Privacy

Privacy notice

How we collect, use, and protect personal data when you use this website or contact us.

Privacy query

If you are a client and need DPA/SCCs or a processing schedule, request it with jurisdiction and vendor list.

Cookies Email Cipher

Summary

We collect only what is necessary for enquiries and service delivery, and we do not sell personal data.

Minimise

Need-to-know

We request only data that supports a decision, a scope, or a deliverable.

Control

Purpose-bound

Use is tied to defined purposes. We avoid secondary uses without a clear basis.

Security

Layered

We apply proportionate security controls for communication, storage, and access.

What we collect and why

Categories, examples, purposes and lawful bases. Where consent is required (e.g., certain cookies), we rely on consent.

Category	Examples	Purpose	Lawful basis (UK GDPR)
Enquiry details	Name, email, organisation, message content	Respond to enquiries; scope discussions; maintain communications record	Legitimate interests; pre-contract steps (where applicable)
Service delivery communications	Meeting notes; scope clarifications; delivery queries	Deliver services; manage client relationship	Contract; legitimate interests
Website telemetry (aggregate)	Page visits; high-level device/browser data (non-advertising)	Security monitoring; performance; basic usage insight	Legitimate interests; consent where required by law

Evidence and sourcing

For client work, we distinguish what was provided by you from what was derived via sourced databases and public registers.

Evidence rubric

Evidence strength and why it matters

We weight sources explicitly. High-confidence anchors reduce false positives and prevent implied certainty.

Tier	Strength	Typical use	Failure mode to avoid
Owner-provided	Med	Details you submit directly (email/forms)	Over-collection: request only what is needed
System logs	Med	Security and performance diagnostics	Retention drift: keep time-bounded
Third-party tooling (if enabled)	Low	Aggregate analytics	Uncontrolled cookies: document and minimise

Sharing and processors

We use service providers where necessary for hosting, email, and analytics.

We may share personal data with vetted providers acting as processors (for example, cloud hosting, email, or analytics) strictly for the purposes above.

Where transfers outside the UK are required by a provider, we use appropriate safeguards consistent with UK GDPR (for example, contractual clauses) where applicable.

Retention

We keep data only as long as needed for the purpose.

Enquiry emails

Kept for a reasonable period to manage follow-ups and audit key decisions.

Client work records

Kept in line with engagement terms and professional record-keeping needs.

Security logs

Kept time-bounded and rotated, primarily for monitoring and incident response.

Your rights

You can exercise data protection rights by contacting us.

You may request access, correction, deletion, restriction, or objection where applicable. Email info@cipherintelligence.co.uk.

You may also complain to the UK Information Commissioner’s Office (ICO). We encourage contacting us first so we can resolve issues promptly.

Last updated: 04-01-2026