Privacy Policy
Last updated: 16 May 2026
Encrisoft Technologies Ltd ("Encrisoft", "we", "our" or "us") respects privacy and is committed to protecting personal data processed through our websites, platforms, APIs, products, customer portals and related services. This Privacy Policy explains how we collect, use, store, share and protect personal data when individuals, organisations, customers, authorised users, prospects, partners and website visitors interact with Encrisoft services.
This Policy applies globally, including to users and organisations in the United Kingdom, the European Economic Area and European Union, Nigeria and other African jurisdictions. Where local data protection laws provide additional or stronger rights, Encrisoft will apply those rights where they apply to the relevant processing activity.
Encrisoft - Cybersecurity. Reimagined.
1.1 Who We Are
Encrisoft Technologies Ltd, company number 16341267, registered office 124-128 City Road, London, EC1V 2NX, United Kingdom.
Privacy enquiries may be sent to privacy@encrisoft.com. Security and vulnerability reports may be sent to security@encrisoft.com. General support enquiries may be sent to support@encrisoft.com.
1.2 Services Covered
This Policy applies to Encrisoft websites, portals, cloud-hosted applications, APIs, integrations, developer services, product demonstrations, waitlists, events, customer support, marketing and business operations. This includes Encrisoft Alerta, LearnSims, Radar, Comply, Peveta and future Encrisoft products.
Alerta-specific examples include alert content, routing rules, notification preferences, API usage, integration events, organisation workspaces, audit logs, webhook activity, support tickets and dashboard activity.
1.3 Controller and Processor Roles
Encrisoft acts as a data controller when it decides why and how personal data is processed for its own business purposes, such as account administration, website operation, billing, sales, marketing, security monitoring, support, product improvement and legal compliance.
Encrisoft acts as a processor, service provider or equivalent role when it processes customer-controlled data on behalf of a customer organisation under that customer's instructions. This can include alert payloads, organisation workspace content, integration data, customer-configured notification flows, compliance evidence and API records that a customer chooses to submit to or route through Encrisoft services.
Where a customer organisation is the controller of personal data, that customer is responsible for providing its own privacy notice and ensuring it has a lawful basis for using Encrisoft services with that data. Encrisoft's processing as processor is governed by the applicable customer agreement, Data Processing Agreement or written processing terms.
1.4 Personal Data We Collect
| Category | Examples |
|---|---|
| Account and identity data | Name, email address, organisation name, role/title, account identifiers, authentication records and user preferences. |
| Customer and sales data | Product enquiries, demo requests, waitlist entries, onboarding information, partnership communications and customer relationship records. |
| Billing and commercial data | Billing contact, invoice records, subscription plan, transaction reference and payment status. Sensitive payment card details are processed by authorised payment providers rather than stored by Encrisoft unless expressly stated in a separate agreement. |
| Alerta and product data | Alerts, notification rules, escalation settings, channel preferences, integration metadata, API events, webhook logs, workspace configuration and customer-submitted operational content. |
| Support and communications data | Support tickets, emails, chat messages, surveys, feedback and customer success records. |
| Security and log data | IP address, login activity, authentication attempts, session events, audit logs, API access records, error logs and security monitoring information. |
| Device and usage data | Browser, device type, operating system, language, approximate location derived from IP address, pages viewed, features used and product usage metrics. |
| Google Analytics data | Website and product analytics events, page views, referrer data, session information, device/browser information and analytics identifiers set by Google Analytics where consent and local law permit. |
| Third-party integration data | Data received through authorised authentication providers, notification channels, payment providers, infrastructure providers, analytics tools, connected APIs and business partners. |
Users and customer organisations must not submit special category data, children's data, payment card data, health data, biometric data or similarly sensitive information into Encrisoft products unless the relevant contract and product configuration expressly permit that processing and the customer has a lawful basis to do so.
1.5 How We Use Personal Data and Our Lawful Bases
| Purpose | Examples | Typical lawful basis |
|---|---|---|
| Service delivery | Create accounts, authenticate users, operate dashboards, route alerts, manage APIs and deliver platform functionality. | Contractual necessity; legitimate interests; customer instructions where Encrisoft acts as processor. |
| Alerta alerting and integrations | Process alert payloads, routing rules, notifications, API calls, webhooks and connected services. | Customer instructions where Encrisoft acts as processor; contractual necessity for customer account services. |
| Security and fraud prevention | Monitor login activity, investigate abuse, protect infrastructure, maintain audit logs and respond to vulnerabilities. | Legitimate interests; legal obligation where applicable. |
| Billing and account administration | Manage subscriptions, invoices, payment status, renewals, credits and account records. | Contractual necessity; legal obligation for tax/accounting records. |
| Customer support | Respond to requests, troubleshoot issues, manage customer success and improve service reliability. | Contractual necessity; legitimate interests. |
| Product improvement | Analyse usage patterns, performance, errors and feature adoption to improve services. | Legitimate interests; consent where non-essential analytics cookies or similar technologies are used. |
| Google Analytics | Measure website traffic, product engagement, referrers and campaign performance. | Consent where required for analytics cookies or similar technologies; legitimate interests only where local law permits and no non-essential storage is used without consent. |
| Marketing communications | Send newsletters, event invitations, product updates and business communications. | Consent where required; legitimate interests for relevant B2B communications where local law permits and users can opt out. |
| Legal and compliance | Maintain records, respond to lawful requests, enforce terms and manage disputes. | Legal obligation; legitimate interests. |
1.6 Google Analytics and Similar Technologies
Encrisoft uses Google Analytics to understand how visitors and authorised users interact with our websites and, where implemented, selected product experiences. Google Analytics may use cookies such as _ga and _ga_* to distinguish users and persist session state. These cookies are treated as non-essential analytics cookies and are not required for the basic operation of Encrisoft services.
For visitors in the UK, EEA/EU, Switzerland and other jurisdictions requiring prior consent, Encrisoft will request consent before setting non-essential Google Analytics cookies. For Nigeria and wider African audiences, Encrisoft applies a consent-first approach as a trust baseline where analytics cookies, local storage or similar technologies are used for non-essential analytics.
Users can reject or withdraw non-essential analytics consent through available cookie controls. Browser-level controls and Google's own privacy tools may also affect how Google Analytics operates.
1.7 Sharing Personal Data
Encrisoft does not sell personal data. We may share personal data with trusted providers where necessary to operate, secure, support, improve and administer our services.
- Infrastructure and hosting providers.
- Authentication, email, notification and communication providers.
- Payment and billing providers.
- Monitoring, security, analytics and diagnostics providers, including Google Analytics where used.
- Professional advisers, auditors and legal advisers.
- Regulators, courts, law enforcement or public authorities where legally required.
- Business counterparties in connection with a merger, acquisition, investment, restructuring or sale of assets, subject to appropriate safeguards.
Encrisoft maintains vendor and subprocessor governance proportionate to the sensitivity of the processing. A public subprocessor list is maintained for customer-facing processor services.
1.8 International Transfers
Encrisoft may process and transfer personal data across the UK, EEA/EU, Nigeria, other African countries and other locations where Encrisoft, its providers or customers operate. Where international transfer safeguards are required, Encrisoft will use appropriate mechanisms such as adequacy arrangements, the UK International Data Transfer Agreement, UK Addendum, EU Standard Contractual Clauses, contractual safeguards, risk assessments and equivalent measures required by applicable local law.
1.9 Retention
| Data type | Retention approach |
|---|---|
| Account records | Retained while the account is active and for up to 7 years after closure where needed for contractual, dispute, tax or audit purposes. |
| Billing and invoice records | Retained for up to 7 years to support accounting, tax and legal obligations. |
| Security logs and audit trails | Usually retained for 12 to 24 months, and longer where needed for investigation, compliance, litigation hold or customer contract requirements. |
| Alerta alert and workspace data | Retained according to the customer's product plan, configuration, contract and deletion settings; deleted or anonymised after termination unless retention is legally or contractually required. |
| Backups | Retained on a rolling basis, normally between 35 and 90 days, unless a longer recovery or legal hold period applies. |
| Support tickets and communications | Retained for up to 7 years where needed for support history, contractual records, quality assurance and dispute management. |
| Marketing records | Retained until opt-out, withdrawal of consent, account deletion request or 24 months of inactivity, unless a longer legal or suppression-list record is required. |
| Google Analytics data | Retained according to Google Analytics property settings and Encrisoft's analytics configuration, with non-essential analytics subject to consent controls where required. |
1.10 Your Rights
Depending on where you are located and the role Encrisoft plays in the processing, you may have rights to access, correct, delete, restrict, object to processing, withdraw consent, request portability and complain to a supervisory authority. These rights may differ under UK GDPR, EU GDPR, the Nigeria Data Protection Act 2023 and other African data protection laws.
Requests can be sent to privacy@encrisoft.com. Encrisoft may verify identity before acting on a request. Where Encrisoft acts as processor for a customer organisation, Encrisoft may direct the request to that customer or assist the customer in responding.
UK individuals may complain to the Information Commissioner's Office. EEA/EU individuals may complain to their local data protection authority. Nigerian individuals may contact the Nigeria Data Protection Commission. Individuals in other African jurisdictions may contact their local data protection or privacy authority where one exists.
1.11 Security
Encrisoft uses technical and organisational safeguards designed to protect personal data, including encryption in transit, access controls, authentication controls, logging, monitoring, secure development practices, vulnerability management, backup and recovery measures and vendor governance. No system can be guaranteed completely secure, and users are responsible for protecting their credentials, integrations and customer-side configurations.
1.12 Automated Decision-Making
Encrisoft does not use personal data for solely automated decisions that produce legal or similarly significant effects on individuals through the public websites or standard Alerta service. If this changes, Encrisoft will update this Policy and provide additional information where required.
1.13 Children
Encrisoft services are intended for business, professional, organisational and authorised-user use. They are not directed at children. Encrisoft does not knowingly collect children's personal data through the services without appropriate authority or legal basis.
1.14 Changes
Encrisoft may update this Policy to reflect product, legal, security, vendor or operational changes. Material changes will be published through Encrisoft websites or services and, where required, communicated directly to affected customers or users.
1.15 Contact
| Contact | Detail |
|---|---|
| Privacy | privacy@encrisoft.com |
| Security and vulnerability reporting | security@encrisoft.com |
| Support | support@encrisoft.com |
| Website | https://encrisoft.com |