Privacy Policy.

Cazimi Ltd trading as Cazimi Intelligence & Security (“we”, “us”, “our”) is the controller of personal data collected through this website (cazimisecurity.com).

Contact details:

Email: info@cazimisecurity.com

Registered office: 3rd Floor, 86-90 Paul Street, London, EC2A 4NE, United Kingdom.

We are registered as a data controller with the UK Information Commissioner’s Office (ICO). Our ICO registration number is ZC010425.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

The personal data we process through this website is limited to what you give us and what our hosting infrastructure records for security and operations. In practice that means:

Information you provide through the contact form:

• your name;
• organisation and role (optional);
• email address;
• area of interest you select;
• any information you include in the free-text message.

Information you provide through the Intelligence Hub sign-up:

• your first and last name;
• email address;
• organisation (optional);
• your password, which is stored only in hashed form by our authentication provider and is never visible to us in plain text;
• your acknowledgement of this Privacy Policy, your confirmation that you are 18 or older, and your separate marketing-consent choice;
• session metadata stored locally in your browser, used solely to keep you signed into the Hub between visits.

Information you provide through the Intelligence Hub event-code redemption:

• the event-code or trial token you submit. We do not store the code alongside any identifier for you; it is checked against an active value on our server and either accepted or rejected.

Information you provide through the Intelligence Hub suggestion form:

• your name (optional);
• email address;
• the type of embed you are suggesting and your written idea.

Information you provide through the Martyn’s Law tier-checker brief:

• your name and email address;
• organisation and phone number (optional);
• the answers you select while progressing through the on-screen tier-checker flow;
• the indicative tier outcome the checker produces for you;
• a free-text site or event description (where you choose to add one) used to tailor the analyses suggested back to you on screen;
• any further detail you provide about your site or event in the “About your site or event” brief field.

Information you provide through the Local Crime Snapshot tool:

• a UK postcode you enter to generate a snapshot. The postcode is used to call public APIs (postcodes.io and data.police.uk) and to render a confirmatory map. We do not store the postcode on our servers alongside any identifier for you.

Information collected automatically:

• technical request information recorded by our hosting platform (Vercel) such as IP address, user agent, referring page, timestamps, and approximate location derived from IP. This is used for service reliability, abuse prevention, and security;
• where you have given consent through our cookie banner, anonymous page-view and page-speed measurements gathered by Vercel Web Analytics and Vercel Speed Insights. These do not identify you, are not shared with third-party advertising networks, and are described in the “Cookies and similar technologies” section below;
• information you choose to send us by email, phone, or WhatsApp when using the direct-contact details published on the website.

We do not knowingly collect special-category data (such as health, religion, or political opinion) through this website. Please do not submit such information through our forms.

We collect personal data when you:

• complete the contact form or the Intelligence Hub suggestion form;
• complete the Martyn’s Law tier-checker brief and submit it for a free consultation;
• sign up for, redeem an access code into, or sign back into the Intelligence Hub;
• use the Local Crime Snapshot tool (postcode only, not stored alongside your identity);
• request information about the CazimiAtlas™ pre-deployment pack;
• email, call, or message us using the direct-contact details on the site;
• interact with the website, which causes our hosting platform to record standard technical request information.

We use your personal data to:

• respond to enquiries and arrange scoping calls, consultations, or site visits;
• read your Martyn’s Law tier-checker brief before a free consultation, so an analyst can do proportionate open-source pre-reading on the site or event you have described;
• authenticate your access to the Intelligence Hub and keep you signed in across visits;
• evaluate and action suggestions submitted to the Intelligence Hub, and reply to you where relevant;
• return the requested Local Crime Snapshot result to your browser;
• provide information about our services and prepare quotations or proposals, including the CazimiAtlas™ pre-deployment pack;
• maintain business records and correspondence;
• protect our website, systems, and business from misuse, fraud, or security issues;
• comply with legal, tax, or regulatory obligations where applicable.

We do not use your data for advertising, profiling, or automated decision-making.

Under the UK GDPR, we rely on the following lawful bases:

• Legitimate interests: to respond to enquiries, operate the Intelligence Hub and Local Crime Snapshot tools, administer our website, prevent abuse, and run our business efficiently. You have the right to object to processing on this basis;
• Contract: where you ask us to take steps before entering into a contract (for example, a scoping call or written proposal), or where processing is necessary to perform a contract with you;
• Legal obligation: where we must retain or disclose information to comply with applicable law;
• Consent: in the limited cases where we rely on it (for example, future marketing emails). You can withdraw consent at any time without affecting the lawfulness of prior processing.

We share personal data only with the providers who help us run the website and our business. These include:

• Vercel Inc., our hosting and edge-network provider, which processes request data such as IP address and user agent on our behalf, and which provides the optional Vercel Web Analytics and Speed Insights tools we load only with your consent;
• Supabase Inc., our managed database provider, which stores the form submissions you send us (contact-form messages, Intelligence Hub sign-ups, and Martyn’s Law tier-checker briefs). The database itself is hosted in the EU (Frankfurt region);
• Resend Inc., our transactional-email provider, which delivers the notification emails generated when you submit a form, and any direct replies we send you in response;
• our email provider, used for correspondence relating to enquiries, proposals, and the Intelligence Hub once a conversation has been initiated;
• professional advisers (legal, accounting, insurance), where strictly necessary;
• regulators, courts, and law enforcement, where we are legally required to disclose.

Each provider acts as a processor under our instructions and is bound by a data-processing agreement. We do not sell your personal data and we do not share it with advertising networks.

Some pages render content that your browser requests directly from third-party services. When that happens, those providers see your IP address and browser information as part of the technical request. This is standard for any site that embeds maps or external media. The providers we currently load content from are:

• Esri and CARTO, for the satellite and label tiles shown on the counter-terrorism map;
• OpenStreetMap, for the confirmatory postcode map shown within the Local Crime Snapshot;
• Wikimedia Commons, for the national-flag graphics in the By Nation section.

Typefaces used on the site are self-hosted on our own domain so loading the site does not, by itself, send a request to any external font provider.

These providers process request data under their own privacy notices. We do not send them your form submissions, your postcode, or any identifier linking the request to you.

Our live news and counter-terrorism feeds (from gov.uk, the National Cyber Security Centre, Counter Terrorism Policing, GNET, Bellingcat, and similar sources) are fetched by our server, not your browser, so those providers do not see your IP address when you load the Intelligence Hub.

Some of our service providers are headquartered outside the UK, and data may be processed outside the UK or EEA as a result.

• Our managed database (Supabase) is hosted in the EU (Frankfurt region), and is the primary location where form submissions are stored at rest;
• Vercel (hosting and edge network) and Resend (transactional email) are US-headquartered, and may process request and email metadata in the US or other regions;
• Other third-party services listed in this Policy operate to their own published locations.

Where transfers occur, we rely on appropriate safeguards recognised by UK data protection law, including the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, and adequacy decisions where available.

If you would like more information about any such safeguards, please contact us.

We keep personal data only for as long as necessary for the purpose it was collected. Form submissions are stored in our managed database (Supabase) and the corresponding notification email is delivered through Resend. As a guide:

• contact-form, Intelligence Hub sign-up, and Intelligence Hub suggestion submissions: up to 12 months after the last meaningful contact, unless a longer period is needed for a live proposal or active engagement;
• Martyn’s Law tier-checker briefs: up to 12 months after the last meaningful contact, unless a longer period is needed for a live proposal or active engagement. Where you do not progress to an engagement, we delete the brief at the end of that period;
• Intelligence Hub accounts: retained while the account remains active. Closed accounts and the email address used to sign up are deleted within 90 days of closure unless retention is required for fraud prevention or contract performance;
• Local Crime Snapshot postcode inputs: not retained by us once the snapshot is returned. Aggregate request logs (without identifiers) may be kept for up to 30 days for abuse prevention;
• Vercel access and security logs, and Resend email delivery logs: retained in line with each provider’s standard retention periods and then deleted or aggregated;
• client-related records: longer where necessary to perform a contract, maintain business records, or comply with legal, tax, insurance, or regulatory requirements (typically up to 7 years).

We may retain information for longer where required by law or to establish, exercise, or defend legal claims.

Under the UK GDPR you have the right to:

• request access to your personal data;
• request correction of inaccurate or incomplete personal data;
• request erasure of your personal data;
• request restriction of processing;
• object to processing based on legitimate interests or direct marketing;
• request transfer of your personal data in a portable format, where applicable;
• withdraw consent at any time, where we rely on consent;
• lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at info@cazimisecurity.com. We will respond within one month.

If you are in the UK, you can also complain to the Information Commissioner’s Office (ICO) at ico.org.uk. If you are in the EEA, you may contact your local supervisory authority.

We use a minimal set of cookies and browser-storage technologies. We do not use advertising cookies, tracking pixels, or third-party profiling.

Strictly necessary (always on):

• Vercel may set short-lived routing and security cookies needed to deliver the site reliably and protect it from abuse;
• The Intelligence Hub uses local browser storage to remember that you are signed in between visits.

Analytics (off until you accept):

• Vercel Web Analytics records anonymous page-view counts and basic device information so we can see which pages get used. It does not identify you or share data with advertising networks;
• Vercel Speed Insights records page-loading performance metrics so we can keep the site fast.

The first time you visit, we show a banner asking whether you accept these analytics tools. They remain off until you accept. If you press “Decline” or your browser sends a Do Not Track or Global Privacy Control signal, neither tool is loaded at all and no analytics request is sent.

You can change your choice at any time using the Manage cookies link in the footer of any page.

The embedded map tiles and other third-party content described above may also use standard browser storage as part of their normal operation. We do not use these technologies for profiling.

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or disclosure. These include TLS encryption in transit, access controls on our email and hosting accounts, and restricting access to personal data to people who need it to do their job.

No method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

This website is intended for professional audiences and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has submitted personal data through the site, please contact us and we will delete it.

We do not make decisions about you based solely on automated processing, and we do not carry out profiling that produces legal or similarly significant effects on you.

This website may link to third-party websites (for example, news sources cited in the Intelligence Hub). Those sites operate under their own terms and privacy notices, and we are not responsible for their content or data practices.

We may update this Privacy Policy from time to time. Any changes will be posted on this page and the “Last updated” date will be amended accordingly. Where the changes are material, we will take reasonable steps to bring them to your attention.

If you have any questions about this Privacy Policy or how we use your personal data, please contact:

Cazimi Ltd

Email: info@cazimisecurity.com

Address: 3rd Floor, 86-90 Paul Street, London, EC2A 4NE, United Kingdom.

ICO Registration Number: ZC010425