Privacy Policy

1. Introduction

Resilience Foundry Ltd ("Resilience Foundry", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website, use our platforms, or engage with our services.

2. Who We Are

Resilience Foundry Ltd is a company incorporated in England and Wales.

We provide cyber resilience services including:

• Software-as-a-Service (SaaS) platforms
• Threat intelligence
• Skills development and cyber exercising
• Real-world red team services

A registered office address will be added once confirmed. Until then, contact may be made via our website.

3. Scope of This Policy

This policy applies to:

• Website visitors
• Platform users
• Customers and prospects
• Event, exercise, and red team participants
• Marketing and newsletter subscribers

4. Data Protection Laws

We comply with applicable data protection laws, including:

• UK GDPR
• EU GDPR
• UK Data Protection Act 2018
• Applicable US privacy laws (including CCPA/CPRA where relevant)

5. Personal Data We Collect

5.1 Data You Provide

• Name, role, organisation
• Email address, phone number
• Account credentials
• Billing and subscription information
• Communications with us
• Information provided during services or exercises

5.2 Data Collected Automatically

• IP address
• Device, browser, and operating system details
• Usage data and logs
• Cookies and analytics data

5.3 Service & Operational Data

During red team engagements, simulations, or platform usage we may process organisational or behavioural data strictly for authorised purposes.

6. How We Use Your Data

We use personal data to:

• Operate and deliver our services
• Manage accounts and subscriptions
• Provide intelligence, analytics, and insights
• Support sales and customer relationships
• Improve platform performance and security
• Meet legal and regulatory obligations

We do not sell personal data.

7. Legal Basis for Processing

We process personal data based on:

• Contractual necessity
• Legitimate interests
• Legal obligations
• Consent (where required)

8. Data Sharing

We may share data with:

• Technology providers (analytics, CRM, hosting)
• Payment processors
• Professional advisers
• Customers or partners for service delivery and sales opportunities
• Authorities where legally required

All third parties are subject to confidentiality and data protection obligations.

9. International Transfers

Where data is transferred outside the UK or EEA, appropriate safeguards are applied, including standard contractual clauses or equivalent protections.

10. Data Retention

We retain data only for as long as necessary:

• Account data: duration of relationship plus statutory requirements
• Marketing data: until consent is withdrawn
• Engagement data: as defined by contract or operational need

11. Security

We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption, monitoring, and secure development practices.

No system is entirely risk-free, but we apply industry-standard safeguards proportionate to cyber risk.

12. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access personal data
• Correct inaccurate data
• Request erasure
• Restrict or object to processing
• Data portability
• Withdraw consent

Requests can be submitted via our website.

13. Cookies & Analytics

We use cookies and analytics tools (such as Google Analytics) to understand usage and improve our services. Cookie preferences can be managed through browser settings.

14. Children

Our services are not intended for individuals under the age of 16, and we do not knowingly collect children's personal data.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be published on this page.