Skip to main content
Public website
Public website surface Marketing and explanation content. This is not the canonical authenticated runtime.
Canonical runtime: app.identityfirst.net
Privacy in plain English

Privacy Policy

Last updated: February 2026. ICO Reference ZC031428.

Plain-English summary

We only collect personal data when we need it to answer an enquiry, deliver a service, send a requested update, or understand how the website is being used with consent. We do not sell personal data. We keep it for a defined period and delete it when it is no longer required.

1. Who we are

IdentityFirst Ltd is a UK-based identity security company. Our registered address is in the United Kingdom.

We are registered with the Information Commissioner's Office (ICO) under reference ZC031428.

If you have any questions about this policy or about your personal data, please contact us at mark@identityfirst.net.

2. What data we collect

We collect the following categories of personal data:

  • Contact form submissions — name, work email address, company name, and message content when you contact us via our website.
  • Newsletter subscriptions — email address when you choose to subscribe to our newsletter.
  • Usage analytics — anonymised website usage data such as pages visited and session duration. Analytics are only activated with your consent.

We do not intentionally collect special category data. We do not collect payment card data directly; payments are handled by Stripe.

3. How we use your data

  • To respond to your enquiry and provide the information or service you asked for.
  • To send our newsletter, where you have subscribed and consented.
  • To improve our website and services using anonymised analytics.
  • To fulfil contractual obligations where a service agreement is in place.
  • Legitimate interests — handling enquiries and providing pre-sales information to prospective customers.
  • Consent — newsletter subscriptions and website analytics. You may withdraw consent at any time.
  • Contract performance — where you are an existing customer and we are delivering agreed services.
  • Legal obligation — where we are required to retain records by law.

5. Third parties

We use the following third-party processors:

  • Stripe — payment processing. Stripe is PCI-DSS compliant. We do not store card data.
  • Supabase — newsletter subscriber database. Data is stored in the EU.
  • Google Analytics — website analytics, activated with your consent only.

We do not sell, rent, or share your personal data with any third party for marketing purposes.

6. Retention

  • Enquiry data — retained for 12 months from the date of enquiry, then securely deleted.
  • Newsletter subscriptions — retained until you unsubscribe. You can unsubscribe at any time using the link in any newsletter email.
  • Analytics data — retained for 26 months in anonymised form.

7. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (subject to legal obligations).
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.

To exercise any of these rights, please email mark@identityfirst.net. We will respond within 30 days.

You also have the right to lodge a complaint with the ICO at ico.org.uk.

8. Cookies

We use the following cookies:

  • Essential cookies — required for session management and security. Cannot be disabled.
  • Analytics cookies — used by Google Analytics to understand how visitors use our website. These are only set with your consent via our cookie banner.

We do not use any third-party advertising or tracking cookies.

9. Changes to this policy

We will update this page when our privacy practices change. Material changes will be communicated via a notice on our website. The date at the top of this page reflects the most recent update.

We encourage you to review this policy periodically.