What is SearchCapital?

SearchCapital is an AI-powered acquisition discovery platform that helps search funds, private equity firms, and M&A teams find companies to acquire. It searches across UK and European company registries to find targets matching your investment thesis.

How does SearchCapital find acquisition targets?

SearchCapital uses AI to analyze your investment thesis and generate search queries across multiple data sources including UK Companies House, European registries, and semantic web search. Each company is scored against your criteria to surface the best matches.

What types of companies can I find?

You can find B2B and B2C companies across all sectors including SaaS, professional services, manufacturing, healthcare, and more. Filter by revenue, EBITDA, geography, industry, and business model characteristics.

Is SearchCapital free to use?

SearchCapital offers a free tier with limited searches. Pro and Team plans provide full access to discovery features, advanced filters, and collaboration tools.

Compliance

GDPR Compliance

Effective date: 16 March 2026

1. Our Commitment

SearchCapital is fully committed to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). We respect the privacy and data protection rights of all individuals whose personal data we process. This page outlines how we meet our obligations under GDPR and how you can exercise your rights as a data subject.

2. Lawful Basis for Processing

We only process personal data where we have a lawful basis to do so. The legal bases we rely on include:

Contractual necessity (Art. 6(1)(b)): Processing necessary for the performance of a contract with you, such as providing the SearchCapital service.
Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, such as improving the service, preventing fraud, and ensuring security, where these interests do not override your fundamental rights.
Consent (Art. 6(1)(a)): Where you have given clear, informed consent, such as for marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
Legal obligation (Art. 6(1)(c)): Where processing is required to comply with EU or member state law.

3. Data Subject Rights

Under GDPR, you have the following rights in relation to your personal data:

Right of access (Art. 15): You may request a copy of the personal data we hold about you.
Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
Right to erasure (Art. 17): You may request deletion of your personal data where there is no compelling reason for its continued processing.
Right to restriction (Art. 18): You may request that we restrict processing of your personal data in certain circumstances.
Right to data portability (Art. 20): You may request to receive your personal data in a structured, commonly used, machine-readable format.
Right to object (Art. 21): You may object to processing based on legitimate interests or for direct marketing purposes.
Rights related to automated decision-making (Art. 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

To exercise any of these rights, please contact our Data Protection Officer using the details in Section 7. We will respond to your request within 30 days. If we need more time, we will inform you of the extension and the reasons for it.

4. Data Processing Activities

We maintain a record of processing activities (ROPA) as required by Article 30 of the GDPR. Our primary processing activities include:

User account management: Registration, authentication, and profile management.
Service delivery: Processing investment theses, company searches, pipeline management, and watchlist functionality.
Analytics: Aggregated usage analytics to improve the service (minimised and pseudonymised where possible).
Communications: Transactional emails, security alerts, and (with consent) marketing communications.
Security: Fraud detection, access logging, and incident response.

5. International Data Transfers

We prioritise processing personal data within the EU/EEA. Where transfers to third countries are necessary (e.g., for cloud infrastructure or third-party services), we ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR. These safeguards include Standard Contractual Clauses (SCCs) adopted by the European Commission, adequacy decisions, and supplementary measures where required following the Schrems II decision.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with the principle of storage limitation (Art. 5(1)(e)). Retention periods vary based on the type of data and the purpose of processing. When data is no longer needed, it is securely deleted or anonymised. You may request erasure of your data at any time, subject to any overriding legal obligations to retain it.

7. Data Protection Officer

For any GDPR-related enquiries, data subject access requests, or complaints, please contact us:

SearchCapital — Data Protection
Email: hello@searchcapital.ai

8. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay, in accordance with Article 34.

9. Data Protection by Design and Default

In accordance with Article 25 of the GDPR, we implement data protection by design and by default. This means we integrate data protection considerations into our development processes, minimise the amount of personal data collected, limit access to personal data on a need-to-know basis, and apply pseudonymisation and encryption where appropriate.

10. Sub-processors

We engage carefully selected sub-processors to assist in providing the Service. All sub-processors are bound by data processing agreements that meet the requirements of Article 28 of the GDPR. We conduct due diligence on sub-processors and monitor their compliance on an ongoing basis.

11. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that our processing of your personal data infringes the GDPR.

12. Updates

This GDPR compliance page may be updated from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated to users via email or a prominent notice on the Service.