Legal
Privacy Policy
How we handle your personal data
Last updated: March 2026
Ridgeline Cyber Defence ("we", "us", "our") is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our website ridgelinecyber.com, purchase digital products, engage our implementation services, contact us, or subscribe to our newsletter.
We are the data controller for the personal data we process. Ridgeline Cyber Defence is a UK sole trader. You can contact us at [email protected].
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. What Personal Data We Collect
We only collect the personal data we need to provide our products and services. Depending on how you interact with us, this may include:
- Identity and contact information — name, email address, company name, job title, billing name and address.
- Order and payment information — order details, purchase history, transaction references, invoice details. We do not store full payment card details; these are handled securely by our payment processors (see Section 4).
- Service engagement information — data submitted through our intake form, including company details, industry, number of employees, compliance requirements, technical environment details, and contact information. This data is used solely to deliver the implementation services you have engaged.
- Technical and usage data — IP address, browser type, device information, pages visited, time and date of visits, and how you interact with our site (collected automatically via server logs and analytics).
- Communication data — messages, emails, or enquiries you send us, including any attachments or details you provide.
- Marketing preferences — whether you opt in to receive emails or newsletters from us.
We do not collect special category data (e.g., health, race, religion) or data about children under 16.
2. How We Collect Your Personal Data
- Directly from you — when you place an order, complete our intake form, download a product, fill in a contact form, request a product, subscribe to our newsletter, or email us.
- Automatically — through server logs and analytics when you browse our site.
- From third parties — limited to payment processors (confirmation of successful payment) and email delivery providers (delivery status of transactional emails).
3. Why We Use Your Personal Data
We process your data for the following purposes, with the corresponding lawful basis under UK GDPR:
| Purpose | Lawful Basis |
|---|---|
| Process and fulfil product orders | Contract (Art. 6(1)(b)) — necessary to deliver the product you purchased. |
| Deliver implementation services | Contract (Art. 6(1)(b)) — necessary to perform the service you engaged. |
| Send essential service emails (order confirmations, download links, invoices, service updates) | Contract (Art. 6(1)(b)) |
| Respond to enquiries and provide customer support | Legitimate interests (Art. 6(1)(f)) or Contract |
| Send marketing emails or newsletters | Consent (Art. 6(1)(a)) — only if you explicitly opt in. You can unsubscribe at any time. |
| Improve our website and prevent fraud | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations (e.g., tax records) | Legal obligation (Art. 6(1)(c)) |
4. Who We Share Your Data With
We share data only when necessary to provide our products and services:
- Lemon Squeezy — payment processing for digital product purchases (acts as Merchant of Record).
- Stripe — payment processing and invoicing for implementation services.
- Cloudflare — website hosting, content delivery, and serverless functions (including intake form processing).
- Resend — transactional email delivery (intake form notifications, service communications).
- Professional advisors (e.g., accountants, lawyers) — when required for business or legal compliance purposes.
- Law enforcement or regulators — if legally required.
We do not sell your personal data to third parties. We do not share your data for marketing purposes.
5. International Data Transfers
Some of our service providers are located outside the UK (e.g., in the United States). Where data leaves the UK, we ensure appropriate safeguards are in place, such as UK adequacy decisions, UK International Data Transfer Agreements, or Standard Contractual Clauses.
6. How Long We Keep Your Data
- Order and payment data — 6 years (legal and tax requirement).
- Service engagement data (intake forms, deliverables) — duration of the engagement plus 12 months, or longer if required by law.
- Communication data — 24 months from last contact, or longer if related to an ongoing service engagement.
- Marketing consent records — until you unsubscribe or withdraw consent.
- Technical logs — up to 26 months.
We securely delete or anonymise data when it is no longer needed.
7. Security of Your Data
We take reasonable technical and organisational measures to protect your data, including encryption (SSL/TLS) on our website, secure payment processing through PCI DSS compliant providers, and access controls on all systems that store personal data.
However, no internet transmission is 100% secure and we cannot guarantee absolute security.
8. Your Rights Under UK GDPR
You have the following rights (subject to some legal exceptions):
- Right to be informed — this policy fulfils this right.
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure — request deletion of your data (where legally permitted).
- Right to restrict processing — limit how we use your data in certain circumstances.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests or for direct marketing.
To exercise any right, email [email protected]. We will respond within one month.
You also have the right to complain to the Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/ or call 0303 123 1113.
9. Cookies
We use essential cookies required for the website to function. We use Cloudflare Analytics for aggregated, privacy-respecting website usage data — this does not use tracking cookies or collect personal identifiers. You can control cookie preferences through your browser settings.
10. Changes to This Policy
We may update this policy to reflect changes in law, our practices, or services. The updated version will be posted here with a new date. Significant changes may be notified via email or site notice.
11. Contact Us
If you have questions about this policy or your personal data, contact us:
Email: [email protected]