Privacy Policy

How we collect, use, and protect your personal data

Last Updated: May 20, 2026
Effective Date: May 20, 2026
Data Controller: threat-hunting.co.uk (Division of Telesoft Technologies)

1. Introduction

We are committed to protecting your personal data and your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws.

2. Information We Collect

2.1 Information You Provide Directly

  • Contact Forms: Name, email address, phone number, company name, and messages
  • Account Registration: Account credentials, business information, and configuration preferences
  • SOC Builder: Network configuration data, security requirements, and organisational information
  • Help Requests: Contact details and assistance inquiries
  • Subscriptions: Billing information and service preferences

2.2 Automatically Collected Information

  • Server Logs: IP address, browser type, operating system, pages visited, and time spent
  • Cookies and Tracking: Session information, preferences, and analytics data
  • Device Information: Device type, screen resolution, and language settings

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

  • Consent: Where you have explicitly consented to specific processing
  • Contract: To fulfil our service agreements with you
  • Legal Obligation: To comply with applicable laws and regulations
  • Legitimate Interests: To improve our services and prevent fraud

4. How We Use Your Information

We use your personal data for the following purposes:

  • Providing and improving our MDR services
  • Responding to your enquiries and support requests
  • Processing payments and managing billing
  • Sending service updates and security notices
  • Conducting security assessments and threat analysis
  • Complying with legal obligations
  • Preventing fraud and abuse
  • Analysing website usage (with your consent for non-essential analytics)

5. Data Sharing

We do not sell your personal data. We only share your information with:

  • Service Providers: Third-party vendors who help us deliver services (under data processing agreements)
  • Legal Requirements: When required by law, court order, or regulatory authority
  • Business Partners: Only with your explicit consent
  • Parent Company: Telesoft Technologies (for internal business purposes)

6. International Data Transfers

If we transfer your data outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or other legally recognised mechanisms. You have the right to know the location of your data processing.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account Data: During active service and 6 months after termination
  • Support Records: 3 years for dispute resolution and compliance
  • Marketing Data: Until you unsubscribe
  • Analytics Data: 12 months in aggregated form

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Opt-out of direct marketing and certain processing
  • Rights Related to Automated Decision Making: Request human review of automated decisions

To exercise these rights, contact us at: dpo@threathunting.co.uk

9. Security

We implement comprehensive security measures to protect your data:

  • Encryption in transit (TLS) and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

10. Cookies

We use cookies to enhance your experience. See our Cookies Policy for detailed information about how we use cookies and how to manage your preferences.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing personal information.

12. Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal data from children under 13.

13. Data Protection Officer

For questions about this Privacy Policy or our data protection practices, contact our Data Protection Officer:

  • Email: dpo@threathunting.co.uk
  • Address: Legal & Compliance, Telesoft Technologies, UK

14. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date.