Privacy Policy

Last updated: 29 May 2026

Sanctions Checklist is operated by Viken Link Pty Ltd (ACN 695 470 449, ABN 34 695 470 449). This policy describes what personal information we collect, why we collect it, how long we keep it, and your rights.

We do not sell your personal data.

1. Information we collect

CategoryWhat we collectWhy
AccountEmail address, name, organisation, authentication provider identifiersAccount creation, billing, support
Checklist & search dataSaved entities, search queries, monitoring watchlists (screening reports are generated on demand and streamed to you, not stored as files on our servers)Core service functionality
Security & sessionsIP address, browser user agent, active login sessionsAbuse prevention, device management, force-logout capability
Audit logIP address, user agent, timestamps of security-relevant actions (login, search, export, and similar)Security monitoring, compliance audit trail
Signup contextApproximate country derived from your IP at registration (your IP may be sent to a geolocation provider only for that lookup)Fraud prevention, regional context
PaymentsProcessed by Stripe; we store your Stripe customer ID but not card detailsPayment processing
AnalyticsAggregated page views and visitor counts by country (self-hosted Umami; not linked to your account in our systems)Service improvement

2. How we use your information

We use personal information to:

3. Third-party processors

Personal information may be processed by third-party service providers necessary to operate the Service:

These providers process data only as needed to deliver their services.

4. International data transfers

Sanctions Checklist is operated by Viken Link Pty Ltd in Australia, and the application and its database are hosted on a server located in Australia. If you access the Service from the European Economic Area (EEA), the United Kingdom, or another region, your personal data is transferred to and processed in Australia.

Australia does not currently benefit from an European Commission adequacy decision. Where we process personal data on behalf of a customer established in the EEA, we rely on the European Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914, Module Two, controller to processor) as the transfer mechanism. These clauses are made available through a Data Processing Agreement on request for business and institutional customers.

Some sub-processors listed above (for example Stripe, Google, Microsoft, and Cloudflare) may also process limited data outside Australia under their own appropriate safeguards, including Standard Contractual Clauses where applicable.

5. Cookies and tracking

We use a single session cookie required for authentication (keeping you logged in). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Our analytics (Umami) is self-hosted on our infrastructure and is not linked to your account in our application. It is configured without third-party advertising cookies; we use it for aggregated traffic statistics only.

6. Data retention

7. Data security

We protect your data using encryption in transit (TLS), access controls, and regular security updates. Passwords are hashed and never stored in plain text. Payment data is handled entirely by Stripe's PCI-compliant infrastructure.

We maintain regular backups of customer data and apply security updates to our infrastructure and application components on an ongoing basis.

We do not use your search, checklist, or screening data for advertising or marketing purposes.

8. Your rights

You may:

If you are located in a jurisdiction that provides additional data protection rights (such as the EU, UK, or Australia), those rights apply in accordance with applicable law.

9. Children

The Service is not directed at individuals under 18. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the Service or by email. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For privacy-related questions or to exercise your rights, contact us at:

[email protected]

Viken Link Pty Ltd (ACN 695 470 449, ABN 34 695 470 449)

Welcome to Sanctions Checklist

Here's a guided tour of the site. This is what you'll learn:

  1. 1 Search — How to search sanctioned entities across official international sources
  2. 2 Explore results — Filter by search type, toggle PEPs, and record "no match" for your audit trail
  3. 3 Entity profiles — View official source data and real-time Wikidata enrichment
  4. 4 Build your checklist — Save entities and export timestamped PDF/CSV reports
  5. 5 Monitor & alerts — Set up daily watchlist monitoring and email alerts from your dashboard