Privacy Policy

Last updated: January 2026

Fortitude Cyber Ltd. (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit fortitudecyber.co.uk (the “Website”).

By using this Website, you agree to the practices described in this policy.

1. Who We Are

Fortitude Cyber Ltd.
Registered in the United Kingdom.

We do not currently appoint a Data Protection Officer, as we are not legally required to do so.

2. What Data We Collect

2.1 Data You Provide Directly

When you contact us via forms or email, we may collect:

  • Name
  • Email address
  • Phone number
  • The content of your message

This information is used solely to respond to your enquiry or provide services you request.

2.2 Data Collected Automatically (Analytics & Cookies)

We use analytics tools to understand how visitors use our website. This may include:

  • IP address (anonymised where possible)
  • Browser type
  • Device information
  • Pages visited
  • Time spent on pages
  • Referring websites

Non-essential cookies may also be used for analytics and website performance (see Cookie Policy below).

We do not use tracking pixels (e.g., Meta Pixel, LinkedIn Insight Tag) unless added later.

We do not collect payment data or user account information on this Website.

3. How We Use Your Data

We may process your personal data for the following purposes:

  • Responding to enquiries
  • Improving website performance and user experience
  • Security and fraud prevention
  • Internal business analytics
  • Sending marketing emails (only where legally permitted and with your consent where required)

We do not sell, rent, or trade your personal data.

4. Lawful Bases for Processing

We process your personal data only when permitted under UK GDPR, including:

  • Legitimate Interests – answering enquiries, improving the website, securing our systems
  • Consent – for non-essential cookies and marketing emails
  • Legal Obligation – where documents must be retained for compliance

5. Data Sharing & Third Parties

We do not currently use third-party processors such as CRMs, email marketing platforms, or cloud analytics beyond basic website analytics tools.

However, we may share data with:

  • Service providers who support our website infrastructure or analytics
  • Legal authorities, if required by law
  • Professional advisors (e.g., legal, accounting) under confidentiality

All third parties are required to maintain GDPR compliance.

6. International Data Transfers

Some service providers or analytic tools may store or process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK-approved International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses
  • Adequacy decisions from the UK government

7. Data Retention

We retain personal data only for as long as necessary:

  • Contact form submissions: up to 12 months or as required by law
  • Analytics data: retained according to the configuration of the analytics tool used (typically 14–26 months)

After these periods, data is securely deleted or anonymised.

Scroll to Top