Privacy notice.

Who we are

CIaaS Limited is a cyber security and identity consultancy registered in England & Wales, Company No. 14519311. For the personal data described in this notice, CIaaS Limited is the data controller.

CIaaS Limited also builds and operates its own products – Account Factory, StaffID, BinSense, Chat and Secure. Each product has its own privacy documentation on its own site; this notice covers ciaas.com only.

What we collect

The only personal data ciaas.com collects is what you choose to put in the contact form:

How we use it

We use your submission to answer your enquiry. That is the whole list. The lawful basis is legitimate interests (Article 6(1)(f) UK GDPR): you have asked us a question and it is in both our interests for us to answer it.

We do not add you to a marketing list, sell or share your details, or contact you about anything other than the enquiry you raised, unless you ask us to.

Where your data goes

When you submit the contact form, your message takes this path:

• It is received by a serverless function on Microsoft Azure (Static Web Apps), operated by us.
• It is delivered as an email via Azure Communication Services, configured to process data in the UK region.
• It lands in our Microsoft 365 mailbox (info@ciaas.com), hosted by Microsoft with UK/EU data residency.

Microsoft acts as our processor throughout. We do not use any other sub-processor for this site, and your data is not transferred outside the UK/EEA other than as covered by Microsoft’s standard data-protection terms.

Cookies and analytics

ciaas.com sets no cookies and runs no analytics or tracking scripts. Web fonts are loaded from Google Fonts, which serves the font files but receives no identifying information from us beyond the standard request your browser makes.

Our hosting platform records standard server logs (including IP addresses) for security and error diagnostics; these are retained briefly by the platform and are not used to profile visitors.

How long we keep it

Contact-form emails are kept in our mailbox for as long as the conversation is live, and for up to 24 months afterwards in case the enquiry resumes. If your enquiry becomes a client engagement, the correspondence is retained as part of the engagement record for up to 6 years, in line with normal contractual limitation periods.

Your rights

Under UK GDPR you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data erased;
• object to or restrict our processing;
• data portability, where applicable.

To exercise any of these, email info@ciaas.com. We respond within one calendar month. You also have the right to complain to the Information Commissioner’s Office, though we would rather you raised it with us first.

Security

We are a security consultancy; we try to behave like one. This site is served over HTTPS only, the contact pipeline runs on managed Azure services with credentials held in platform configuration rather than source code, and our mailbox is protected with phishing-resistant multi-factor authentication. If we ever suffer a breach affecting your data, we will notify you and the ICO as required, within 72 hours of becoming aware.

Changes to this notice

If we change what this site collects or how, we will update this notice, bump the version number and effective date above, and – for anything material – say so plainly rather than burying it.

How to contact us

CIaaS Limited
Registered in England & Wales, Company No. 14519311
info@ciaas.com