Privacy Policy
Last updated: 5 June 2026
This Privacy Policy explains how ONELOOKUP LIMITED, a company incorporated in the Republic of Cyprus (registration number HE 492254), with registered office at Aglantzias 21, Complex 21B, 2nd floor, Flat/Office 1, Aglantzia, 2108, Nicosia, Cyprus ("OneLookup", "we", "us", or "our"), collects, uses, shares, and protects personal information in connection with the OneLookup website at onelookup.ai and our search and reporting services (the "Services").
We are the data controller for the personal information described here. If you do not agree with this Policy, please do not use the Services.
A note on the two kinds of data we handle. OneLookup is a people-search service. We process (a) your own personal information as our customer (your account, payments, and use of the Services), and (b) information about other individuals that you search for and that we compile from public and licensed sources. This Policy covers both, and explains how individuals who appear in search results can contact us (see "Your choices about information about you in our results").
1. Information We Collect
Information you provide:
- Account and contact data — your email address (we use passwordless "magic link" sign-in, so we do not store a password).
- Payment data — processed by our third-party payment provider. We do not receive or store your full card number; we receive limited transaction and status information needed to provide the Services.
- Search queries — the phone numbers, email addresses, names, and photos you submit to run a lookup. A photo you upload is stored securely to perform the search and to display your report to you.
- Communications — messages you send us (for example, support requests).
Information we generate or collect automatically:
- Report content — the results we compile for your searches, stored so you can view them in your account.
- Usage and device data — IP address, browser and device information, pages viewed, and how you interact with and navigate the site, collected via cookies and similar technologies (see the Cookies section below).
- Approximate location — derived from your IP address.
2. How and Why We Use Information (Legal Bases)
We use personal information to operate, provide, secure, and improve the Services. Where the EU/UK General Data Protection Regulation ("GDPR") applies, we rely on the following legal bases:
- Performance of a contract — to create your account, process searches, deliver reports, and take payment.
- Legitimate interests — to secure and improve the Services, prevent fraud and abuse, enforce our Terms, and run essential analytics, balanced against your rights.
- Legal obligation — to comply with applicable law and respond to lawful requests.
- Consent — where we rely on it, such as for any optional marketing communications, which you can withdraw at any time.
3. How We Share Information
We do not sell your account information. We share personal information only as described here:
- Service providers / processors that process data on our behalf under contract, such as hosting and database, payment processing, transactional email, product-analytics, error-monitoring, and security/rate-limiting providers.
- Third-party data providers and publicly available or licensed sources that we query to compile your search results. Only the search query you submit is shared with a provider, and solely to perform that lookup.
- Legal, safety, and protection — where we believe in good faith it is necessary to comply with law or a lawful request, enforce our Terms, or protect the rights, safety, or property of any person.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
4. International Data Transfers
We operate from Cyprus, and our service providers may process data in the United States and elsewhere. Where we transfer personal data outside the EU/EEA or the UK, we use an appropriate transfer mechanism, such as the European Commission's Standard Contractual Clauses and/or the EU–US / UK–US Data Privacy Framework, together with additional safeguards where required.
5. Data Retention
We keep personal information only as long as necessary for the purposes described in this Policy. Reports are displayed in your account for a limited visibility window (currently 30 days after each lookup), after which they are no longer shown to you. We may retain underlying records, transaction and billing records, and security and audit logs for longer where necessary to provide the Services, comply with legal, tax, and accounting obligations, prevent fraud and abuse, and establish or defend legal claims. When information is no longer needed, we delete or anonymise it.
6. Automated Decision-Making
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Any AI-generated summary in a report is informational only and is not used to make decisions about you.
7. Security
We use technical and organisational measures designed to protect personal information, including encryption in transit, access controls, and passwordless authentication (we do not store account passwords). Payment-card data is handled by our PCI-compliant payment provider and does not touch our servers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Children's Privacy
The Services are intended only for adults aged 18 or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us at privacy@onelookup.ai and we will delete it.
9. Cookies and Similar Technologies
We use cookies and similar technologies (such as local storage and pixels) to run the site, keep you signed in, remember your preferences, and understand and improve how the site is used.
Categories. Strictly necessary — sign-in and session security (these cannot be switched off). Functional — your preferences. Analytics and performance — how the site is used, including which pages are viewed and how visitors interact with and navigate them (this may include session-replay analytics that capture on-page interactions). Some of these are set by third-party service providers that help us run the site.
Your choices. You can block or delete cookies through your browser settings (blocking strictly-necessary cookies may stop parts of the site, such as signing in, from working) and use any opt-out tools the relevant providers offer. We honour recognised opt-out signals such as Global Privacy Control (GPC). Cookies last for varying periods — session cookies are removed when you close your browser; persistent cookies remain for a set time or until you delete them.
10. Removing Your Information from Our Results
If you are an individual whose information appears in OneLookup search results and you wish to access, correct, or request removal/opt-out of that information, contact us at privacy@onelookup.ai with enough detail to locate the record. We action verified removal requests within 30 business days.
For a phone number or email address, we remove the associated reports and stop returning that identifier in future lookups. For a photo, our photo lookup is a facial-similarity search performed by our provider FaceCheck.id; because we do not keep a photo database of our own, you can remove your image at the source using FaceCheck's free removal tool at facecheck.id/Face-Search/RemoveMyPhotos.
Because our other results are drawn from public and third-party sources, removal from OneLookup does not remove the underlying information from those sources, which you may need to contact separately.
11. Your Rights — EU, EEA, and United Kingdom (GDPR)
If you are in the EU, EEA, or UK, you have the following rights regarding your personal data, subject to conditions and exemptions in applicable law:
- Access — obtain confirmation of and a copy of your personal data.
- Rectification — correct inaccurate or incomplete data.
- Erasure ("right to be forgotten") — have your data deleted in certain circumstances.
- Restriction — limit how we process your data in certain circumstances.
- Portability — receive certain data in a portable format.
- Objection — object to processing based on legitimate interests, and to any direct marketing at any time.
- Withdraw consent — where processing is based on consent, withdraw it at any time (without affecting prior processing).
To exercise these rights, contact us at privacy@onelookup.ai. You also have the right to lodge a complaint with a supervisory authority — in Cyprus, the Office of the Commissioner for Personal Data Protection (or your local authority). We may need to verify your identity before acting on a request.
12. Your Rights — United States
We provide the following to U.S. residents. Some rights depend on your state of residence (including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Delaware, and others) and apply subject to the relevant state law.
Categories of personal information we collect (in the past 12 months): identifiers (such as name, email, IP address); commercial information (purchases); internet/network activity (usage and device data); approximate geolocation; and the contents of the searches you submit. We do not collect this information for sale.
Your rights, where your state grants them:
- Know / access the personal information we have collected about you and how we use and share it.
- Delete personal information we hold about you.
- Correct inaccurate personal information.
- Opt out of "sale" or "sharing" of personal information and of targeted/cross-context behavioural advertising.
- Limit the use of sensitive personal information.
- Appeal a decision on your request, where your state provides an appeal right.
- Non-discrimination — we will not discriminate against you for exercising your rights.
"Do Not Sell or Share My Personal Information" and Global Privacy Control. We do not sell personal information for money. To the extent our use of analytics or advertising technologies constitutes "sharing" or "sale" under your state's law, you may opt out by contacting us at privacy@onelookup.ai, and we honour the Global Privacy Control (GPC) browser signal where required.
California "Shine the Light," Nevada, and notice at collection. California residents may request information about disclosures for third-party direct marketing; Nevada residents may opt out of certain sales. The categories above serve as our notice at collection. You may use an authorised agent to submit requests; we may verify your identity.
To exercise any U.S. right, contact us at privacy@onelookup.ai.
13. Changes to This Policy
We may update this Policy from time to time. We will revise the "Last updated" date and, for material changes, provide additional notice where appropriate. Your continued use of the Services after the changes take effect constitutes acceptance.
14. Contact Us
For any privacy question or request, contact us at privacy@onelookup.ai, or by post at ONELOOKUP LIMITED, Aglantzias 21, Complex 21B, 2nd floor, Flat/Office 1, Aglantzia, 2108, Nicosia, Cyprus.