24/7 incident response: 0333 880 0922

Privacy Policy

Last updated: 21 April 2026

1. Who we are

Jellybean Cyber is a trading name of Jellybean Commercial Ltd, a company registered in England and Wales. Our registered office is at Elmhurst Business Park, Lichfield, Staffordshire, United Kingdom.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller. If you have questions about how we handle your data, contact us at info@jellybeancyber.co.uk.

2. What data we collect

We collect personal data only when you provide it to us or when it is necessary to deliver our services:

  • Contact form submissions: name, email address, phone number, company name, and message content.
  • Email correspondence: any information you include when you email us directly.
  • Phone calls: we may take notes during calls to provide you with the service you requested.
  • Service delivery: technical data necessary to deliver penetration testing, SIEM monitoring, SecureDesk, or other contracted services (e.g. IP addresses, log data, system configurations). This is governed by a separate data processing agreement.

3. Cookies and analytics

We use minimal cookies:

  • Essential cookies: session management and security tokens required for the website to function. These cannot be disabled.
  • Analytics: we use Vercel Web Analytics, which collects anonymous, aggregated usage data (page views, referrers, browser type). It does not use cookies for tracking and does not collect personally identifiable information. You can opt out of analytics via the cookie consent banner.

We do not use advertising cookies, tracking pixels, or third-party marketing tools. We do not sell your data to anyone.

4. How we use your data

  • To respond to your enquiries and provide quotes.
  • To deliver the cybersecurity or development services you contracted.
  • To send you information you requested (e.g. assessment reports).
  • To comply with legal obligations.

We will never send you unsolicited marketing emails unless you explicitly opt in.

5. Legal basis for processing

Under the UK GDPR, we process your personal data on the following bases:

  • Consent: when you submit a contact form or accept cookies.
  • Contractual necessity: when processing is needed to deliver a service you have contracted.
  • Legitimate interest: to improve our website and services, where this does not override your rights.
  • Legal obligation: where we are required to retain data by law.

6. How we store and protect your data

Your data is stored securely using industry-standard encryption and access controls. We limit access to personal data to employees and contractors who need it to do their work. We are, after all, a cybersecurity company — we take data protection seriously.

7. Data retention

We retain contact form submissions and correspondence for up to 24 months after your last interaction with us, unless a longer retention period is required by law or by an active service agreement. Service delivery data (e.g. penetration test reports) is retained as agreed in your service contract.

8. Third-party processors

We use a limited number of third-party services to operate this website and deliver our services:

  • Vercel: website hosting and analytics.
  • Resend: email delivery for contact form submissions.

We do not share your personal data with any other third parties except where required by law.

9. Your rights

Under the UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to legal obligations).
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time.
  • Lodge a complaint with the Information Commissioner's Office (ICO).

To exercise any of these rights, email us at info@jellybeancyber.co.uk. We will respond within 30 days.

10. Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated “last updated” date. We encourage you to review this policy periodically.

11. Contact us

If you have questions about this privacy policy or how we handle your data, contact us: