Privacy Policy

Last updated: February 2026

Data Controller

BINLookupAPI is a trading style of Jade Technologies Limited, a company registered in England and Wales (company number: 15043871). Our registered office is at 7 Bell Yard, London, England, WC2A 2JR. Jade Technologies Limited is the data controller responsible for your personal information.

About This Policy

BINLookupAPI is a business-to-business (B2B) service. Our customers are typically merchants, payment processors, fintech companies, and developers who integrate our API into their applications.

Data Processing Roles:

  • YOU (the customer) are the data controller for any personal data in your own systems and applications
  • WE are the data controller for YOUR account information (email, credentials, usage logs, payment details)
  • We are NOT a processor of your end-users' personal data - we do not receive full payment card numbers, cardholder names, or other personal data about your customers

When you query BINs through our API, you typically extract the BIN (first 6-8 digits) from a payment card number in your own system. We only receive the BIN, not the full card number or any cardholder personal data. You remain the data controller for your end-user data and are responsible for your own privacy compliance.

Data Processing Agreement: While we do not typically process personal data on your behalf (since BINs are not personal data), if your specific use case requires a Data Processing Agreement (DPA), please contact support@binlookupapi.com and we will assess your requirements.

1. Information We Collect

We collect information you provide directly to us when you create an account, use our API, or communicate with us.

Account Information:

  • Email address and account credentials
  • Company name and billing information (for paid plans)
  • Communications with our support team

Payment Information:

Payment information is processed securely by Stripe, our payment processor. We do not store full credit card numbers on our servers. Stripe provides us with a tokenized reference to your payment method and transaction history. See Stripe's Privacy Policy for details on their data handling.

Technical and Usage Information:

  • IP addresses (for security, abuse prevention, and rate limiting)
  • Device and browser information (user agent, operating system)
  • API authentication tokens and keys
  • Timestamps of account activity and API requests
  • Error logs and diagnostic information
  • Product usage analytics (pages visited, features used, interaction patterns) collected via PostHog
  • Anti-bot verification data (device characteristics, behavioral patterns) via hCaptcha

1A. BIN Query Data

When you use our API, you submit Bank Identification Numbers (BINs) for lookup. BINs themselves are not personal data - they identify card issuing programs and banks, not individuals. However, we log metadata about your queries to operate our service.

What We Log:

  • The BIN numbers you query
  • Your API key identifier (linked to your account)
  • Timestamp of each query
  • Your IP address
  • HTTP request headers (user agent, etc.)
  • Response status code and data returned
  • Error messages (if applicable)

How We Use Query Data:

  • Enforce rate limits and monitor quota usage for your plan
  • Generate billing records and usage reports for your account
  • Detect abuse, fraud, and Terms of Service violations (e.g., systematic BIN range scanning)
  • Improve our BIN database accuracy and coverage
  • Identify trending BIN queries to prioritize database updates
  • Diagnose technical issues and API performance problems
  • Generate anonymized, aggregated analytics (e.g., 'most queried card brands' or 'average response times')

Data Sharing: We do not sell or share your individual query data with third parties. Aggregated, anonymized analytics (with no customer-identifiable information) may be used for industry research or marketing purposes.

Retention: We retain complete API request logs (including BIN numbers, timestamps, and IP addresses) for the lifetime of your account as a core product feature. These logs are accessible via the "Usage" tab in your account dashboard and serve multiple purposes:

  • Provide you with comprehensive usage analytics and historical reporting
  • Enable you to audit your API usage and track patterns over time
  • Support billing verification and quota management
  • Facilitate fraud investigations and abuse detection across extended timeframes
  • Allow you to maintain records for your own compliance and auditing purposes

We have assessed that maintaining complete historical request logs is necessary and proportionate, as the benefits (valuable analytics for customers, long-term abuse prevention, forensic capabilities) outweigh the privacy impact of logging IP addresses. Safeguards include encryption at rest, restricted access controls, and use only for stated purposes.

Upon account deletion, all request logs are permanently deleted after 30 days (or 7 years if retention is required for legal compliance such as tax obligations).

Your Control:

Dashboard Access: You can view your complete API request history in real-time via the "Usage" tab in your account dashboard. This shows each API request you've made, including BIN queried, timestamp, IP address, response status, and response time. You can export this usage data at any time for your own records.

Deletion Rights: You can request deletion of your query logs at any time by contacting support@binlookupapi.com. Note that deletion will remove the usage analytics feature from your account and may affect our ability to investigate technical issues or abuse patterns. See Section 8 for your full data subject rights.

Objection Rights: You can object to indefinite retention of IP addresses in your query logs based on your particular situation. We will assess your objection and may accommodate your request by deleting IP addresses from historical logs while retaining other usage data necessary for service provision. Contact support@binlookupapi.com to exercise this right.

2. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, we process your personal data on the following legal bases:

Contract (Article 6(1)(b)):

Processing necessary to provide the services you have subscribed to, including account creation, API access, billing, and customer support. This includes processing your email, payment information, and API usage data.

Legitimate Interests (Article 6(1)(f)):

Processing necessary for our legitimate business interests, where such processing does not override your fundamental rights and freedoms. We have conducted a balancing assessment for each legitimate interest purpose:

  • Fraud and Abuse Prevention: Logging IP addresses, API usage patterns, and request metadata to detect malicious activity, prevent service abuse (e.g., scraping, DDoS attacks), and protect our infrastructure. Our interest: protecting our service and customers. Your interest: minimal intrusion (IP addresses are logged by most web services). Safeguards: access controls, encryption.
  • Service Improvement: Analyzing usage patterns (in aggregated, anonymized form) to improve our BIN database coverage and API performance. Our interest: providing better service to all customers. Your interest: indirect benefit through improved service. Safeguards: data is anonymized before analysis, individual customer patterns are not examined.
  • Security Monitoring: Detecting and responding to security threats, including unauthorized access attempts, brute force attacks, and vulnerability exploitation. Our interest: protecting customer data and service integrity. Your interest: security protection. Safeguards: automated alerts, retention limits, access controls.
  • Business Operations: Sending operational updates, security alerts, and service-related messages (not marketing). Our interest: keeping customers informed of service status and security issues. Your interest: awareness of service issues. Safeguards: emails limited to genuinely operational matters.

Right to Object: You may object to processing based on legitimate interests at any time by contacting support@binlookupapi.com. We will assess your objection and cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Legal Obligation (Article 6(1)(c)):

Processing necessary to comply with legal obligations, including UK tax law (7-year retention of payment records), UK GDPR (data breach reporting), and lawful requests from law enforcement or regulators.

Consent (Article 6(1)(a)):

For marketing communications, we obtain your explicit consent through an opt-in mechanism during account registration or via your account settings. See Section 3A for details on marketing communications.

Data Minimization: We collect only the minimum personal data necessary to provide our services. We do not collect sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation).

3. How We Use Your Information

Service Provision:

  • Create and maintain your account
  • Provide API access and process BIN lookup requests
  • Enforce rate limits and plan quotas
  • Generate usage reports and dashboards
  • Authenticate API requests and manage access credentials

Billing and Payments:

  • Process transactions and subscription payments
  • Send invoices and payment confirmations
  • Handle billing disputes and refund requests
  • Maintain records for tax compliance

Communications:

  • Send technical notices and security alerts
  • Provide customer support and respond to inquiries
  • Notify you of service updates or planned maintenance
  • Send transactional messages related to your account

Service Improvement:

  • Monitor and analyze usage patterns to improve service quality
  • Identify and fix bugs and technical issues
  • Optimize API performance and response times
  • Prioritize BIN database updates based on query patterns

Security and Compliance:

  • Detect, investigate, and prevent fraud and abuse
  • Identify and respond to security threats
  • Enforce our Terms of Service
  • Investigate violations and take appropriate action
  • Comply with legal obligations and respond to lawful requests
  • Validate email addresses and phone numbers using third-party validation services

Purpose Limitation: We use personal data only for the purposes disclosed in this policy. We will not use your data for materially different or incompatible purposes without your explicit consent or another lawful basis.

3A. Marketing Communications

With your explicit consent, we may send you marketing communications about:

  • New features and product updates
  • Educational content about BIN data and payment security
  • Special offers, promotions, or discounts
  • Industry news, best practices, and case studies
  • Invitations to webinars or events

How We Obtain Consent:

  • Confirmation email with clear option to unsubscribe
  • Marketing consent is separate from service terms and can be withdrawn at any time

How to Opt Out:

Transactional vs. Marketing:

  • Transactional emails (service notifications, billing alerts, security warnings, Terms updates) cannot be opted out of while your account is active, as they are necessary for service provision
  • Marketing emails (product news, promotions, educational content) can be opted out of at any time without affecting your service access

Third-Party Marketing: We never sell, rent, or share your email address with third parties for their own marketing purposes. You will only receive marketing communications directly from BINLookupAPI.

3B. Automated Decision-Making

We use automated systems to protect our service and ensure fair usage. Under UK GDPR Article 22, you have the right to information about automated decision-making that has legal or similarly significant effects.

Automated Systems We Use:

  • Rate Limiting and Throttling: Automated enforcement of plan quotas. If you exceed rate limits, our system automatically throttles or temporarily blocks API requests. Logic: request count vs. plan limits. Consequence: temporary service restriction. Review: contact support@binlookupapi.com for immediate human review.
  • Abuse Detection: Automated detection of suspicious patterns such as systematic BIN range scanning, rapid enumeration attacks, or credential stuffing. Logic: pattern recognition, anomaly detection, velocity checks. Consequence: temporary API key suspension or account review. Review: contact support@binlookupapi.com within 48 hours (business days) for human review and explanation.
  • Payment Fraud Prevention: Automated risk scoring for payment transactions (handled by Stripe). Logic: Stripe's proprietary fraud detection models. Consequence: payment may be declined or require additional verification. Review: contact support@binlookupapi.com and we will work with Stripe to review the decision.
  • Bot Detection (hCaptcha): Automated verification that you are human, not a bot. Logic: hCaptcha's proprietary bot detection algorithms. Consequence: May be required to solve CAPTCHA challenge. Review: Contact support if you believe you've been incorrectly flagged as a bot.

Your Rights:

  • Right to human review of any automated decision affecting your access
  • Right to explanation of the logic and reasoning behind the decision
  • Right to contest the decision and present your case
  • Right to have the decision reviewed and potentially overturned

Not Used For: We do not use automated decision-making for credit scoring, employment decisions, insurance underwriting, or other high-impact decisions affecting your fundamental rights.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. When data is no longer necessary for the purposes for which it was collected, we securely delete or anonymize it.

Specific Retention Periods:

  • Account Information: Retained until you request account deletion, then for 7 years to comply with UK tax law and legal obligations. After 7 years, permanently deleted.
  • Payment Records: Retained for 7 years as required by UK tax law (HMRC record-keeping requirements), then permanently deleted. This includes invoices, payment confirmations, and transaction history.
  • Support Communications: Retained for 3 years after case resolution for quality assurance and dispute resolution, then permanently deleted.
  • Marketing Consent Records: Retained for 7 years after you withdraw consent or close your account, to demonstrate compliance with UK GDPR consent requirements.
  • Security Incident Logs: Retained for 2 years after incident resolution for security analysis and compliance purposes.
  • API Request Logs: We retain complete API request logs (including IP addresses) for the lifetime of your account as a core product feature. These logs are accessible via your account dashboard's "Usage" tab.

Account Deletion Process:

Account deletion occurs when: (1) you request deletion via your dashboard or by emailing support@binlookupapi.com; (2) 30 days after termination for non-payment; or (3) 12 months of complete inactivity (no logins or API usage).

Upon deletion request, we immediately deactivate your account and API access. We retain account data for 30 days (to allow you to change your mind), then permanently delete it, except where retention is required by law (payment records for tax compliance).

Data Accuracy: We take reasonable steps to ensure personal data is accurate and up to date. You can update your account information at any time via your account dashboard. If you identify any inaccurate data, please contact support@binlookupapi.com and we will correct it promptly.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. We take our security obligations seriously and continuously review and improve our practices.

Technical Security Measures:

  • Encryption of data in transit using TLS 1.3 (industry standard for secure communications)
  • Encryption of data at rest
  • Secure API authentication using industry-standard protocols (OAuth 2.0, JWT tokens)
  • Automated vulnerability scanning and patch management
  • Web application firewall (WAF) to protect against common attacks
  • Distributed denial-of-service (DDoS) protection
  • Comprehensive access logging and security monitoring
  • Secure backup procedures with encrypted backups stored separately

Organizational Security Measures:

  • Access controls based on role and need-to-know principle
  • Multi-factor authentication (MFA) required for all internal systems
  • Regular employee training on data protection and information security
  • Confidentiality agreements with all personnel and contractors
  • Documented incident response procedures and playbooks
  • Regular security policy reviews and updates
  • Separation of production and development environments
  • Audit trails for all access to personal data

Security Standards and Compliance:

We follow industry best practices including OWASP Top 10 guidelines and PCI DSS principles. While we do not store full credit card numbers (Stripe handles payment processing), we apply PCI-level security under SAQ D for L2 service providers.

Limitations and Shared Responsibility:

While we implement robust technical and organizational measures to protect your data, no system is completely invulnerable to all possible threats. We commit to using industry-standard protections and responding promptly to any incidents. You are responsible for maintaining the security of your account credentials and API keys.

5A. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will fulfill our obligations under UK GDPR Articles 33 and 34.

Notification to the ICO:

  • We will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a breach
  • Our notification will include: nature of the breach, categories and approximate numbers of affected individuals, likely consequences, and our response measures
  • If notification is not made within 72 hours, we will provide reasons for the delay

Notification to You:

  • If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay
  • Notification will include: clear description of the breach in plain language, likely consequences, measures we have taken or propose to take to address the breach and mitigate its effects
  • Notification will be sent via email to your registered account email address

Our Incident Response Process:

  • We maintain a documented incident response plan and security breach procedures
  • We conduct regular security drills and breach response simulations
  • In the event of a serious breach, we work with forensic security specialists to investigate and remediate
  • We document all breaches and our response for compliance and learning purposes
  • We implement corrective measures to prevent similar incidents in the future

Responsible Disclosure: If you believe you have discovered a security vulnerability in our service, please report it to support@binlookupapi.com. We operate a responsible disclosure program and do not take legal action against security researchers who report vulnerabilities in good faith following coordinated disclosure practices.

6. Third-Party Services and Sub-Processors

We use third-party services to operate our business. These service providers process personal data on our behalf as sub-processors under UK GDPR Article 28. We have data processing agreements with all sub-processors that obligate them to protect your information according to UK GDPR standards.

Current Sub-Processors:

Provider Purpose Location
Stripe, Inc. Payment processing United States
Vercel Inc. Hosting and infrastructure United States
Postmark (Wildbit, LLC) Transactional email delivery United States
Neutrino API Ltd Fraud detection and data validation United Kingdom / United States
PlanetScale Inc. Database hosting and management United States
PostHog Inc. Product analytics and usage tracking United States
Fathom Analytics Inc. Website analytics (privacy-focused) Canada
Upstash Inc. Serverless database and caching infrastructure United States
Intuition Machines, Inc. (hCaptcha) Bot detection and fraud prevention United States

Sub-Processor Obligations:

Each sub-processor is contractually required to:

  • Process personal data only on our documented instructions
  • Implement appropriate technical and organizational security measures
  • Maintain confidentiality of personal data
  • Assist us in responding to data subject requests
  • Notify us of any data breaches affecting personal data they process
  • Delete or return personal data at the end of the processing relationship

Changes to Sub-Processors:

We will notify you at least 30 days before adding new sub-processors with access to your personal data. Notification will be sent via email to your registered account email address.

Right to Object: If you object to a new sub-processor on reasonable grounds relating to data protection, you may terminate your account within 30 days of notification and receive a pro-rated refund of prepaid fees. To object, contact support@binlookupapi.com with your concerns.

Due Diligence: We conduct due diligence on all sub-processors before engagement to ensure they provide appropriate technical, organizational, and contractual safeguards for personal data. We regularly review sub-processor security practices and compliance.

7. International Data Transfers

Some of our sub-processors are located outside the United Kingdom and European Economic Area (EEA), which means your personal data may be transferred to and processed in other countries with different data protection laws.

Current International Transfers:

  • United States: Stripe (payment processing), Vercel (hosting), Postmark (email), PlanetScale (database), PostHog (analytics), Upstash (caching), hCaptcha (security)
  • Canada: Fathom Analytics (website analytics)

Legal Safeguards:

For all international transfers, we ensure appropriate safeguards are in place as required by UK GDPR Article 46:

  • UK International Data Transfer Agreement (IDTA): For transfers from the United Kingdom, we use the UK IDTA approved by the Information Commissioner's Office
  • EU Standard Contractual Clauses (2021): For transfers from the European Economic Area, we use the EU Standard Contractual Clauses adopted by the European Commission
  • Adequacy Decisions: Where applicable, we rely on adequacy decisions by the UK ICO or EU Commission determining that the destination country provides an adequate level of data protection

Transfer Impact Assessment:

We have conducted transfer impact assessments for transfers to the United States, considering:

  • The legal framework in the destination country
  • Whether the importer is subject to government surveillance laws
  • The technical and organizational measures implemented by the importer
  • Whether supplementary measures are necessary
  • The specific circumstances of the transfer

Our assessment concluded that the combination of contractual safeguards (IDTA/SCCs) and technical measures (encryption, access controls, security certifications) provides appropriate protection for your personal data.

Your Rights: You may request a copy of the safeguards we have in place for international transfers by contacting support@binlookupapi.com. We will provide copies of relevant SCCs/IDTA provisions.

Prohibited Transfers: We do not transfer personal data to countries subject to comprehensive economic sanctions (e.g., North Korea, Iran, Syria) or where such transfers would violate UK or EU law.

8. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, you have the following rights regarding your personal data:

1. Right of Access (Article 15):

You have the right to request a copy of the personal data we hold about you. Your access request should specify what information you are seeking. We will provide:

  • A copy of your personal data in a commonly used electronic format
  • Information about the purposes of processing
  • The categories of personal data concerned
  • The recipients or categories of recipient
  • Retention periods
  • Your other rights under UK GDPR

2. Right to Rectification (Article 16):

You have the right to request correction of inaccurate personal data. You can update most information directly in your account dashboard. For other corrections, contact support@binlookupapi.com.

3. Right to Erasure / 'Right to be Forgotten' (Article 17):

You have the right to request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent (where processing was based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with a legal obligation

Note: This right is subject to legal retention requirements. We must retain certain data (payment records for tax compliance) for specified periods even if you request deletion.

4. Right to Restriction of Processing (Article 18):

You have the right to request restriction of processing in certain circumstances:

  • You contest the accuracy of the data (restriction during verification)
  • Processing is unlawful but you prefer restriction to erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (restriction pending verification of grounds)

5. Right to Data Portability (Article 20):

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON or CSV). You can:

  • Export your account data via your dashboard
  • Request a complete data export by emailing support@binlookupapi.com
  • Request transmission of your data to another controller (where technically feasible)

This right applies only to personal data you have provided to us and where processing is based on consent or contract, and is carried out by automated means.

6. Right to Object (Article 21):

You have the right to object to processing based on legitimate interests (see Section 2). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims.

You have an absolute right to object to processing for direct marketing purposes. If you object, we will cease marketing immediately.

7. Right to Withdraw Consent (Article 7(3)):

Where processing is based on consent (marketing communications), you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. See Section 3A for how to opt out of marketing.

8. Rights Related to Automated Decision-Making (Article 22):

You have the right not to be subject to solely automated decision-making (including profiling) that produces legal effects or similarly significantly affects you. See Section 3B for details on our automated systems and your right to human review.

How to Exercise Your Rights:

To exercise any of these rights, contact us at support@binlookupapi.com. Please include:

  • Your full name and email address associated with your account
  • Specific details of your request
  • Proof of identity (if we cannot verify your identity from your email address)

Response Time: We will respond to your request without undue delay and within 30 days of receipt. If your request is complex or we receive multiple requests from you, we may extend this period by up to two months. We will inform you of any extension within the initial 30-day period and explain the reasons for the delay.

Verification: We may request additional information to verify your identity before fulfilling requests, particularly for access or deletion requests. This is to protect your privacy and prevent unauthorized disclosure or deletion of personal data.

Fees: We do not charge a fee for exercising your rights unless your request is manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable fee based on administrative costs or refuse to act on the request.

Right to Lodge a Complaint: If you believe we have not handled your personal data properly or have violated your privacy rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. You can contact the ICO at: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Website: ico.org.uk. Phone: 0303 123 1113.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate our service and provide you with a secure experience. A cookie is a small text file stored on your device by your web browser.

Essential Cookies:

These cookies are necessary for our website and API dashboard to function properly. You cannot opt out of essential cookies without preventing core features from working.

  • session_token | Purpose: Maintain your login session | Duration: 30 days | Contains: Encrypted session identifier
  • csrf_token | Purpose: Prevent cross-site request forgery attacks | Duration: Session (deleted when browser closes) | Contains: Random security token
  • api_auth | Purpose: API authentication for dashboard | Duration: Configurable (default 30 days) | Contains: Encrypted API credentials

Analytics and Performance Cookies:

We use Fathom Analytics (Canada) for privacy-focused website analytics. Fathom does not use cookies, does not track users across sites, and collects only anonymized, aggregated data about website usage (pages visited, referral sources, country-level location). See usefathom.com/privacy.

For logged-in customers, we use PostHog (United States) for dashboard usage analytics to improve our product. PostHog may set a session cookie (posthog_session, 24 hours) to track dashboard usage patterns. This data is used solely for product improvement and is not shared with third parties for marketing.

Advertising and Tracking Cookies:

We do not use advertising cookies, third-party tracking cookies, or any cross-site tracking technologies. We do not participate in advertising networks or sell user data to advertisers.

Third-Party Cookies:

Some third-party services we use may set their own cookies:

  • Stripe: Our payment processor may set cookies during the payment process for fraud prevention. These cookies are governed by Stripe's Privacy Policy.

API Request Logging (Not Cookie-Based):

When you use our API, we log request metadata (IP address, timestamp, endpoint accessed, response code) for operational, security, and abuse prevention purposes. This is server-side logging, not cookie-based tracking. See Section 1A for details on what we log and how we use it.

Your Cookie Choices:

Browser Settings: You can configure your browser to refuse cookies or alert you when cookies are being sent. However, if you disable or refuse cookies, some features of our dashboard may not function properly. Essential cookies are required for account login and API key management.

API Access: Our API does not require cookies for authentication. You authenticate via API keys passed in HTTP headers, so API functionality is not affected by cookie settings.

Do Not Track: Some browsers have a 'Do Not Track' (DNT) feature that signals to websites you visit that you do not want to be tracked. Since we do not use tracking cookies for advertising or cross-site tracking, the DNT setting does not materially affect our data collection practices.

10. Children's Privacy

Our services are business-to-business tools designed for professional use. We do not knowingly collect personal information from children under 13 years of age. If you are under 13, please do not use our service or provide any personal information.

If you are between 13 and 18, you may only use our service with the involvement and consent of a parent or legal guardian. If you are a parent or guardian and you believe your child under 13 has provided us with personal information, please contact us immediately at support@binlookupapi.com.

Business Accounts: If you represent a business or organization using our service, you confirm that all authorized users of your account are of appropriate age and have the legal capacity to use the service in accordance with these terms.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. We will notify you of material changes and obtain your consent where required by law.

Material Changes Include:

  • Changes to the purposes for which we process personal data
  • Changes to the legal bases for processing
  • Changes to data retention periods
  • Addition of new categories of personal data collected
  • Changes to international data transfer practices
  • Reduction of your rights or protections
  • Changes to how we share data with third parties

Notification of Material Changes:

  • Email notification to your registered account email address
  • Prominent notice in your account dashboard
  • At least 30 days' advance notice before changes take effect
  • Clear explanation of what has changed and why

Your Choices: Your continued use of the service after material changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to material changes, you may close your account before the changes take effect by contacting support@binlookupapi.com.

Non-Material Changes: Minor changes such as clarifications, formatting updates, contact detail changes, or updates to third-party service provider names may be made without advance notice. We will update the 'Last updated' date at the top of this policy.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

Email: support@binlookupapi.com

Postal Address:

Jade Technologies Limited
Attn: Privacy Officer
7 Bell Yard
London, England
WC2A 2JR

Response Time: We aim to respond to privacy inquiries within 5 business days and to complete data subject requests within 30 days as required by UK GDPR.

Data Protection Officer: We are not currently required to appoint a Data Protection Officer under UK GDPR Article 37. If this changes in the future, we will update this policy with DPO contact details.

Supervisory Authority: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Website: ico.org.uk. Phone: 0303 123 1113.

Jade Technologies Limited
Company Number: 15043871
Registered Office: 7 Bell Yard, London, England, WC2A 2JR
VAT Number: 457276953