Back to Home

Privacy Policy

1. INTRODUCTION

SmartReverse.ai (“we,” “our,” “us,” or “the Company”), operated by Lindma , a company registered in Cyprus, is committed to protecting the privacy of its users and complying with all applicable data protection regulations, including the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679), the UK GDPR, and the Cypriot Data Protection Law.

This Privacy Policy is intended to explain, in a clear and transparent manner:

  • The personal data we may collect or process when you use our reverse lookup service based on Open Source Intelligence (OSINT) and artificial intelligence (AI) technologies;
  • The purposes and legal bases of such processing;
  • How this data is stored, secured, shared, or anonymized;
  • The rights available to you under applicable law, and how to exercise them.

We place particular emphasis on the lawfulness, proportionality , and purpose limitation of all data processing activities carried out through our platform. By using SmartReverse.ai , you acknowledge that you have read this Privacy Policy and, where required, consent to the processing of your data in accordance with the provisions set out below.

2. PROCESSING OF DATA FROM PUBLIC INFORMATION SOURCES PRELIMINARY NOTICE:

SmartReverse.ai operates solely as an automated search engine and aggregator of public information, based on Open Source Intelligence (OSINT) and artificial intelligence (AI) technologies.
Our service allows users to access, through an automated interface, information that has been made manifestly public by third parties , by consolidating it from sources freely available on the Internet (such as search engines, social networks, directories, legal or media publications, etc.).

None of this data:

  • Is hosted or stored on our servers;
  • Is enriched, altered, or interpreted;
  • Is used for any purpose other than its temporary display in the context of a single, user-initiated query.

Accordingly, we do not act as an active Data Controller in the strict sense of the GDPR. Our role remains strictly technical, intermediated, passive, and automated . In compliance with Article 14(5)(a) and (b) GDPR , where it is technically impossible or disproportionate to individually notify each data subject (due to the absence of a direct relationship or means of contact), we fulfill our information obligations by publishing this Privacy Policy in a clear, public, and accessible manner.

The indirect or automated processing of freely accessible data is based in particular on:

  • Recital 4 GDPR, which emphasizes the balance between data protection and the freedom to conduct a business;
  • Article 16 of the Charter of Fundamental Rights of the European Union , relating to the freedom to conduct a business;
  • Constitutional principles protecting freedom of expression, freedom of information, and access to data of public interest.

Consequently, the operation of the SmartReverse.ai platform is legally platform is legally to the automated consultation of already-public data, without any human intervention in their content, nor any diversion of purpose.

3. COLLECTION OF INFORMATION

3.1 Types of Data Collected

SmartReverse.ai may process the following categories of data, in strict compliance with the GDPR principle of data minimization:

a) Information voluntarily provided by the user:

  • First name, last name, email address (for registration or contact purposes).
  • Payment information, processed and securely stored by a third-party provider compliant with PCI-DSS standards (SmartReverse.ai does not retain or store any payment card numbers itself).

b) Data related to queries performed through the platform:

  • Phone number, name, email, or any information entered by the user in the search field.
  • IP address, browser type, technical session data, date, and time of the query.
  • Metadata associated with the query (to ensure the proper functioning of the service and the detection of abuse).

c) Data collected from publicly accessible sources (OSINT):

  • Information made freely available on the Internet by third parties (public profiles, directories, articles, forums, social networks, open databases, official publications, etc.).
  • Such data is not modified, enriched, stored, or used for any other purposes.
  • It is aggregated in real time, temporarily, and solely at the user’s initiative.

3.2 Sources of Collected Data

The data processed originates from:

  • Directly from the user, during registration, execution of a search, or payment for access to the service.
  • Open sources, in accordance with Open Source Intelligence (OSINT) techniques, namely:
    • Search engines;
    • Public or administrative databases;
    • Social networks accessible without authentication;
    • Platforms containing legal or journalistic information.
  • A third-party service (e.g., Numverify or equivalent) used solely to validate the structure and technical validity of an entered phone number without identifying the subscriber or owner.

4. LEGAL BASIS FOR DATA PROCESSING

The processing carried out by SmartReverse.ai, operated by the company Lindma (Cyprus), is based on the following legal grounds, in accordance with Article 6 GDPR:

Explicit Consent of the User
For the creation of an account, the use of the platform, the entry of data in the search engine, or the management of payments via a secure third-party provider.

Performance of a Contract
Processing is necessary for the performance of the service provided to the user, in the context of delivering the reverse lookup functionality requested when subscribing to our offer.

Legitimate Interest
SmartReverse.ai relies on its legitimate interest in providing a service that enables automated access to information that has been made manifestly public, while respecting the principles of proportionality, purpose limitation, and freedom of information.

This legal basis notably allows for the aggregation of OSINT data for the purpose of temporary consultation by the user, without enrichment or retention.

5. USE OF COLLECTED INFORMATION

The information collected or processed through SmartReverse.ai is used exclusively for the following purposes:

  • To provide and administer the reverse lookup service, in compliance with the Terms and Conditions of Use;
  • To enable the creation, access, and management of the user account;
  • To process transactions and payments through providers that comply with security standards;
  • To respond to support requests, technical queries, or complaints;
  • To optimize the security, performance, and stability of our platform;
  • To ensure compliance with applicable legal and regulatory obligations relevant to our activity (e.g., GDPR compliance, fraud or abuse prevention, contractual archiving, tax and accounting obligations).

No data is exploited for profiling, direct marketing, or resale to third parties.

6. DATA STORAGE AND RETENTION

SmartReverse.ai does not store any OSINT search results or content. Data made accessible through our service (results from public sources) is consulted in real time and is neither retained, nor indexed, nor stored on our servers.

User account information (credentials, email address, payment history, invoices) is retained only:

  • For the duration of the use of the service; and
  • As long as necessary to fulfill our contractual, accounting, or legal obligations (for example, tax compliance or fraud prevention).

The user may, at any time, exercise their right to erasure (Article 17 GDPR) and request the permanent deletion of their personal data (except where legal retention obligations apply), by submitting a request via our Help Center or by email at the contact details provided in this Privacy Policy.

7. RIGHT TO DELETION OF PUBLIC INFORMATION

SmartReverse.ai acts solely as a technical intermediary providing access to information that has been manifestly made public by third parties. We are not the publisher, host, or controller of the original content.

Accordingly, we cannot directly modify or delete data at its original source, nor can we guarantee its definitive deletion across the web.

If you identify information concerning you through our service and wish to exercise your right to deletion:

  • You may contact us via our Help Center or at the address provided at the end of this document.
  • Within a reasonable timeframe, we will provide you with the original source of the information (URL, platform, domain name) where identifiable.
  • It will then be your responsibility to directly contact the publisher or host of the original source to exercise your right of access, rectification, or erasure with them.
  • Once effective deletion at the source has been confirmed, and the information is no longer publicly available, SmartReverse.ai undertakes not to temporarily display it through its automated results.

Important: SmartReverse.ai does not store such data and is not responsible for it within the meaning of Article 4(7) GDPR. The right to erasure applies only to actively processed content, which is not the case for OSINT data passively relayed by our system.

8. DATA MINIMIZATION

In accordance with the principle of data minimization (Article 5.1(c) GDPR), SmartReverse.ai undertakes to collect and process only the information that is strictly necessary for the following purposes:

  • The provision of its reverse lookup service at the user’s request;
  • The management of the account and related payments;
  • The improvement of the quality, performance, and security of the platform.

No sensitive data (such as ethnic origin, political opinions, health data, etc.) is requested, processed, or exploited. The data collected is limited, proportionate, and incorporated into processes governed by security measures, restricted access, and confidentiality protocols.

9. USER RIGHTS UNDER THE GDPR

In accordance with the General Data Protection Regulation (GDPR), the UK GDPR, and applicable Cypriot data protection law, any user of the SmartReverse.ai platform has the following rights concerning the personal data they have directly provided to us:

  • Right of Access: You may obtain confirmation as to whether or not data concerning you is being processed, and access such data along with related information about its processing.
  • Right to Rectification: You may request the correction of inaccurate data or the completion of incomplete data concerning you.
  • Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal data in the cases provided by law (notably when it is no longer necessary or when you withdraw your consent).
  • Right to Restrict Processing: You may request that the use of your data be temporarily limited, for example in cases where the accuracy of the data is contested.
  • Right to Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.
  • Right to Object: For legitimate reasons, you may object to the processing of your data, particularly where such processing is based on legitimate interest.

These rights apply only to personal data actively collected (account, payments, navigation). Data originating from public OSINT sources, which is neither retained nor stored by us, is not subject to the same obligations (see Section 7).

10. AUTOMATED DECISION-MAKING AND PROFILING

SmartReverse.ai does not engage in any automated decision-making within the meaning of Article 22 GDPR that would produce legal effects or significantly affect users. No profiling, scoring, behavioral analysis, or automated targeting is carried out on the basis of user searches.

Queries are processed in a technical, passive, and temporary manner, without any evaluation, categorization, or personalized interpretation. In the event of future developments involving automated processing mechanisms with significant effects, users will be expressly informed, and their explicit consent will be required before any such implementation.

11. DATA SECURITY

We implement organizational and technical security measures appropriate to the nature of the data processed, in compliance with Article 32 GDPR. These measures are designed to ensure the confidentiality, integrity, and availability of personal data.

  • Encryption of communications (HTTPS / TLS) between the user’s browser and our platform;
  • A secure authentication system and strict access management;
  • Hosting on certified servers protected against unauthorized access;
  • Storage of payment information exclusively via a PCI-DSS compliant provider, within a securely isolated logical environment;
  • Regular audits and proactive measures for the detection of intrusions or anomalies.

We also ensure that our internal teams are trained and made aware of data security best practices.

12. DATA BREACH NOTIFICATION

In the event of a personal data breach (loss, unauthorized disclosure, unlawful access, or accidental destruction), SmartReverse.ai undertakes to:

  • Immediately identify and document the incident;
  • Assess the impact on the rights and freedoms of the affected individuals;
  • Notify the competent Data Protection Authority (Cyprus or other, depending on jurisdiction) within 72 hours, in accordance with Article 33 GDPR, where required;
  • Individually inform the affected users as soon as possible, and no later than 30 days following the discovery of the incident, where such notification is legally required (Article 34 GDPR).

All breaches are logged in an internal register dedicated to data security compliance.

13. PROTECTION OF MINORS’ DATA

Access to the SmartReverse.ai platform is strictly limited to individuals who are of legal age, i.e., 18 years or older. We do not knowingly collect any data relating to minors.

In the event of suspected registration or use of the service by a minor, we reserve the right to suspend or terminate the related account and to immediately delete any associated information, in compliance with the enhanced protection principles for minors as set out under the GDPR.

14. NON-PERSONAL DATA AND MARKETING TRACKING TECHNOLOGIES

When browsing the SmartReverse.ai platform, certain non-personal data is automatically collected through tracking technologies, for the purposes of:

  • Analyzing how our site is used;
  • Optimizing the user experience;
  • Improving technical performance;
  • Assessing the effectiveness of our marketing activities.

a) Types of Technical Data Collected

  • The anonymized or truncated IP address;
  • Browser type and version;
  • Operating system and language settings;
  • Internet service provider (ISP);
  • Referring and exit URLs;
  • Pages visited, clicks, loading times, browsing duration;
  • Date and time of access;
  • Performance issues or technical errors encountered.

Although such data may be indirectly identifiable, it cannot by itself be used to directly identify a user.

b) Technologies Used

  • Cookies (text files placed on your device);
  • Web beacons or invisible pixels;
  • Embedded tracking scripts within certain pages;
  • Analytical or marketing tools (such as Google Analytics, Meta Pixel, Stripe, etc.).

These tools may serve to:

  • Recognize your browser on subsequent visits;
  • Retain your preferences or settings;
  • Secure your session or account access;
  • Measure audience and site traffic;
  • Detect fraudulent or abusive behaviors;
  • Customize certain site features.

c) Consent Management and Cookie Settings

In accordance with the GDPR, no non-essential tracker will be placed without your prior consent. Upon your first visit, an information banner allows you to:

  • Accept all cookies;
  • Refuse non-essential cookies;
  • Configure your preferences in detail.

You may also manage your preferences at any time via the “Cookie Management” link available at the bottom of the page. Most browsers also allow you to block or delete cookies through their settings. However, complete disabling of cookies may limit certain essential features of the site (login, security, display).

d) Mobile Devices and Geolocation

When using our mobile application or the mobile version of the site, we may collect technical information related to your device (unique identifier, device type, OS version). Precise geolocation data (GPS, network location) is never collected without your explicit consent, and is only used if strictly necessary for the proper functioning of the service or for a clearly identified feature.

By accessing our site, and after giving consent where required, you expressly agree to the collection and processing of the above data under the terms set out in this Privacy Policy.

15. CHANGES TO THE PRIVACY POLICY

This Privacy Policy may be updated or amended at any time, in particular to reflect:

  • Changes in applicable legislation (GDPR, UK GDPR, Cypriot law, etc.);
  • Recommendations from data protection authorities;
  • Any change in our practices, services, or technologies.

Any substantial modification affecting your rights or the nature of the processing carried out will be subject to a visible notification on our website.

16. CONTACT INFORMATION

For any question, request to exercise your rights, or complaint regarding this Privacy Policy, you may contact us at any time using one of the following options:

We commit to processing any legitimate request within a maximum period of 30 days, in compliance with GDPR obligations.

← Back to Home