SFSEOFraud Watch Open a case
Legal

Privacy Policy

This policy explains how SEOFraud Watch — a service of 78 OVER 37 LIMITED — collects, uses and protects information when you visit this website or engage us for an SEO fraud investigation.

Last updated: 2026. This policy is provided in English only.

1. Who is the controller of your data

The data controller is 78 OVER 37 LIMITED, the private limited company that operates SEOFraud Watch. Where this policy refers to "we", "our" or "us", that is 78 OVER 37 LIMITED. You can reach our support and privacy contact at support@overload.su.

2. What we collect when you browse this website

This site is a static informational presence. It is delivered through bunny.net's content delivery network. The CDN logs basic request metadata — IP address, requested URL, response code, user agent, referrer and timestamp — for security, abuse-prevention and traffic-statistics purposes. We treat that metadata as a transient operational log and do not combine it with personally identifying information except as required to investigate abuse of the website itself.

We do not place advertising cookies. We do not place third-party analytics cookies on first visit. If we add an analytics tool in future, we will document it here and configure it with IP truncation enabled.

3. What we collect when you contact us

If you contact us by email at support@overload.su or by Telegram at @OverSupBot, we receive whatever information you choose to send: typically your name or alias, an email address or Telegram identifier, the brand or domain you represent, the offending URL or evidence, and any context you provide.

We use that information solely to (a) determine whether we can take the case, (b) conduct the investigation if engaged, and (c) communicate with you about it. We retain intake correspondence for the duration of the engagement plus a reasonable period after closure for audit and recurrence-monitoring purposes.

4. Evidence handling and chain of custody

Investigations require us to capture and store evidence about third-party infrastructure (URLs, screenshots, source HTML, DNS, WHOIS, certificate transparency, redirection chains). That evidence:

  • is hashed and time-anchored at the point of collection;
  • is stored in immutable archives accessible only to assigned investigators;
  • is shared with abuse contacts at hosts, registrars, registries, browser safe-browsing partners, ad networks and search engines, in the minimum quantity required to obtain action;
  • may be shared with law enforcement on lawful request, where we are legally compelled to do so or where the evidence shows imminent harm to identifiable victims.

5. Lawful basis for processing

Where the GDPR or analogous regimes apply, we process personal data on the following bases: (a) performance of a contract — when you engage us to take a case; (b) legitimate interests — when we operate this website, defend it from abuse, and pursue takedown of fraudulent infrastructure that targets our clients or the general public; and (c) legal obligation — when we are required to retain or disclose information by applicable law.

6. Sharing with third parties

We share information with:

  • infrastructure providers strictly necessary to operate the service (for example, the bunny.net CDN that delivers this website, and our email and Telegram providers);
  • abuse contacts at the hosts, registrars and platforms whose action we are seeking, but only the evidence necessary to substantiate the complaint;
  • professional advisers, where required, under written confidentiality;
  • law enforcement and regulators, where lawfully required.

We do not sell personal data to anyone, and we do not transfer evidence to data brokers.

7. International transfers

Because abuse handling is inherently cross-border (a typosquat may be hosted in one country, registered in another and targeting victims in a third), evidence and correspondence are routinely transferred internationally. Where applicable, transfers from the European Economic Area or the United Kingdom rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful transfer mechanism.

8. Your rights

Subject to local law, you may have the right to access, correct, delete or port the personal data we hold about you, to object to specific processing or restrict it, and to lodge a complaint with your local supervisory authority. Where evidence is being held in connection with an active or recently closed investigation, the right to delete may be limited by our legal-interest basis and our obligations to other affected parties.

To exercise any right, contact support@overload.su. We respond within 30 days where the law permits.

9. Data retention

Intake correspondence and case files are retained for the duration of the engagement plus a reasonable period after closeout for recurrence monitoring and audit purposes. CDN access logs are retained for the period configured at our infrastructure provider, typically not exceeding 30 days for unaggregated records. Aggregated, non-identifying statistics may be retained indefinitely.

10. Security

We apply role-based access control, hardware-backed multi-factor authentication for staff, encrypted-at-rest storage for evidence archives, and segregated environments for client casework. No system is perfect; if a breach affects your data we will notify you and the relevant authority within the timelines required by applicable law.

11. Children

This service is not directed to children. We do not knowingly collect personal data from children under 16.

12. Changes to this policy

We will post material changes to this page with a new "last updated" date. For active engagements we will notify the named case contact directly when changes affect their case data.

13. Contact

78 OVER 37 LIMITED — privacy contact: support@overload.su. Telegram: @OverSupBot.