No obligation. Book your free 15-minute call →

Privacy Policy

Last reviewed: June 2026

This policy explains what personal information Psybersafe collects, why, the legal basis we rely on, and what your rights are. It covers this website, psybersafe.com. Our training application has its own privacy notice.

Who we are

The data controller is Psybersafe Ltd, 26 Fuller Way, Steventon, Abingdon, OX13 6FH, United Kingdom. If you have any question about this policy or your data, email [email protected].

Because we offer services to people in the European Union, we have appointed a representative in the EU under Article 27 of the EU GDPR. If you are in the EU, you can contact our representative, Jan Populaire, in Belgium at [email protected].

What we collect

  • Information you give us directly: your name, email address, and anything you tell us when you contact us, request a demo, book a call, or subscribe to our newsletter. If you become a customer we may also hold a postal address and telephone number.
  • Limited technical information about how the site is used (for example the pages visited and approximate location derived from your IP address), gathered through privacy-first, cookieless analytics. See our Cookie Policy.

How we use it, and our legal basis

We use your information to deliver the services you ask for, to run and improve our website, and to respond to your enquiries. In data protection terms, the legal bases we rely on are:

  • To send you our newsletter: your consent. You can withdraw it at any time using the unsubscribe link in any email.
  • To respond to your enquiries, demo requests and call bookings: our legitimate interest in replying to people who get in touch, or taking steps at your request before entering a contract.
  • To deliver our training service to customers: performance of our contract with you or your organisation.
  • To keep the site secure and free of bots: our legitimate interest in protecting the site and its users.
  • To understand how the site is used through cookieless analytics: our legitimate interest in improving the site.

We will not sell your details to any third party, or use your data in any way other than those set out in this policy.

The services we use to run Psybersafe

We use a small number of trusted suppliers to operate the site and deliver our service, and they process some data on our behalf: ActiveCampaign (email and customer records), Cloudflare (website hosting, security and anti-bot protection), Microsoft 365 (our company email), Cal.com (call bookings), Resend (sending transactional emails), and PostHog (cookieless product analytics, hosted in the EU). Each acts under our instructions.

Cookies and analytics

We use privacy-first, cookieless analytics (Cloudflare Web Analytics and PostHog in cookieless mode), so we can understand how the site is used without storing tracking cookies or other identifiers on your device. We do not use Google Analytics, advertising cookies, or cross-site tracking. See our Cookie Policy for detail, including how to opt out of analytics.

Your rights

You have the right to ask us to give you a copy of the personal data we hold about you, to correct it, or to delete it. You can also object to how we use it, ask us to restrict its use, ask for it in a portable format, and, where we rely on your consent, withdraw that consent at any time. To exercise any of these, email [email protected].

If you are unhappy with how we have handled your data, you can complain to the Information Commissioner's Office in the UK (ico.org.uk). If you are in Belgium or the EU, you can complain to the Belgian Data Protection Authority (the Gegevensbeschermingsautoriteit / Autorité de protection des données, gegevensbeschermingsautoriteit.be) or your local supervisory authority.

How long we keep it

  • Learners: for the duration of your employer's contract, after which records are deleted within six months.
  • Partners and suppliers: up to 7 years after the relationship ends.
  • Recruitment candidates: up to 2 years, in case other opportunities arise.
  • Prospective customers: up to 3 years from our last contact.

Where the law requires us to keep certain records for longer (for example for tax or to defend legal claims), we keep only the minimum necessary for that purpose.

International transfers

Some of our suppliers are based outside the United Kingdom and the European Economic Area. Where that is the case we put appropriate safeguards in place so your data receives an equivalent level of protection. For our US-based suppliers this is either the UK-US data bridge (the UK Extension to the EU-US Data Privacy Framework), where the supplier is certified under it, or the UK International Data Transfer Agreement and EU Standard Contractual Clauses.

Changes to this policy

We may update this policy from time to time. The date above shows when it was last reviewed.