1. Who we are
79th Unit Limited is a UK-incorporated open-source intelligence (OSINT) consultancy. CLEARSKY is our internal investigative platform. We are the data controller for all processing described below.
2. What data we hold
- Identity: names, aliases, dates of birth, nationalities, photographs.
- Contact: email, telephone, postal addresses where included in public records.
- Location: last-known geographic location, travel patterns, place of work.
- Digital footprint: public social media handles, public posts, public profile metadata.
- Health and risk indicators: only in the context of missing-persons investigations and only where lawfully sourced.
- Sanctions and PEP designations: names matched against published sanctions lists.
CLEARSKY does not ingest data from breach databases, real-time facial recognition feeds, mobile-device location feeds, or any source that requires bypassing a platform's terms of service.
3. Lawful basis
Under UK GDPR Article 6:
- (c) Legal obligation for sanctions screening (UK Sanctions and Anti-Money Laundering Act 2018) and Article 15 fulfilment.
- (e) Public task for assistance to UK police forces, HM Coroner, and the Missing People charity in safeguarding investigations.
- (f) Legitimate interests for cyber threat intelligence, counter-OSINT, and SOCMINT collection. A balancing test has been completed for each.
For special-category data (Article 9), we rely on (g) Substantial public interest for safeguarding of individuals at risk and safeguarding of children, under DPA 2018 Schedule 1 Part 2 §18.
4. Your rights
You have the right to access, rectify, erase, restrict, or object to our processing, and to lodge a complaint with the Information Commissioner's Office.
The fastest route to access is the Receipt of Evidence. Our self-serve portal:
- Accepts your identity claim (name, date of birth, verified contact).
- Sends a one-time code to a contact we already hold against your record.
- Issues you a signed PDF receipt listing every record we hold on you, with field-level redaction reasoning.
- Provides an appeal route if you are dissatisfied.
5. Sharing
- UK police forces and HM Coroner: under public task / safeguarding bases.
- Missing People charity: for missing-persons cases under safeguarding.
- MISP federation partners: for cyber threat intelligence under TLP discipline; never sharing data classified above TLP:AMBER.
- Sub-processors: OVHcloud (UK/EU hosting), Hetzner (EU, encrypted backups), Anthropic (US - AI analysis of case text on analyst-invoked CHAPEL/INVESTIGATE routes; does not train on inputs), Postmark (US - transactional email; dossier delivery is a secure link only, never content), and Stripe (billing). A Data Processing Agreement and a Chapter V transfer safeguard are in place with each; full register at /subprocessors.
We do not sell personal data. We do not transfer personal data outside the United Kingdom or European Economic Area without an Article 46 transfer mechanism.
6. Retention
| Data category | Retention period |
|---|---|
| Active case data | 6 years from case closure |
| Sanctions screening results | 6 years (regulatory audit) |
| SOCMINT connector cache | 12 months |
| Subject access request records | 6 years |
| Audit log (UUID-only; never names) | 6 years |
After retention expiry, data is anonymised or deleted by the GDPR nightly sweep.
7. Security
CLEARSKY runs on dedicated UK/EU-jurisdiction infrastructure (OVHcloud, Roubaix). Transport is TLS 1.3, storage is AES-256 at rest, access is gated through Keycloak with role-based access control and step-up authentication for sensitive actions. The audit log records every action by UUID (never by name) and is append-only at the database layer.
8. Contact
For any privacy enquiry: compliance@79thunit.com.
For complaints to the supervisory authority: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. ico.org.uk · 0303 123 1113.