Skip to main content
Privacy

Privacy Policy

Last updated: February 2026. ICO Reference ZC031428.

1. Who we are

IdentityFirst Ltd is a UK-based enterprise identity security company. Our registered address is in the United Kingdom.

We are registered with the Information Commissioner's Office (ICO) under reference ZC031428.

If you have any questions about this policy or about your personal data, please contact us at mark@identityfirst.net.

2. What data we collect

We collect the following categories of personal data:

  • Contact form submissions — name, email address, company name, and message content when you contact us via our website.
  • Newsletter subscriptions — email address when you subscribe to our newsletter.
  • Usage analytics — anonymised website usage data (pages visited, session duration). Analytics are only activated with your consent.

We do not collect special category data. We do not collect payment card data directly; payments are handled by Stripe.

3. How we use your data

  • To respond to your enquiries and provide the services you have requested.
  • To send our newsletter, where you have subscribed and consented.
  • To improve our website and services through anonymised analytics.
  • To fulfil contractual obligations where a service agreement is in place.
  • Legitimate interests — handling enquiries and providing pre-sales information to prospective customers.
  • Consent — newsletter subscriptions and website analytics. You may withdraw consent at any time.
  • Contract performance — where you are an existing customer and we are delivering agreed services.
  • Legal obligation — where we are required to retain records by law.

5. Third parties

We use the following third-party processors:

  • Stripe — payment processing. Stripe is PCI-DSS compliant. We do not store card data.
  • Supabase — newsletter subscriber database. Data stored in the EU.
  • Google Analytics — website analytics, activated with your consent only.

We do not sell, rent, or share your personal data with any third party for marketing purposes.

6. Retention

  • Enquiry data — retained for 12 months from the date of enquiry, then securely deleted.
  • Newsletter subscriptions — retained until you unsubscribe. You can unsubscribe at any time using the link in any newsletter email.
  • Analytics data — retained for 26 months in anonymised form.

7. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (subject to legal obligations).
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.

To exercise any of these rights, please email mark@identityfirst.net. We will respond within 30 days.

You also have the right to lodge a complaint with the ICO at ico.org.uk.

8. Cookies

We use the following cookies:

  • Essential cookies — required for session management and security. Cannot be disabled.
  • Analytics cookies — used by Google Analytics to understand how visitors use our website. These are only set with your consent via our cookie banner.

We do not use any third-party advertising or tracking cookies.

9. Changes to this policy

We will update this page when our privacy practices change. Material changes will be communicated via a notice on our website. The date at the top of this page reflects the most recent update.

We encourage you to review this policy periodically.