Legal
Privacy Policy
Last updated: [EFFECTIVE DATE]
This Privacy Policy explains how Darkside Security Ltd (“Darkside”, “we”, “us”) collects, uses and protects personal data when you visit darkside-sec.com, contact us, or use our services. We are the data controller for the personal data described here.
Darkside Security Ltd is a company registered in England and Wales (company number [COMPANY NUMBER]), registered office [REGISTERED ADDRESS]. We are registered with the UK Information Commissioner’s Office (ICO) under reference [ICO REGISTRATION NUMBER].
1 Who this applies to
This policy covers visitors to our website and prospective and current clients who contact us or engage our services. Where we perform penetration testing under a Master Services Agreement, the handling of personal data within a client’s systems is governed by the data-processing terms of that agreement, under which we act as a processor.
2 The data we collect
- Contact and enquiry data — when you complete our “Book a call” form or email us: your name, work email, company name, job role, and anything you include in your message.
- Client relationship data — for clients: billing contacts, engagement contacts, and correspondence.
- Lead source data — when you submit an enquiry, we record the page, referrer, campaign parameters, and cookie consent state connected with that enquiry.
- Technical data — basic server logs and, if you consent, analytics and advertising data about how you use the site (see Cookies below).
We do not intentionally collect special category data through our website, and we ask that you do not include sensitive personal information in free-text form fields.
3 How we use your data, and our lawful basis
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Responding to your enquiry and arranging a call | Legitimate interests / steps prior to entering a contract |
| Providing and administering our services | Performance of a contract |
| Sending service-related communications | Performance of a contract / legitimate interests |
| Understanding which campaigns and pages generate enquiries | Consent for non-essential cookies and pixels; legitimate interests for source data submitted with an enquiry |
| Meeting legal, tax and accounting obligations | Legal obligation |
| Securing our site and preventing misuse | Legitimate interests |
We do not sell your personal data, and we do not use it for automated decision-making that has legal or similarly significant effects. If you consent to analytics or advertising pixels, our advertising partners may use pseudonymous identifiers to measure campaign performance and build advertising audiences.
4 Sharing your data
We share personal data only with service providers who help us operate, under contracts that require them to protect it:
- Supabase — database and authentication for our client portal.
- Vercel — website and application hosting.
- Cal.com — appointment scheduling.
- Brevo — transactional and enquiry email delivery.
- Anthropic — AI-assisted analysis of penetration-test reports within the portal.
- Google, Meta, and LinkedIn — analytics, advertising pixels, and conversion measurement where you have consented.
We may also disclose data where required by law, to professional advisers, or in connection with a business transfer. Some providers may process data outside the UK; where they do, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement.
5 How long we keep it
We keep enquiry data for up to 24 months after last contact unless you become a client. Client and financial records are kept for the duration of the relationship and for at least six years afterwards to meet legal and accounting requirements. Penetration-testing engagement data and evidence are retained for 90 days after report delivery and then securely destroyed, unless a longer period is agreed in writing.
6 Your rights
Under UK data protection law you have the right to access, correct, erase, restrict, or object to the processing of your personal data, and the right to data portability. To exercise any of these, email [email protected]. You also have the right to complain to the ICO at ico.org.uk, though we’d appreciate the chance to resolve any concern first.
7 Cookies
Our site uses essential storage required for it to function, including remembering your cookie preference. If you choose “Accept cookies”, we may also load analytics and advertising pixels from Google, Meta, and LinkedIn to understand site usage, measure ad performance, attribute enquiries, and support retargeting campaigns. These non-essential pixels are not loaded unless you consent.
If you choose “Reject cookies”, we do not load those pixels and we do not store session attribution data for marketing purposes. You can clear your browser storage to reset your choice.
8 Security
We apply appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, and the security practices you would expect of a firm whose business is security. No system is perfectly secure, but we take this seriously.
9 Changes and contact
We may update this policy from time to time; the “last updated” date above shows when. For any privacy question, contact [email protected].