Privacy Policy

Keyrios (“Keyrios”, “we”, “our”, or “us”) is an intelligence-led security company providing crime intelligence, cybersecurity operations, digital forensics, and application security services. Our registered correspondence address is available on request at contact@keyrios.com.

We act as the data controller in respect of personal data you provide directly to us via our website or in connection with an engagement. Where we process personal data on behalf of a client as part of a service delivery arrangement, we act as a data processor under the terms of that engagement.

We collect and process the following categories of information:

• Contact and identity information: name, email address, phone number, job title, and organisation name provided when you contact us, request a briefing, or enter into an engagement.
• Engagement data: information shared during the course of an advisory, investigative, or technical engagement — including documentation, system access credentials (where required), and case-related materials.
• Technical data: IP addresses, browser type and version, device type, and usage data collected automatically when you visit keyrios.com.
• Communications: records of correspondence between you and Keyrios, including email, meeting notes, and engagement reports.
• Intelligence data: in the context of crime intelligence or threat monitoring services, we may process information relating to named or identifiable individuals as part of threat analysis — governed strictly by the terms of each engagement.

We do not collect sensitive personal data (such as biometric, health, or political opinion data) through our website. Processing of such data in the context of a forensics or investigative engagement is governed by a separate Data Processing Agreement and applicable legal authorisation.

We use your information for the following purposes:

• To respond to enquiries, schedule briefings, and communicate with you about potential or active engagements.
• To deliver contracted services — including intelligence products, security assessments, forensics reports, and application security reviews.
• To manage our business relationships, including invoicing, contract management, and compliance obligations.
• To improve our website and services, including understanding how visitors engage with keyrios.com.
• To comply with applicable law, court orders, or the directions of a competent authority.

Our legal bases for processing include: contract performance (where processing is necessary to deliver a service you have engaged us for), legitimate interests (where processing is proportionate and you would reasonably expect it), compliance with a legal obligation, and — where required — your explicit consent.

All client data, engagement materials, and intelligence outputs are treated as strictly confidential. Access is restricted to personnel with a legitimate need in connection with the relevant engagement. We operate data compartmentalisation protocols ensuring that no client data is shared with or accessible by other clients.

We implement technical and organisational security measures including encryption at rest and in transit, access controls, audit logging, and regular security testing of our own infrastructure. We are able to operate in air-gapped or secure environments on request.

In the event of a personal data breach affecting your data, we will notify you without undue delay and, where required by applicable law, notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

We do not sell, rent, or trade your personal data. We may share data in the following limited circumstances:

• With sub-processors engaged to assist in service delivery (e.g. secure cloud storage providers), under equivalent contractual protections.
• With professional advisers (lawyers, auditors) under confidentiality obligations.
• Where required by applicable law, regulation, or a valid legal process — such as a court order or regulator demand. We will, where legally permissible, notify you before complying.
• In the context of a business transfer or merger, where data would transfer to the successor entity under the same protections.

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law or professional obligations. Engagement data — including reports, case files, and forensic materials — is retained for a minimum of seven years following completion of an engagement to meet our legal and professional indemnity obligations, unless a shorter retention period is agreed in writing.

Website enquiry data is retained for up to 24 months from last contact. You may request earlier deletion at any time subject to our legal retention obligations.

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request erasure of your personal data where there is no legitimate basis for continued processing.
• Object to or restrict certain processing activities.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us at contact@keyrios.com. We will respond within 30 days. If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

Our website may use essential cookies to ensure basic functionality. We do not currently use third-party advertising or tracking cookies. Where we use analytics tooling, it is configured to anonymise IP addresses and not share data with third parties for advertising purposes.

You can control cookie preferences through your browser settings. Disabling cookies may affect certain website functionality.

Keyrios operates internationally. Where personal data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place — including standard contractual clauses approved by the relevant authority, or transfers to jurisdictions deemed adequate by applicable law.

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data practices. Material changes will be notified via our website. The “Last updated” date at the top of this page reflects the most recent revision.

Continued use of our website or services after a material update constitutes acceptance of the revised policy.

For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact us at:

Keyrios
contact@keyrios.com