Privacy Policy

Who We Are

OFFCEPT is an offensive security company providing penetration testing, red team operations, adversary simulation, threat intelligence, and vulnerability research services.

References to "OFFCEPT", "we", "us", or "our" in this policy refer to the OFFCEPT entity with whom you have engaged or whose website you are accessing.

Data We Collect

Contact data: name, email address, job title, company name, and phone number submitted via our contact form or in the course of engagement scoping.

Engagement data: technical information necessarily collected during the performance of contracted security services, including IP addresses, system identifiers, and credentials provided in-scope.

Usage data: standard web server logs, including IP addresses, browser type, pages visited, and referral sources. We do not use third-party tracking scripts.

Communication data: content of emails, calls, or messages exchanged with our team.

How We Use Your Data

To deliver contracted security services and communicate with you throughout engagements.

To respond to enquiries submitted through our contact form.

To manage our business relationship, including invoicing and contractual obligations.

To comply with applicable legal obligations.

We do not sell, rent, or trade your personal data to third parties. We do not use your data for marketing unless you have expressly requested to receive communications from us.

Legal Basis for Processing

Contract performance: processing necessary to deliver the security services you have contracted with us.

Legitimate interests: responding to enquiries, maintaining the security of our systems, and improving our services.

Legal obligation: compliance with applicable laws and regulations.

Consent: where you have explicitly provided consent for a specific processing activity.

Data Retention

Contact and engagement data is retained for the duration of our business relationship plus seven years to meet legal and contractual obligations.

Engagement artefacts — penetration test reports, red team deliverables, and vulnerability research — are retained per the terms agreed in your engagement contract and destroyed upon expiry of that period.

Web server logs are retained for no longer than 90 days.

Data Security

We apply technical and organisational security measures appropriate to the sensitivity of the data we hold. Engagement data and client deliverables are encrypted at rest and in transit.

Access to client data is restricted to personnel directly involved in your engagement. All staff operate under confidentiality obligations.

In the event of a data breach affecting your personal data, we will notify you in accordance with applicable regulatory requirements.

Your Rights

Subject to applicable law, you have the right to: access the personal data we hold about you; rectify inaccurate data; request erasure of your data where no legitimate retention basis applies; object to or restrict processing; and receive your data in a portable format.

To exercise any of these rights, contact us at contact@offcept.com. We will respond within 30 days.

Cookies

This website does not use advertising or analytics cookies. We may set strictly necessary session cookies for form functionality. No third-party tracking scripts are loaded.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to active clients via email. The current version is always available at this URL.

Contact

For data protection enquiries, contact us at contact@offcept.com.