Last updated: 07/05/2026

Securlab.io (“we”, “our”, “us”) is committed to protecting your privacy and the confidentiality of any information you share with us. This policy explains what information we collect, how we use it, and your rights.

If you have any questions, please contact us at info@securlab.io

PRIVACY AND COOKIE POLICY

SecurLab Ltd

1. WHO WE ARE

SecurLab Ltd (“SecurLab”, “we”, “us”, “our”) provides cyber product assurance, assessment, and analysis services, including through its online platforms:

• https://securlab.io

• https://portal.securlab.io

Our services involve the review, analysis, and evaluation of technical, operational, and organisational information relating to systems, software, and security processes.

Due to the nature of our work, we routinely handle confidential, security-sensitive, and commercially sensitive information, which is managed under strict confidentiality and security controls.

2. INFORMATION WE COLLECT AND PROCESS

2.1 Information You Provide

When engaging with us, you may provide:

• Name

• Work email address

• Job title and organisation

• Correspondence and communications

• Documents and materials shared during enquiries or engagements

• Information submitted within the assessment platform

We do not intentionally request:

• personal consumer data

• special category personal data

2.2 Technical, Operational and Corporate Information

Clients may provide detailed organisational and technical information, including:

• system architecture documentation

• product and service technical specifications

• security configurations

• AI system behaviours, outputs, or datasets

• risk assessments and operational processes

This information is typically:

• confidential business data

• intellectual property

• security-sensitive material

and is treated with enhanced security and confidentiality protections, regardless of whether it constitutes personal data.

2.3 Automatically Collected Information

When using our website or platform, we may collect:

• IP address

• browser type and version

• pages visited and navigation paths

• access timestamps and session data

• basic platform interaction data

This information supports:

• system security

• performance monitoring

• service improvement

We do not use cookies for advertising or behavioural tracking purposes.

3. HOW WE USE INFORMATION

We process information to:

• respond to enquiries and communications

• deliver assurance, assessment, and analysis services

• manage client relationships and engagement delivery

• operate, maintain, and improve our platform

• ensure system security and integrity

We do not:

• sell personal data

• use data for advertising

• share data for marketing purposes

4. LEGAL BASIS FOR PROCESSING

Where personal data is processed, we rely on:

• Contractual necessity – delivery of requested services

• Legitimate interests – business operations, service delivery, and security

• Consent – where explicitly provided

• Legal obligations – where required by law

5. INFORMATION SECURITY AND CONFIDENTIALITY

We implement appropriate technical and organisational measures, including:

5.1 Technical Controls

• encryption in transit (TLS/HTTPS)

• secure hosting (including AWS-based infrastructure in Germany)

• access control and authentication mechanisms

• role-based access and least-privilege principles

5.2 Organisational Controls

• restricted internal access to systems and data

• confidentiality obligations for personnel

• secure handling and classification of information

• defined retention and deletion processes

5.3 Monitoring and Assurance

• logging and monitoring of system access

• periodic review of controls

• structured operational security practices

Confidential client and technical information is handled under strict confidentiality conditions, often exceeding standard personal data protection requirements.

6. SHARING OF INFORMATION

We do not disclose information except where necessary:

6.1 Service Delivery

To deliver our services using trusted providers.

6.2 Service Providers / Sub-processors

We use controlled third-party providers, including:

• AWS (hosting – Germany)

• Valuecase (workflow delivery)

• Microsoft 365 (collaboration and communications)

• Salesforce (CRM systems)

All providers are:

• subject to contractual data protection obligations

• required to maintain appropriate security standards

6.3 Legal Requirements

Where disclosure is required by law or regulatory authority.

7. INTERNATIONAL DATA TRANSFERS

Data is primarily processed within:

• the United Kingdom

• the European Economic Area

Where data is processed outside these regions, we ensure safeguards including:

• Standard Contractual Clauses

• equivalent legal protections

8. DATA RETENTION

We retain information only for as long as necessary to:

• deliver services

• meet contractual obligations

• comply with legal requirements

Following completion of services:

• data may be retained for a limited operational period

• data is securely deleted in accordance with internal policies

You may request deletion of personal data, subject to legal or contractual limitations.

9. YOUR RIGHTS

Under UK GDPR, you have rights including:

• access to personal data

• correction of inaccurate data

• deletion where data is no longer required

• restriction or objection to processing

10. COOKIE POLICY

10.1 Use of Cookies

Our website uses cookies to distinguish users and improve functionality and performance.

A cookie is a small file stored on your browser or device that enables recognition and supports website functionality.

10.2 Types of Cookies Used

We use the following categories of cookies:

Strictly Necessary Cookies

Required for operation of the website, including:

• secure access to restricted areas

• session management

Analytical / Performance Cookies

Used to understand how users interact with the website, including:

• recognising and counting visitors

• analysing navigation patterns

• improving usability

Functionality Cookies

Used to:

• recognise returning users

• remember preferences (e.g. language or region)

Targeting Cookies

These cookies may record:

• pages visited

• links followed

to improve content relevance.

We do not actively use advertising-based tracking, but certain third-party services may apply limited analytics or targeting functionality.

10.3 Third-Party Cookies

Third parties such as analytics providers may place cookies on the website.

These may include:

• analytics and performance tools

• infrastructure or hosting-related services

We do not control these cookies and cannot accept liability for third-party compliance.

10.4 Managing Cookies

You can control cookies via your browser settings, including:

• blocking all cookies

• deleting existing cookies

Please note:

• disabling essential cookies may affect website functionality

10.5 Cookie Expiry

Except for strictly necessary cookies, cookies will expire after a defined period based on usage and configuration.

11. CONTACT DETAILS

Contact Us

SecurLab Ltd
13 Arm and Sword Lane
Hertfordshire
AL9 5EH

If you have any questions about this policy or how we handle information, contact:

Securlab.io – Data Protection Lead

Email: Info@securlab.io