Privacy Policy

What data we collect, how we use it, and your rights.

Last updated: 28 May 2026

BullionFerret is operated from the United Kingdom. This policy explains what personal data we collect, why we collect it, and your rights regarding that data.

What we collect

Information collected automatically

When you visit BullionFerret, we automatically collect:

  • IP address — used for rate limiting, abuse prevention, and a one-time geographic lookup (see below). Your IP address is not stored in our database alongside your browsing activity.
  • Country detection — on your first visit, we use a local MaxMind GeoIP database to look up your country from your IP address. This lookup happens entirely on our server (no data is sent to a third party). The result is used to set sensible default preferences for currency and weight units. We store your detected country code in a cookie on your device — not in our database.
  • Server logs — our web server records standard access logs (IP address, URL requested, timestamp, browser user-agent string, HTTP status code). These logs are used for diagnosing technical issues and are automatically deleted after 14 days.

Click tracking

When you click through to a dealer's website from BullionFerret, we record which product was clicked, which page you clicked from, and a one-way hash of your IP address. We do not store your actual IP address in click records — the hash cannot be reversed to recover your IP. This data helps us understand which products and dealers are most useful to our visitors.

Cookies

We use a small number of functional cookies to remember your preferences. See our Cookie Policy for full details. We do not use any third-party tracking or advertising cookies.

Information you provide

If you contact us by email, we will have whatever information you include in your message (typically your name and email address). We use this only to respond to your enquiry.

What we do not collect

We do not use analytics services such as Google Analytics. We do not use advertising networks. We do not embed third-party tracking pixels, social media widgets, or fingerprinting scripts. We do not sell, rent, or share any personal data with third parties for marketing purposes.

How we use your data

We use the data described above for the following purposes:

  • Running the site — setting your default currency and unit preferences, rate limiting to prevent abuse, diagnosing errors.
  • Understanding usage — aggregated click data tells us which product categories and dealers are most popular. This data is used internally only.
  • Responding to enquiries — if you email us, we use your details to reply.

Legal basis for processing

Under UK GDPR, our legal basis for processing is:

  • Legitimate interests (Article 6(1)(f)) — for server logs, rate limiting, country detection, and aggregated click analytics. Our legitimate interest is operating a functional, secure website. These activities are minimally invasive, use anonymisation where possible (IP hashing for clicks), and are what any visitor would reasonably expect from a website.
  • Consent — for any non-essential cookies, as described in our Cookie Policy.

Data retention

  • Server logs — 14 days, then automatically deleted.
  • Click records — retained indefinitely in aggregated form. These contain a one-way IP hash (not your actual IP address), the product clicked, and a timestamp.
  • Cookies — preference cookies expire after 1 year. You can delete them at any time through your browser.
  • Email correspondence — retained as long as reasonably necessary to address your enquiry or for our records.

Third parties

When you click through to a dealer, you leave BullionFerret and are subject to that dealer's own privacy policy. We set a no-referrer policy on outbound links so that dealers do not learn you came from BullionFerret.

We do not share your personal data with any other third parties. Our GeoIP lookups use a locally hosted database — no data is sent to MaxMind or any external service for this purpose.

International transfers

Our servers are located in the United Kingdom. We do not transfer personal data outside the UK.

Your rights

Under UK GDPR, you have rights including access, correction, deletion, and objection to processing. You can also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

In practice, we cannot identify you in most of our data. Click records use a one-way hash that cannot be reversed. Server logs are deleted after 14 days. We do not maintain user accounts or store personal identifiers alongside browsing activity. Under GDPR Article 11, where we cannot identify a data subject, we are not required to process these rights against that data.

If you have emailed us, we can action requests against that correspondence — contact us at the address below.

Changes to this policy

If we make material changes to this policy — for example, when we introduce user accounts or email alerts — we will update the "last updated" date at the top. We encourage you to review this page periodically.

Contact

For privacy-related questions or to exercise your rights, email us at privacy@bullionferret.com.

Feedback

We're in beta and building this with you. Tell us what's working and what isn't.