Privacy Policy

Effective date: 12 April 2026

1. Who We Are

Wolds Cyber Ltd ("we", "us", "our") is a company registered in England and Wales (Company No. 17143627), with a registered office at 61 Bridge Street, Kington, HR5 3DJ. We provide independent cyber security audit and consultancy services to small and medium-sized businesses in Yorkshire and the surrounding region.

For the purposes of UK GDPR and the Data Protection Act 2018, Wolds Cyber Ltd is the data controller for personal data collected through this website.

Contact: [email protected]

2. What Data We Collect

We collect personal data in the following circumstances:

• Contact enquiries — name, business email address, company name, and message content when you use the contact form or email us directly.
• Website security scanner — a hashed (SHA-256 + salt) version of your IP address, the domain you submitted, and the scan results. We never store your raw IP address.
• Session cookies — a session identifier stored in your browser for rate-limiting purposes on the free scanner. This expires after 24 hours.
• Analytics — if analytics are enabled, aggregated, anonymised usage data (pages visited, approximate location by country). No individual tracking.

We do not collect payment card details directly. If payment processing is introduced, it will be handled by a PCI-compliant third party.

3. How We Use Your Data

• Contact enquiries — to respond to your message and provide the service you have asked about.
• Scanner data — to generate and display your scan results, enforce fair-use rate limits, and detect abuse.
• Compliance — to meet our legal obligations under UK law.

We do not sell your personal data. We do not share it with third parties for marketing purposes.

4. Lawful Basis for Processing

• Contract performance (Article 6(1)(b) UK GDPR) — processing your enquiry or delivering a service you have requested.
• Consent (Article 6(1)(a) UK GDPR) — use of the free scanner, where you explicitly submit a domain for scanning.
• Legitimate interests (Article 6(1)(f) UK GDPR) — security logging, abuse prevention, and improving our services, balanced against your privacy interests.

5. Data Retention

• Contact enquiries: retained for 2 years from the date of last contact, then securely deleted.
• Anonymous scanner results: 90 days.
• Session cookies: 24 hours (browser-based expiry).

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your data where there is no overriding lawful reason to retain it.
• Right to restrict processing — request that we limit how we use your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email [email protected]. We will respond within one calendar month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk, telephone 0303 123 1113.

7. Cookies

This website uses the following cookies:

• scan_session — a session cookie used by the free scanner for rate limiting. Expires after 24 hours. Strictly necessary for the scanner to function.

We do not use advertising cookies or third-party tracking cookies. If this changes, this policy will be updated and visitors will be informed.

8. Third-Party Services

This website is hosted on Cloudflare Pages. Cloudflare may process technical data (including IP addresses) as part of their infrastructure services. See Cloudflare's privacy policy for details.

We do not embed third-party social media scripts, advertising networks, or tracking pixels on this website.

9. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include HTTPS encryption on all pages, IP address hashing before storage, and access controls on any systems holding personal data.

No transmission over the internet is entirely secure. If you have concerns about a specific data security issue, contact us at [email protected].

10. Changes to This Policy

We may update this privacy policy from time to time. The effective date at the top of this page will reflect when the policy was last revised. Material changes will be highlighted on the website.

11. Contact

For any questions about this privacy policy or how we handle your personal data, contact us at [email protected].

Wolds Cyber Ltd, Company No. 17143627, registered in England and Wales.