Privacy Notice

1. Who we are

CyberOff Ltd ("CyberOff", "we", "us") is the data controller responsible for your personal data. We are a UK independent AI security architecture practice.

• Company: CyberOff Ltd
• Company number: 13167805
• VAT number: 370598960
• Based in: Barnstaple, Devon, United Kingdom
• Contact: ian@cyberoff.com

2. What data we collect

We only collect the data you choose to give us through this website. Depending on the form you use, that may include:

• →Your name
• →Your work email address
• →Your organisation and job title
• →Any message or enquiry details you enter
• →Your responses and summary scores from the CASAM Sense Check, if you complete it

We do not collect special category data, and we do not knowingly collect data from anyone under 18.

3. Why we collect it, and our lawful basis

We use your data to respond to your enquiry, send you anything you've requested (such as the CASAM white paper or your Sense Check results), and to follow up about our services where relevant.

Our lawful basis under UK GDPR is legitimate interests — responding to business enquiries you have initiated and providing materials you have asked for — and, where you have ticked a box or otherwise opted in, consent. You can withdraw consent at any time by emailing us.

4. How long we keep it

We retain enquiry and form data for 12 months from the date of your last contact with us, after which it is deleted — unless we have entered into a contract with you, in which case we keep records for as long as is necessary to meet our legal and accounting obligations.

5. Who we share it with

We do not sell your data, and we never share it for third-party marketing. We use a small number of trusted service providers ("processors") to run this website and our business:

• Netlify — hosts this website and processes the form submissions you send us.
• Calendly — used to book consultation calls, if you choose to schedule one.
• Google Fonts — serves the fonts used on this site; your browser requests them from Google when the page loads.

Some of these providers are based outside the UK. Where data is transferred internationally, it is protected by appropriate safeguards such as UK adequacy regulations or Standard Contractual Clauses.

6. Cookies

This website does not use analytics, advertising, or tracking cookies. Essential functionality may rely on your browser's local storage, but we do not use it to track you across other sites. If we introduce analytics in future, we will update this notice and request consent where required.

7. Your rights

Under UK GDPR you have the right to access the personal data we hold about you, to have it corrected or erased, to restrict or object to our processing of it, and to data portability. To exercise any of these rights, email ian@cyberoff.com and we will respond within one month.

8. Complaints

If you have a concern about how we handle your data, please contact us first so we can put it right. You also have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO), at ico.org.uk.

9. Changes to this notice

We may update this notice from time to time. The "last updated" date at the top reflects the most recent version. Material changes will be reflected here before they take effect.