Get 24/7 Protection
Privacy Notice

Welcome to CloudGuard’s Privacy Notice

1. Introduction and scope

This Privacy Notice describes how CloudGuard Ltd (“CloudGuard “, “we”, “us”, “our”) collects, uses, and protects personal data when you visit our website at www.cloudguard.ai (the “Website”), interact with us through web forms, contact us by email or telephone, subscribe to marketing communications, or otherwise engage with us directly as a website visitor, prospect, customer contact, supplier contact, or job applicant.

This Notice does not cover the processing of personal data that arrives at CloudGuard through our security operations service from our customers’ technology environments. That processing is described in our separate Service Privacy Statement and governed by our Data Processing Agreement with the relevant customer.

This Notice should be read together with our Cookie Policy and our Website Terms of Use.

2. Who we are

CloudGuard Ltd is the data controller for the personal data described in this Notice.

We are a company incorporated in England and Wales with registered company number 12813004, whose registered office is at Clockwise Offices, Linley House, Dickinson Street, Manchester M1 4LF, United Kingdom.

Data Protection Officer: [email protected]

3. Definitions

In this Notice:

  • Personal data has the meaning given to it in the UK GDPR and the EU GDPR
  • Processing means any operation performed on personal data
  • UK GDPR means Regulation (EU) 2016/679 as retained in UK law and as amended by the Data Protection Act 2018
  • EU GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
  • DPA 2018 means the United Kingdom Data Protection Act 2018
  • You means any visitor to our Website or other individual whose personal data we process under this Notice

4. Personal data we collect

We collect and process the following categories of personal data:

4.1 Identity data

First name, last name, username (where you create an account), title, job title, company name, and information about the size of your organisation.

4.2 Contact data

Email address, telephone number, company postal address, and company website URL.

4.3 Transaction data

Records of products, services, or subscriptions you have purchased, requested, or enquired about.

4.4 Technical data

IP address, browser type and version, operating system, time zone settings, device identifiers, and session activity logs. This data is typically collected automatically when you visit our Website.

4.5 Usage data

Information about how you use our Website, including pages visited, time spent on pages, click-through patterns, and interactions with content.

4.6 Marketing data

Your preferences for receiving marketing communications and your engagement with any marketing communications we send.

We do not knowingly collect any special categories of personal data (data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation), and we do not collect information about criminal convictions and offences.

5. How we collect your personal data

We collect personal data:

  • Directly from you when you complete forms on our Website, contact us, subscribe to our marketing, request a demonstration, or apply for a job
  • Automatically through cookies and similar technologies; see our Cookie Policy
  • From third parties such as professional networking platforms, business contact databases, or referrals

6. Lawful basis for processing

We process personal data on one or more of the following lawful bases under the UK GDPR and EU GDPR:

  • Performance of a contract (Article 6(1)(b)): where processing is necessary to deliver a product or service you have requested or to take steps at your request before entering into a contract
  • Legitimate interests (Article 6(1)(f)): for our legitimate business purposes including analytics, system performance monitoring, security, business development, and customer relationship management, where your interests and fundamental rights do not override ours
  • Consent (Article 6(1)(a)): where you have opted in to receive marketing communications or where consent is otherwise required (for example, for non-essential cookies)
  • Legal obligation (Article 6(1)(c)): to comply with our legal, regulatory, accounting, and tax obligations

Where we rely on legitimate interests, we have conducted a Legitimate Interests Assessment which is available on request.

7. How we use your personal data

We use your personal data to:

  • Provide, operate, and maintain our Website
  • Respond to enquiries and requests
  • Process and deliver services you have requested
  • Manage our relationship with you as a customer, prospect, supplier, or job applicant
  • Send you marketing communications about our products and services where you have opted in, with the ability to unsubscribe at any time
  • Improve our Website and services through analytics
  • Detect, prevent, and respond to security incidents and fraud
  • Manage job applications
  • Comply with legal, regulatory, accounting, and tax obligations

8. Sharing your personal data

We do not sell your personal data.

We share your personal data with:

  • Service providers and sub-processors acting on our behalf, including Microsoft (for Azure-based hosting and Microsoft 365 services), Atlassian (for issue tracking and customer service systems), LinkedIn (for marketing and advertising), and Zoho (for business and financial systems). These providers process your data under contractual obligations consistent with the UK GDPR and EU GDPR
  • Professional advisers including lawyers, accountants, and auditors
  • Regulatory authorities, courts, and government bodies where required by law or to comply with legal proceedings, court orders, or regulatory requests
  • Prospective buyers or successors in the event of a business sale, merger, or transfer of all or part of our business, subject to confidentiality protections

We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law.

9. International transfers

Most personal data is processed within the United Kingdom and the European Economic Area (EEA). Where personal data is transferred outside the UK or EEA, we ensure that an appropriate transfer mechanism is in place, which may include:

  • Transfers to countries that the UK or EU has determined provide an adequate level of protection
  • UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses
  • EU Standard Contractual Clauses
  • Other lawful transfer mechanisms

A description of international transfers and the safeguards in place is available on request.

10. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Indicative retention periods are:

  • Customer and supplier contact data: duration of the relationship plus 6 years for legal and tax purposes
  • Prospect data: up to 2 years from last engagement, unless you opt in to continued contact
  • Marketing data: until you withdraw consent or opt out
  • Job applicant data: 12 months from application, with consent to retain longer for future opportunities
  • Website analytics data: typically 26 months
  • Security and access logs: typically 12 months

When personal data is no longer required, it is securely deleted or anonymised. Some data may persist on backup or archival media for a short period before secure erasure.

11. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data at rest and in transit
  • Role-based access controls limiting data access to authorised personnel
  • Continuous logging and monitoring of access and modifications
  • Pseudonymisation and anonymisation where appropriate
  • Regular security testing and assessment
  • Staff training on data protection and information security

12. Your rights

Under the UK GDPR and EU GDPR, you have the following rights:

  • Right of access — to obtain a copy of the personal data we hold about you
  • Right to rectification — to have inaccurate or incomplete personal data corrected
  • Right to erasure — to have your personal data deleted in certain circumstances
  • Right to restriction — to limit the processing of your personal data in certain circumstances
  • Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format
  • Right to object — to object to processing based on our legitimate interests, and to object to processing for direct marketing at any time
  • Right to withdraw consent — where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal
  • Rights related to automated decision-making — including the right to obtain human review where a decision affecting you is made solely by automated means

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond within one month of receiving your request. We do not charge for exercising your rights unless your request is manifestly unfounded or excessive.

13. Right to complain

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with applicable law.

  • UK matters: Information Commissioner’s Office (ICO) — www.ico.org.uk, telephone 0303 123 1113
  • EU matters: your local data protection supervisory authority. A list is available at edpb.europa.eu

We would, however, appreciate the chance to address your concerns first;  please contact our Data Protection Officer at [email protected].

14. Cookies

For information about how we use cookies and similar tracking technologies, please see our Cookie Policy, available on our Website.

15. Changes to this notice

We may update this Notice from time to time to reflect changes in our practices or legal obligations. The current version is always available on our Website with an updated effective date. Where changes are material, we will provide additional notice (for example, by email or prominent notice on our Website).

16. Contact us

For any questions about this Notice or how we handle your personal data:

  • Email: [email protected]
  • Post: Data Protection Officer, CloudGuard Ltd, Clockwise Offices, Linley House, Dickinson Street, Manchester M1 4LF, United Kingdom