Crawlsonar

Privacy & Data Protection Policy

Last updated: 9 July 2026

This policy explains how Northstar Infinity Works Ltd(“we”, “us”, “our”), the operator of Crawlsonar (the “Service”), collects, uses and protects personal data. We are the data controller for the personal data described here. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Northstar Infinity Works Ltd is a company registered in England & Wales (company number 17326480), registered office C/O Elsg Ltd, Regus, Building 2, Marlins Meadow, Watford, England, WD18 8YA. You can contact us about privacy at [email protected].

Summary

  • The tools work without an account and, for ordinary use, without setting cookies on your browser.
  • Our usage analytics are cookieless and do not record your IP address or any identifier.
  • If you paste email headers, they are analysed entirely in your browser and never sent to us.
  • We only hold your email address if you choose to give it to us to receive a report by email.
  • You can ask us to access or delete your data at any time.

The personal data we process, and why

Information you submit to scan

To run a check you enter a target — a domain, URL, IP address, email address (for email authentication checks we use only its domain), or raw email headers. Targets are usually not your personal data. We use them only to perform the requested scan and to generate the result you asked for. Lawful basis: performance of the service you request (legitimate interests / your request).

Email headers pasted into the Email Header Analyzer are processed entirely in your browser (client-side). They are not transmitted to or stored by us.

Your email address (only if you provide it)

If you ask us to email you a report as a PDF, or opt in to updates, we collect your email address together with the tool and target you scanned and a timestamp recording your consent. We use this to deliver the report you requested and, where you have opted in, to send you occasional product updates. Lawful basis: consent. You can withdraw consent or unsubscribe at any time; withdrawal does not affect processing carried out before it.

Your IP address

When you use the “What is my IP” tool we read your IP address from the connection in order to display it to you. We also process IP addresses transiently to apply rate limits and protect the Service from abuse. We do not store your IP address in our analytics or lead records. Lawful basis: legitimate interests (operating and securing the Service).

Usage analytics

We record aggregated, first-party events (for example, that a scan was started or a report viewed) to understand how the Service is used and improve it. These events are cookieless and contain no IP address, user agent or other identifier. Lawful basis: legitimate interests (improving the Service).

Shared reports

If you create a shareable report link, we store the scan result for up to 30 days at an unguessable, non-indexed URL so it can be viewed. Shared reports contain only the public scan data of the target and no information about you (no IP, no request data).

Cookies

We do not set cookies on your browser when you use the tools, and our analytics are cookieless. The only cookie we use is a session cookie set when a member of our own team signs in to the administration area; it is not set for ordinary visitors. Because we set no non-essential cookies, no cookie-consent banner is required.

Who we share data with

We do not sell your personal data. We share it only with service providers who process it on our behalf, under contract and only as needed to run the Service:

  • Our hosting provider, which stores report and lead data on our behalf.
  • Cloudflare, Inc., which provides content delivery, security and DNS lookups for the Service.
  • Where email delivery is enabled, an email delivery provider, to send the report you requested.

[Operator to insert the specific hosting and email providers used, and their locations, once selected.]

International transfers

Some of our providers may process data outside the UK. Where they do, we rely on an adequacy decision or on appropriate safeguards (such as the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses) to protect your data.

How long we keep data

  • Scan inputs and results: not stored beyond returning your result, except where you create a shared report (up to 30 days) or request a PDF by email.
  • Email addresses (leads): kept until you unsubscribe or ask us to delete them, or until no longer needed for the purpose you consented to.
  • Analytics events: aggregated, non-identifying, retained to inform product decisions.

How we protect your data

We apply security-by-design measures, including HTTPS in transit, protection against server-side request forgery on all outbound fetches, rate limiting, and access controls on our administration area. No method of transmission or storage is completely secure, but we take appropriate technical and organisational measures to protect personal data.

Your rights

Under the UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased;
  • restrict or object to our processing;
  • data portability;
  • withdraw consent at any time (where processing is based on consent).

To exercise any of these rights, email [email protected]. We will respond within one month. If you are not satisfied, you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk, though we would appreciate the chance to resolve your concern first.

Third-party sites you scan

When you scan a target, we make requests to that third-party site. We are not responsible for the content or privacy practices of sites you choose to scan. Only scan sites you own or are authorised to test. Automated reports are point-in-time and may contain inaccuracies; they are not a certification.

Children

The Service is a technical tool intended for professionals and is not directed at children under 16.

Changes to this policy

We may update this policy from time to time. We will change the “last updated” date above and, for significant changes, take reasonable steps to notify you.

Contact

Northstar Infinity Works Ltd, C/O Elsg Ltd, Regus, Building 2, Marlins Meadow, Watford, England, WD18 8YA. Privacy enquiries: [email protected].