Last updated: 03 February 2026.
Hexiosec Ltd (“Hexiosec”, “we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy.
This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website, use our products or services, or otherwise interact with us.
If you have any questions about this policy or how we handle your personal data, please contact us.
1. Who we are
Hexiosec Ltd is a company registered in England and Wales (Company No. 11223788) with its registered office at:
Eagle Tower
Montpellier Drive
Cheltenham
Gloucestershire
GL50 1TA
United Kingdom
For the purposes of UK data protection law, Hexiosec Ltd is the data controller of the personal data described in this policy, unless stated otherwise.
2. The personal data we collect
We may collect and process the following categories of personal data.
2.1 Information you provide to us
You may give us personal data when you:
- Contact us via our website, email or phone
- Request information about our products or services
- Register for or use a Hexiosec service
- Subscribe to marketing communications
- Participate in events, webinars or surveys
This information may include:
- Name
- Job title
- Company name
- Email address
- Telephone number
- Account credentials (where you create an account)
- Any other information you choose to provide
You are responsible for ensuring that the information you provide is accurate and kept up to date.
2.2 Payment information
If you purchase services from us, payment card details are processed securely by our payment provider, Stripe. We do not store full payment card numbers on our own systems.
You can view Stripe’s privacy policy on their website.
2.3 Information collected automatically
When you use our website or services, we automatically collect certain technical and usage information, such as:
- IP address
- Browser type and version
- Device type and operating system
- Pages visited and actions taken on our website
- Dates and times of access
- Referring URLs
This data does not directly identify you but may be linked to you where you log in or submit information.
3. Cookies
We use cookies to operate our website and improve our services. Some cookies are essential, while others are optional and used only with your consent.
3.1 Analytics and performance cookies
With your consent, we use:
- Google Analytics to understand how visitors use our website
- Google Tag Manager to manage analytics and advertising tags in line with your cookie choices
- Hotjar to analyse user behaviour and improve usability
- HubSpot to measure website performance and marketing effectiveness
These tools collect aggregated or pseudonymised information about how users interact with our site.
3.2 Advertising and tracking cookies
With your consent, we use the LinkedIn Insight Tag to help measure and improve the effectiveness of our advertising.
3.3 Cookie categories and updating your cookie preferences
Our cookie banner and settings include the following optional cookie categories:
- Performance and Analytics cookies: These cookies collect information about how our website is used and how well it performs. This data is anonymous and cannot be used to identify you.
- Advertisement and Targeting cookies: These cookies are designed to improve the relevance of the ads you see by uniquely identifying your browser and internet device. It is important to note that these cookies do not store personal information directly.
Cookies used for Google Analytics, Hotjar and HubSpot are only set if you accept the ‘Performance and Analytics cookies’ category. LinkedIn tracking cookies are only set if you accept the ‘Advertisement and Targeting cookies’ category.
For Google tags (including Google Analytics and tags managed through Google Tag Manager), we pass consent signals for both categories:
- Performance and Analytics cookies controls analytics consent.
- Advertisement and Targeting cookies controls advertising and personalization consent.
You can update your preferences at any time using the cookie settings controls on our Website.
4. How we use your personal data
We use personal data for the following purposes and lawful bases:
| Purpose | Lawful basis |
|---|---|
| To respond to enquiries and provide information about our services | Legitimate interests (running and growing our business) |
| To provide and manage our services and customer accounts | Performance of a contract |
| To send service-related communications (e.g. security, updates, billing) | Performance of a contract / Legal obligation |
| To improve our website, services and security | Legitimate interests |
| To send marketing communications | Consent (where required) or legitimate interests (B2B marketing) |
| To comply with legal and regulatory obligations | Legal obligation |
| To prevent fraud and maintain security | Legitimate interests |
We only process personal data where we have a valid legal basis to do so.
5. How we share your personal data
We do not sell your personal data.
We may share your personal data with trusted third parties where necessary, including:
- Cloud hosting and infrastructure providers
- Payment processors
- Analytics and marketing service providers
- Professional advisers (e.g. legal, accounting)
All third-party service providers are required to protect your data and only process it in accordance with our instructions and applicable data protection laws.
We may also disclose personal data if required by law or to protect our legal rights.
6. How long we keep your data
We retain personal data only for as long as necessary for the purposes set out in this policy, including to meet legal, regulatory, tax, accounting or reporting requirements.
When personal data is no longer needed, we securely delete or anonymise it.
7. How we keep your data secure
We implement appropriate technical and organisational security measures designed to protect personal data against accidental loss, unauthorised access, alteration or disclosure.
However, no system can be guaranteed to be completely secure. You are responsible for keeping your own devices and account credentials secure.
8. Children’s privacy
Our services are not directed at children under 18, and we do not knowingly collect personal data from children.
If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.
9. Your privacy rights?
In some regions (like the EEA and UK), you have certain rights under applicable data protection laws. These may include the right to:
- request access and obtain a copy of your personal information
- request rectification of your personal information
- request erasure of your personal information
- restrict the processing of your personal information
- data portability to transfer your personal information to another company
In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
9.1. Account Information
If you would at any time like to review or change the information in any account associated with a Hexiosec Service or to terminate an account. Depending on the account management functionality provided by the Service, you can either:
- Log in to your account settings and update your user account
- Contact Hexiosec with instructions to update your account
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with applicable legal requirements.
9.2. Opting out of email marketing
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that we think may be of interest to you.
You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list.
We may still communicate with you, for example to send you service-related emails, which are not marketing, and are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
10. Do not track
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
11. Changes to this policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website with the updated revision date.
12. Contact details
If you have questions about this Privacy Policy or how we handle your personal data, please contact us:
Hexiosec Ltd
Eagle Tower
Montpellier Drive
Cheltenham
Gloucestershire
GL50 1TA
United Kingdom
Email: [email protected]
Phone: +44 1242 474970