🚀 The world largest AI Scam & Phishing Test
In progress
AMTSO Standard Page

Privacy Policy

Security & Privacy Policy

Last Updated: January 2026

At Artifact Security, we provide specialized services to the security vendor community. We recognize that our clients operate in high-stakes environments where data integrity and confidentiality are paramount. This policy outlines our commitment to protecting the data entrusted to us and explains our privacy practices in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Artifact Security Ltd is registered in England and Wales under company number 16044234, registered office: International House, 109-111 Fulham Palace Road, London, United Kingdom, W6 8JA. The company is registered on the Information Commissioner’s Office Register, ZC044539. Our DPO can be contacted via privacy@artifactsecurity.co.uk.

1. Who We Are

Artifact Security is a UK-based provider of security services. Our mission is to support security vendors with high-quality, specialized expertise. For the purposes of data protection law, we act as a "Data Controller" for the personal information we collect about you and a "Data Processor" when we handle data on behalf of our clients.

2. Our Commitment to Security

Artifact Security maintains an Information Security Management System (ISMS) designed to align with the ISO 27001:2022 standard. Our security posture is built on a foundation of proactive risk management and continuous improvement.

Core Technical Controls
  • Data Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
  • Identity & Access Management: We enforce the Principle of Least Privilege. Multi-Factor Authentication (MFA) is mandatory for all internal and client-facing systems.
  • Endpoint Protection: All company-managed devices are hardened with Full Disk Encryption (FDE) and managed via centralized Mobile Device Management (MDM).
  • Zero-Root Policy: We strictly prohibit direct login via system-level accounts (e.g., "root" or "administrator"). All administrative actions are performed through named accounts and are fully audited.
  • Client Offboarding: We guarantee the revocation of all project-specific access rights within 24 hours of engagement completion.

3. How We Collect Information

We obtain information about you when you use our website, contact us about services, or through the course of a professional engagement. This may include:

  • Information you give us: When you fill in forms on our website or correspond with us by contact form or email.
    • Information we collect: Name, Business Email address
  • Information we collect automatically: Technical details such as your IP address, browser type, and operating system when you visit our site.
  • Information from third parties: We may receive information from professional networking sites or industry partners.

4. How Your Information is Used

We may use your information to:

  • Carry out our obligations arising from any contracts entered into by you and us.
  • Seek your views or comments on the services we provide.
  • Notify you of changes to our services.
  • Send you communications which you have requested or that may be of interest to you.
  • Ensure the security and integrity of our network and service environments.

5. Privacy & Data Governance

As a UK-based organization, we prioritize data sovereignty and minimal processing.

Data Residency & Transfers
  • UK-First Approach: Artifact Security prioritizes data residency within the United Kingdom.
  • International Transfers: Where data must be processed outside the UK, we ensure equivalent protection through UK Adequacy Regulations or the International Data Transfer Agreement (IDTA).
Retention and Deletion

We do not hold data longer than necessary.

  • Engagement Data: Deleted within 30 days of contract termination or project completion.
  • Legal/Tax Records: Retained for 6 years in compliance with UK statutory requirements.
  • Secure Purging: We utilize cryptographic erasure and certified cloud deletion protocols to ensure data cannot be recovered once deleted.

6. Your Rights and Choices

Under the UK GDPR, you have significant rights regarding your personal information:

  • Access: You can request a copy of the information we hold about you.
  • Rectification: You can ask us to correct or remove information you think is inaccurate.
  • Erasure: You can ask us to delete your personal data.
  • Object: You can object to our processing of your personal data for marketing or other purposes.
Cookies

Like many other websites, the Artifact Security website uses cookies. 'Cookies' are small pieces of information sent by an organization to your computer and stored on your hard drive to allow that website to recognize you when you visit. They help us improve our website and deliver a better, more personalized service. You may switch off cookies by setting your browser preferences.

7. Transparency & Incident Management

We believe in total transparency. In the event of a confirmed data breach, Artifact Security follows a rigorous incident response protocol. We notify the Information Commissioner’s Office (ICO) within 72 hours where required and inform affected clients without undue delay.

8. Links to Other Websites

Our website may contain links to other websites run by other organizations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit.

9. Contact Us

For any inquiries regarding our security practices or to exercise your privacy rights, please contact our DPO officer at privacy@artifactsecurity.co.uk

‍

Logo
Our Cyber Newsletter - summaries that cut through the noise.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Our community
Linkedin
X
Substack
Our Blog
© 2026 Artifact Security. All rights reserved.
TermsCookies