs): If we have processed information about you as a POI as part of an investigation for a client, you may also have rights under UK GDPR. However, these rights may be subject to exemptions, particularly where exercising them would prejudice the purpose of the investigation or the rights of others (e.g., our client's right to gather information for a legal claim or for their own protection). We will handle such requests on a case-by-case basis in accordance with applicable law.

9. Cookies

Our website may use cookies to enhance user experience. Cookies are small files placed on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.

10. International Data Transfers

While HUT11 is based in the UK, our personnel have international experience. Information we collect may be stored and processed in and transferred between any of the countries in which we or our service providers operate to enable the use of the information in accordance with this privacy policy. We will ensure appropriate safeguards are in place for any transfers of personal data outside the UK/EEA.

11. Children's Privacy

Our services and website are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, please contact us at:

HUT11

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

info@Hut11.co.uk

https://Hut11.co.uk

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

© 2025 by Hut11 Ltd.

bottom of page