Secure Your Business Against Modern Threats

Information We Collect

• Contact Information: Name, email address, company name, phone number, and enquiry details provided via our contact forms.
• Business Information: Company size, industry sector, current security measures, and specific cybersecurity requirements discussed during consultations.
• Technical Data: IP addresses, browser types, and access logs collected by our hosting provider for security monitoring and system administration.
• Service Data: Information gathered during security assessments, penetration tests, and other professional services (handled under separate confidentiality agreements).
• We do not use cookies, tracking pixels, or third-party analytics tools on this website.

How We Use Your Information

• Service Delivery: To respond to enquiries, provide cybersecurity consultations, deliver contracted services, and maintain ongoing client relationships.
• Business Operations: To improve our website, services, and security offerings based on client feedback and industry developments.
• Legal Compliance: To comply with legal obligations, regulatory requirements, and professional standards in the cybersecurity industry.
• Security & Fraud Prevention: To protect our business and clients from fraud, abuse, and security threats.
• Emergency Response: To provide urgent incident response services when contacted for security breaches or cyber attacks.

Data Collection, Storage & Retention

• Form Processing: Contact form submissions are securely processed and stored by Formspree, a GDPR-compliant service provider.
• Data Storage: Client data is stored on secure, UK-based servers with appropriate encryption and access controls.
• Retention Periods: Contact enquiries are retained for 2 years, active client data for the duration of engagement plus 7 years for legal compliance.
• Marketing: We do not use your data for marketing without explicit consent and provide easy opt-out mechanisms.
• Third Parties: We never sell your data and only share with trusted service providers under strict confidentiality agreements.
• International Transfers: Data is primarily processed within the UK/EEA with appropriate safeguards for any international transfers.

Information Security Measures

• Technical Safeguards: We implement industry-leading security measures including AES-256 encryption, multi-factor authentication, and regular security audits.
• Access Controls: Strict role-based access controls ensure only authorised personnel can access client data on a need-to-know basis.
• Network Security: Our systems are protected by enterprise-grade firewalls, intrusion detection systems, and continuous monitoring.
• Staff Training: All employees undergo regular security awareness training and sign comprehensive confidentiality agreements.
• Incident Response: We maintain a formal incident response plan and will notify clients of any data breaches within 72 hours as required by law.
• Third-Party Security: All service providers (including Formspree) are vetted for GDPR compliance and security standards.

Your Data Protection Rights

• Access Rights: You can request a copy of all personal data we hold about you, provided free of charge within one month.
• Rectification: You can request correction of inaccurate or incomplete personal data.
• Erasure: You can request deletion of your personal data, subject to legal retention requirements and legitimate business interests.
• Portability: You can request your data in a structured, machine-readable format for transfer to another provider.
• Objection & Restriction: You may object to or restrict certain types of data processing.
• Exercising Rights: Contact our Data Protection Officer at dpo@jellybeancyber.co.uk or info@jellybeancyber.co.uk.
• Complaints: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Data Sharing & Disclosure

• Service Providers: We may share data with trusted third-party service providers who assist in delivering our services, all bound by strict confidentiality agreements.
• Legal Requirements: We may disclose information when required by law, court order, or to protect our legal rights and those of our clients.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, client data may be transferred subject to equivalent privacy protections.
• Emergency Situations: We may share information to prevent serious harm to individuals or to assist in cybersecurity incident response.
• No Marketing Sales: We never sell, rent, or trade personal data for marketing purposes.

Policy Updates

This privacy policy may be updated to reflect changes in our practices, services, or legal requirements. We will notify clients of significant changes via email where appropriate. Please check this page regularly for the latest version. Last updated: January 2025.

Website Use & Acceptable Use Policy

• This website is provided for information about our cybersecurity services and solutions.
• You must not use this site for unlawful purposes, attempt to gain unauthorised access to any part of the site or its systems, or conduct any form of security testing without explicit written permission.
• You must not use automated tools, bots, or scripts to access or interact with our website without prior consent.
• All content, logos, graphics, and intellectual property are owned by Jellybean Cyber Limited and protected by UK and international copyright laws.
• You may not reproduce, distribute, or create derivative works from our content without written permission.

Professional Services & Client Engagement

• All cybersecurity services are subject to a separate written service agreement, statement of work, or contract that will govern the specific engagement.
• We reserve the right to refuse or terminate services if we believe your use is unlawful, abusive, poses a security risk, or may harm our business, reputation, or other clients.
• Service scope, deliverables, timelines, fees, and confidentiality terms will be agreed in writing before commencement of any work.
• Emergency incident response services may be provided under separate terms and conditions with expedited engagement processes.
• All penetration testing and vulnerability assessments require explicit written authorisation and defined scope boundaries.

Contact Forms & Client Communication

• All contact forms are processed securely via Formspree.
• By submitting a form, you consent to us contacting you regarding your cybersecurity enquiry and potential service requirements.
• We do not use your details for marketing purposes unless you explicitly opt in to receive our security updates and newsletters.
• All client communications are treated as confidential and handled in accordance with our professional standards.
• For urgent security incidents, please call our emergency line rather than using contact forms.

Data Protection & Client Confidentiality

• We comply with UK GDPR, Data Protection Act 2018, and maintain ISO 27001 standards for information security management.
• Our Privacy Policy explains how we handle your personal and business data.
• We do not use cookies or tracking technologies on this website to protect your privacy.
• All client data and security assessments are handled under strict confidentiality agreements.
• We maintain appropriate technical and organisational measures to protect your information.

Limitation of Liability & Professional Indemnity

• Jellybean Cyber Limited maintains professional indemnity insurance and limits liability as permitted under UK law and as specified in individual service agreements.
• We do not guarantee that this website will always be available or free from errors, though we maintain reasonable security measures.
• Our liability for cybersecurity services is governed by the specific terms of each service agreement and applicable professional standards.
• We exclude liability for indirect, consequential, or special damages except where prohibited by law.
• Nothing in these terms excludes or limits our liability for death, personal injury, fraud, or fraudulent misrepresentation.

Professional Standards & Compliance

• Jellybean Cyber Limited operates under UK company law (Company Registration Number: [To be added]).
• We adhere to industry standards including NIST Cybersecurity Framework, ISO 27001, and OWASP guidelines.
• All penetration testing is conducted in accordance with OWASP Testing Guide and industry best practices.
• We maintain appropriate professional certifications and follow ethical hacking principles.
• Our services comply with relevant UK legislation including Computer Misuse Act 1990 and GDPR requirements.

Governing Law & Jurisdiction

• These terms are governed by English law and subject to the exclusive jurisdiction of the English courts.
• Any disputes arising from our services will be handled through the dispute resolution process outlined in the relevant service agreement.
• We may seek injunctive relief in any jurisdiction for breaches relating to intellectual property or confidentiality.

Changes to These Terms

We may update these Terms from time to time to reflect changes in our services or legal requirements. Please check this page for the latest version. Continued use of our website after changes constitutes acceptance of the updated terms. Last updated: January 2025.

Contact & Legal Enquiries

For questions about these Terms or legal matters, please email info@jellybeancyber.co.uk For urgent security incidents, call 0333 880 0922.