Privacy Policy

Privacy Policy

1. Introduction

Dr Speffle Cyber Resilience Ltd (“we”, “us”, “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

This website is intended for general information, research dissemination, and client communication regarding cyber resilience, consultancy services, technical documentation, and academic work.

2. What Data We Collect

We may collect and process:

2.1 Information you provide directly

  • Contact form submissions (name, email address, message contents)
  • Email correspondence
  • Consultancy enquiries
  • Optional Newsletter signup (if enabled)

2.2 Automatically collected technical data

Through cookies, analytics, and security plugins:

  • IP address (for security + anti-spam protection)
  • Browser type/version
  • Device information
  • Pages viewed and time spent
  • Referring website
  • Error logs and security events

2.3 Plugin-related data

Our website uses several security, SEO, analytics, and performance plugins. These plugins may process limited technical data to function correctly. We only use reputable, security-focused plugins and do not allow third-party advertising or behavioural tracking.

Below is a full list of plugins that may process technical or personal data:

🔐 Security & Anti-Malware Plugins

Anti-Malware Security and Brute-Force Firewall

  • IP address
  • User-agent
  • URL request patterns
  • Suspicious activity logs
  • Malware scanning
  • Threat detection
  • Firewall defence
    Lawful basis: Legitimate Interests (website security)

Limit Login Attempts Reloaded

  • IP address
  • Failed login attempts
  • Username entered (if provided)
  • Brute-force protection
    Lawful basis: Legitimate Interests (security & fraud prevention)

WP Armour – Honeypot Anti-Spam

  • Form submission metadata
    Purpose:
  • Spam prevention
    Lawful basis: Legitimate Interests

WP fail2ban & WP fail2ban Blocklist

  • IP address
  • Login events
  • Core WordPress activity logs
    Purpose:
  • Logging security events to system logs
  • Automatic blocklist integration
    Lawful basis: Legitimate Interests (security monitoring)

🛡 Access Restriction Plugins

Password Protect WordPress Lite

  • Password validation attempts
  • User roles (if logged in)
    Purpose:
  • Restricting access to certain pages
    Lawful basis: Legitimate Interests (site management)

Performance Plugins

WP Fastest Cache

  • Anonymous cached page data
    Purpose:
  • Improve website loading speed
    Lawful basis: Legitimate Interests (performance optimisation)

📈 Analytics & SEO Tools

Site Kit by Google

  • IP address (anonymised)
  • Page views
  • Browser/device info
  • Referrer
    Purpose:
  • Analytics
  • Search Console performance
  • Page speed measurement
    Lawful basis: Consent (for non-essential analytics cookies)

Rank Math SEO

  • Structured data about posts (not personal data)
  • Search engine metadata
    Purpose:
  • SEO optimisation
    Lawful basis: Legitimate Interests (site discoverability)

CrawlWP SEO – Instant Indexing

  • Post metadata
  • URL indexing requests
    Purpose:
  • Faster search engine indexing
    Lawful basis: Legitimate Interests

Instant Indexing (Rank Math)

  • URLs submitted for indexing
    Purpose:
  • Search engine submission
    Lawful basis: Legitimate Interests

🎨 Design & Presentation Plugins

Favicon by RealFaviconGenerator

  • No personal data
  • Providing device-specific favicons

Under Construction

  • Visitor role (logged in/not logged in)
  • Display maintenance or “under construction” page

🧩 Summary of Plugin Data Processing

Across all plugins, typical data processed may include:

  • IP address
  • Browser and device info
  • Request URLs
  • Security logs and error logs
  • Login attempts
  • Anonymous analytics events
  • Metadata related to posts or pages

No plugin is used for behavioural advertising or third-party marketing.

All data is processed under:

  • Legitimate Interests (security, analytics, performance)
  • Consent (analytics cookies)
  • Contractual necessity (forms or communication)

You can request a list of active plugins at any time.

3. How We Use Your Data

We use your data for:

  • Responding to enquiries
  • Providing consultancy services (when requested)
  • Security monitoring and threat prevention
  • Improving website content and performance
  • Understanding visitor engagement
  • Fulfilling legal or regulatory requirements

We do not sell, rent, or trade your personal data.

4. Legal Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Legitimate interests (website security, analytics, communication)
  • Contractual necessity (responding to consultancy requests)
  • Consent (newsletter sign-ups, optional cookies)
  • Legal obligation (accounting and compliance)

5. Cookies and Tracking

This website may use essential and optional cookies.

Essential cookies

Required for:

  • Security
  • Login sessions
  • Page performance

Non-essential cookies

Used only with consent for:

  • Analytics
  • Performance metrics
  • User behaviour insights

You can manage cookies via your browser or our cookie banner.

6. Data Sharing and Transfers

We may share data with:

  • Website hosting providers
  • Security and anti-spam services
  • Analytics platforms
  • Professional service providers (legal/accounting)

7. Data Retention

We retain data only as long as necessary:

  • Contact form submissions: up to 12 months
  • Security logs: 30–90 days
  • Analytics data: as configured in your analytics tool
  • Client contract data: 6–7 years (legal requirement)

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Request data portability

Please use the contact form to exercise these rights.

9. How We Protect Your Data

We implement:

  • Server-level security controls
  • SSL/TLS encryption
  • Firewall and intrusion monitoring
  • Regular updates to plugins and themes
  • Principle of least privilege
  • Encrypted communication pathways

For more detail, see our Cyber Resilience section.

10. Third-Party Links

This website may contain external links (e.g., GitHub, Medium, LinkedIn).
We are not responsible for their privacy practices.

11. Changes to This Policy

We may update this policy periodically.
Changes will be posted on this page with a revised “Last updated” date.

12. Contact Information

If you have any questions or concerns, contact:

Dr Speffle Cyber Resilience Ltd