// legal

Privacy Policy

Last updated: 11 June 2026

This Privacy Policy explains how All-Secure Consultancy Ltd (“All-Secure”, “we”, “us”) collects, uses, and protects personal data. It applies to visitors of all-secure.co.uk, people who contact us, clients of our services, and users of our applications.

We are the data controller. Contact: [email protected]. Registered in England & Wales.

1. Information we collect

1.1 Information you provide directly

Contact form submissions: name, email, company, service of interest, and the message you send.
Client engagement data: information shared under a signed scoping or master services agreement, including technical details necessary to deliver security services.

1.2 Account and sign-in information

Some of our applications require an account. Where they do, we collect the details you register with, such as your name and email address, and use a session cookie with optional two-factor authentication to keep you signed in. We do not use third-party or social sign-in.

1.3 Information collected automatically

Server logs: IP address, user-agent, request URLs, and timestamps, retained for up to 30 days for security and troubleshooting.
Cookies: only strictly necessary cookies for session management. We do not use advertising or analytics cookies by default.

2. How we use your data

To respond to enquiries and provide the services you request.
To authenticate you and maintain your session in our applications.
To meet our legal, regulatory, and contractual obligations.
To protect our systems from abuse, fraud, and unauthorised access.

3. Legal bases (UK GDPR)

Consent: where you opt in, such as submitting the contact form.
Contract: to deliver services under an engagement.
Legitimate interests: to secure and improve our services. Where we rely on legitimate interests, we balance them against your rights and only proceed where they are not overridden.
Legal obligation: where required by applicable law.

4. Sharing and disclosure

We do not sell personal data. We share data only with:

Vetted sub-processors strictly necessary to operate the service (e.g. infrastructure hosting, email delivery).
Law enforcement or regulators where legally compelled.
Professional advisors bound by confidentiality.

5. Data retention

Contact form submissions: retained for up to 24 months unless a client relationship begins.
Client engagement records: retained for the duration of our engagement and for 7 years thereafter, in line with UK tax and professional-indemnity requirements.
Authentication data: retained while your account is active; deleted within 30 days of account deletion.

6. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, or port your personal data, and to object to certain processing. Where our processing is based on consent, you have the right to withdraw that consent at any time — this does not affect processing already carried out. To withdraw consent, or to exercise any other right, email [email protected]; we respond within one month. You also have the right to complain to the Information Commissioner’s Office (ICO).

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.

7. International transfers

Where data is transferred outside the UK or EEA, we rely on adequacy decisions or standard contractual clauses to ensure an equivalent level of protection.

8. Security

We apply the security practices we recommend to our clients: least-privilege access, strong authentication, encryption in transit (TLS 1.3) and at rest, logging and monitoring, and regular independent testing. No system is perfect: if you believe you’ve found a vulnerability, please disclose it responsibly to [email protected].

9. Changes

We may update this policy. Material changes will be announced on this page with a revised “last updated” date. Continued use of our services after an update constitutes acceptance of the revised policy.

10. Contact & company details

All-Secure Consultancy Ltd
Registered in England & Wales, Company No. [to be added]
Registered office: [registered office address to be added]
ICO registration: [ZB number to be added]
[email protected]

This policy is provided as a good-faith summary of our practices. It is not legal advice. If you’re embedding All-Secure services into a regulated workflow, ask us for a copy of the full data-processing addendum.