Legitimate Interest Assessment

Reviewed and approved by Fledged Technologies Ltd ahead of launch.

1. Purpose test — why are we processing

We surface the Companies House public register through better search, filters and alerts so accountants, agencies, brokers and B2B sales teams can find relevant new UK incorporations quickly. Surface 2 additionally routes a subset of newcos to our own brands (Sprintly Designs, WeBuildAnyApp, Lexora) for postal outreach.

2. Necessity test

The public register is freely available but has poor UX for combinable filters and no real-time alerting. Our service delivers both. For Surface 2 postal outreach to a registered office, postal mail is PECR-exempt and requires no contact enrichment — which is precisely why we chose postal as the primary channel and why we do not buy or scrape email addresses.

3. Balancing test

• The data is public and was already provided by the data subject to a public register.
• We minimise personal data exposure: officer detail is per-company in-app only, audit-logged.
• We do not enrich with third-party contact data; we do not sell contact data.
• Database-level role separation enforces the company / personal split.
• We honour suppression requests immediately. Suppressed records are excluded from internal lead-gen at output time.
• Postal outreach uses registered office addresses only, which are corporate by nature; each piece carries an opt-out URL.

4. Controls

• Immutable audit log (Postgres trigger + REVOKE UPDATE/DELETE).
• Two separate Companies House API keys so ingestion and user-initiated lookups cannot starve each other.
• Manual signup approval for the first 100 customers, reviewed weekly.
• Rate-limited public suppression endpoint, no auth required.
• Public sub-processor list with notice of changes.

5. Outcome

Legitimate interest is the lawful basis. Data subject rights are preserved and easy to exercise. Surface 2 outputs are constrained to registered office postal communication with a brand-tied offer.