Privacy Policy

1. Who we are

Corven Security ("Corven", "we", "us", "our") is an offensive security consultancy. Our website is corvensecurity.com. For any privacy-related questions, contact us at [email protected].

2. What data we collect

Contact form submissions

When you submit an enquiry via our contact form, we collect:

• Your name
• Your company name
• Your email address
• The type of engagement you are interested in
• Any information you choose to include in the description field

Website analytics

If we use analytics tools (such as Plausible or Google Analytics), we may collect anonymised usage data including pages visited, time on site, referral source, and approximate geographic region. No personally identifiable information is collected at this level.

Cookies

Our website uses a single functional cookie to remember your language preference (corven_lang). This cookie contains no personal data and is stored only in your browser's local storage. We do not use advertising or tracking cookies.

3. How we use your data

We use the information you provide exclusively to:

• Respond to your enquiry and arrange a scoping call
• Send you a proposal relevant to your stated requirements
• Fulfil any engagement you contract us for

We do not use your contact data for unsolicited marketing. We will not add you to a mailing list without your explicit consent.

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

• Legitimate interests — responding to a direct enquiry you have initiated
• Contractual necessity — processing data required to fulfil a signed engagement
• Legal obligation — retaining records as required by applicable law

5. Who we share your data with

We do not sell, rent, or trade your personal data. We may share data with the following sub-processors solely to deliver our services:

• Formspree — form submission delivery (formspree.io). Data is transmitted over TLS and held only as long as necessary to route your enquiry to our inbox.
• Email providers — your enquiry is received in our secure business email inbox.

We will disclose personal data if required to do so by law or in response to a valid legal process.

6. Data retention

Enquiry data is retained for a maximum of 24 months from the date of submission, or for the duration of any active engagement plus 36 months for legal and contractual purposes. You may request deletion at any time (see Section 8).

7. Data security

All data in transit is encrypted using TLS 1.2 or higher. We apply the same security standards to our own infrastructure that we recommend to our clients. Access to contact data is restricted to authorised personnel only.

8. Your rights

Under GDPR and applicable data protection law, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data ("right to be forgotten")
• Restriction — request that we limit processing of your data
• Portability — request your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests

To exercise any of these rights, email [email protected] with the subject line "Data Request". We will respond within 30 days.

9. International transfers

Our primary operations are based in the European Union. If any data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Article 46, including Standard Contractual Clauses where applicable.

10. Children's data

Our services are directed exclusively at business professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, contact us immediately at [email protected].

11. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page indicates when it was last revised. Continued use of our website after any change constitutes acceptance of the updated policy.

12. Contact

For any questions regarding this privacy policy or our data practices: