DARKSIDE
ServicesHow it worksPricing
Book a call

Legal

Privacy Policy

Last updated: [EFFECTIVE DATE]

This Privacy Policy explains how Darkside Security Ltd (“Darkside”, “we”, “us”) collects, uses and protects personal data when you visit darkside-sec.com, contact us, or use our services. We are the data controller for the personal data described here.

Darkside Security Ltd is a company registered in England and Wales (company number [COMPANY NUMBER]), registered office [REGISTERED ADDRESS]. We are registered with the UK Information Commissioner’s Office (ICO) under reference [ICO REGISTRATION NUMBER].

1 Who this applies to

This policy covers visitors to our website and prospective and current clients who contact us or engage our services. Where we perform penetration testing under a Master Services Agreement, the handling of personal data within a client’s systems is governed by the data-processing terms of that agreement, under which we act as a processor.

2 The data we collect

  • Contact and enquiry data — when you complete our “Book a call” form or email us: your name, work email, company name, job role, and anything you include in your message.
  • Client relationship data — for clients: billing contacts, engagement contacts, and correspondence.
  • Lead source data — when you submit an enquiry, we record the page, referrer, campaign parameters, and cookie consent state connected with that enquiry.
  • Technical data — basic server logs and, if you consent, analytics and advertising data about how you use the site (see Cookies below).

We do not intentionally collect special category data through our website, and we ask that you do not include sensitive personal information in free-text form fields.

3 How we use your data, and our lawful basis

PurposeLawful basis (UK GDPR)
Responding to your enquiry and arranging a callLegitimate interests / steps prior to entering a contract
Providing and administering our servicesPerformance of a contract
Sending service-related communicationsPerformance of a contract / legitimate interests
Understanding which campaigns and pages generate enquiriesConsent for non-essential cookies and pixels; legitimate interests for source data submitted with an enquiry
Meeting legal, tax and accounting obligationsLegal obligation
Securing our site and preventing misuseLegitimate interests

We do not sell your personal data, and we do not use it for automated decision-making that has legal or similarly significant effects. If you consent to analytics or advertising pixels, our advertising partners may use pseudonymous identifiers to measure campaign performance and build advertising audiences.

4 Sharing your data

We share personal data only with service providers who help us operate, under contracts that require them to protect it:

  • Supabase — database and authentication for our client portal.
  • Vercel — website and application hosting.
  • Cal.com — appointment scheduling.
  • Brevo — transactional and enquiry email delivery.
  • Anthropic — AI-assisted analysis of penetration-test reports within the portal.
  • Google, Meta, and LinkedIn — analytics, advertising pixels, and conversion measurement where you have consented.

We may also disclose data where required by law, to professional advisers, or in connection with a business transfer. Some providers may process data outside the UK; where they do, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement.

5 How long we keep it

We keep enquiry data for up to 24 months after last contact unless you become a client. Client and financial records are kept for the duration of the relationship and for at least six years afterwards to meet legal and accounting requirements. Penetration-testing engagement data and evidence are retained for 90 days after report delivery and then securely destroyed, unless a longer period is agreed in writing.

6 Your rights

Under UK data protection law you have the right to access, correct, erase, restrict, or object to the processing of your personal data, and the right to data portability. To exercise any of these, email [email protected]. You also have the right to complain to the ICO at ico.org.uk, though we’d appreciate the chance to resolve any concern first.

7 Cookies

Our site uses essential storage required for it to function, including remembering your cookie preference. If you choose “Accept cookies”, we may also load analytics and advertising pixels from Google, Meta, and LinkedIn to understand site usage, measure ad performance, attribute enquiries, and support retargeting campaigns. These non-essential pixels are not loaded unless you consent.

If you choose “Reject cookies”, we do not load those pixels and we do not store session attribution data for marketing purposes. You can clear your browser storage to reset your choice.

8 Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, and the security practices you would expect of a firm whose business is security. No system is perfectly secure, but we take this seriously.

9 Changes and contact

We may update this policy from time to time; the “last updated” date above shows when. For any privacy question, contact [email protected].

Bracketed items (company number, registered address, ICO reference, effective date) are filled in before publication. This policy is a strong starting draft and should be reviewed by a solicitor or data-protection adviser before go-live.
DARKSIDE
How it worksPricingPrivacyTerms
© 2026 Darkside Security Ltd · Registered in England & Wales