Privacy Policy
Last updated: 25 June 2026
1. Who we are
Scout is a B2B visitor intelligence platform operated by Swarm Labs IO Ltd, a company registered in England and Wales. Scout helps businesses understand which companies visit their website, what those visitors were looking for, and how confident we are in the identification.
For the purposes of data protection legislation, Swarm Labs IO Ltd is the data processor. Our customers (the businesses that install Scout on their websites) are the data controllers and are responsible for ensuring their use of Scout complies with applicable privacy laws.
If you have any questions about this policy, contact us at hello@swarmlabs.io.
2. What we collect
When you visit a website that uses Scout, the following data is collected by a lightweight JavaScript snippet embedded on the site:
Collected automatically
- Page data: the URL, page title, referral source, and any UTM campaign parameters attached to the link you followed.
- Session information: a randomly generated session identifier (stored in your browser's sessionStorage for deduplication), approximate session duration, and page view count.
- Network data: your IP address is read from the HTTP request to identify the visiting organisation. It is never stored in its raw form; it is immediately hashed using a salted SHA-256 algorithm and only the hash is retained.
- Device metadata: browser user-agent string, ASN (Autonomous System Number), and IP classification (corporate, ISP, residential, VPN, etc.) derived from Cloudflare request headers.
What we do not collect
- Scout does not set or read cookies on your browser.
- Scout does not capture personal information such as your name, email address, or phone number from your visit.
- Scout does not record form submissions, keystrokes, or session replays.
- Scout does not use tracking pixels or fingerprinting techniques.
3. How we use your data
The data collected is used solely to:
- Identify the visiting organisation by matching the hashed IP address against commercial and publicly available business databases.
- Score confidence in the identification using six deterministic signals (IP classification, ASN type, session depth, analytics engagement, search attribution, and return-visit frequency).
- Enrich company profiles with publicly available information such as industry, company size, location, and LinkedIn profile, sourced from the company's own website and public registries.
Scout identifies companies, not individuals. We do not build profiles of individual visitors, serve targeted advertising, or sell data to third parties.
4. Contact data
Individual contact information (names, job titles, email addresses) is never passively collected from your visit to a customer's website. Contact data is only accessed when a Scout customer explicitly requests it through a credit-based reveal action, and is sourced from third-party business databases, not from your browsing activity.
5. Legal basis for processing
We process data under legitimate interest (GDPR Article 6(1)(f)). Our customers have a legitimate interest in understanding which businesses visit their website to improve their products, services, and commercial outreach.
We have conducted a Legitimate Interest Assessment and concluded that this processing does not override the rights and freedoms of individual visitors because:
- Only company-level identification is performed, not individual identification.
- Raw IP addresses are never stored.
- No cookies are set and no personal data is captured from the browsing session.
- The data processed is limited to publicly available business information.
6. Third-party data sources
To identify visiting companies and enrich their profiles, Scout may query the following third-party services on behalf of our customers:
- IP-to-company databases for reverse IP lookups (company name, domain, industry, size, location).
- Public company registries (e.g. Companies House, OpenCorporates) for verification and enrichment.
- Contact databases (only when explicitly requested by the customer via paid credit-based reveals).
Where a customer has connected their own Google Analytics or Google Search Console account, Scout may also access aggregate engagement and search query data. This data is provided by the customer and is governed by their own Google account permissions.
7. AI processing
Scout uses artificial intelligence to normalise and enrich company data. AI enrichment is grounded exclusively in information scraped from the company's own public website and public registry records. AI does not invent or fabricate data, and all suggestions are clearly marked as AI-generated for human review before they are applied.
8. Data storage and security
- All data is encrypted in transit (TLS) and at rest.
- Infrastructure is hosted within the European Economic Area and the United Kingdom.
- Access to customer data is restricted by workspace-level tenant isolation, enforced at the database query layer.
- Raw IP addresses are never stored; only salted SHA-256 hashes are retained.
9. Data retention
Visitor session data is retained for as long as the customer maintains an active Scout subscription. If a subscription lapses or is cancelled, workspace-specific data (visitor sessions, alerts, and integration settings) will be preserved for 30 days. After this period, we reserve the right to permanently delete all workspace data. Customers who wish to export their data should do so before their subscription ends.
Enriched company and contact records may be retained in our global database to improve identification accuracy and enrichment quality across the platform. This data is derived from publicly available sources and does not contain information that identifies individual website visitors.
10. Your rights
If you are a visitor to a website that uses Scout and you wish to exercise your rights under GDPR or other applicable data protection legislation, you may:
- Request information about what data has been collected in relation to your visit by contacting the website operator (the data controller) or by emailing us at hello@swarmlabs.io.
- Request deletion of any data associated with your visit.
- Object to processing under legitimate interest.
- Lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office).
We will respond to all valid requests within 30 days.
11. Guidance for Scout customers
If you use Scout on your website, you are the data controller and are responsible for ensuring your privacy policy discloses the use of visitor identification technology. We recommend including text similar to the following in your privacy policy:
Website Visitor Intelligence
We use Scout, a B2B visitor identification service provided by Swarm Labs IO Ltd, to understand which businesses visit our website. Scout identifies visiting companies by matching IP addresses against business databases. IP addresses are not stored in their raw form and are hashed immediately upon collection.
What is collected: page URLs visited, referral source, UTM campaign parameters, and session duration. This data is used solely to identify the visiting organisation, not individual people.
What is not collected: Scout does not set cookies, does not capture personal information such as names or email addresses from your visit, and does not record form submissions or session replays.
Legal basis: We process this data under legitimate interest (GDPR Article 6(1)(f)) to understand which businesses are interested in our products and services. Company-level identification uses publicly available business data and does not override the rights or freedoms of individual visitors.
Contact data: Any individual contact information is sourced from third-party business databases and is only accessed through explicit, credit-based requests. It is never passively collected from your visit.
12. Changes to this policy
We may update this policy from time to time. Material changes will be communicated to our customers via email. The "last updated" date at the top of this page reflects the most recent revision.