PaForAPaForA

Privacy Policy

Effective Date: January 1, 2025

Your privacy and data protection are fundamental to everything we do at PaForA. This policy explains how we collect, use, and protect your personal information.

Quick Navigation

1. Introduction2. Data Controller3. Information We Collect4. How We Use Your Data5. Legal Basis for Processing6. Data Sharing and Disclosure7. Data Security8. Data Retention9. Your Rights (GDPR)10. International Transfers11. Cookies and Tracking12. Children's Privacy13. Policy Updates14. Contact Information

GDPR Compliant

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We are committed to protecting your personal data and your rights as a data subject.

1Introduction

At PaForA Technologies Ltd ("PaForA", "we", "us", or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains:

  • What personal data we collect and why
  • How we use, store, and protect your information
  • Your rights regarding your personal data
  • How to contact us with privacy questions or concerns

By accessing our website at paforatech.co.uk orapp.paforatech.co.uk, or using our cybersecurity services, you acknowledge that you have read and understood this Privacy Policy.

2Data Controller

PaForA Technologies Ltd is the data controller responsible for your personal information. Our details are:

PaForA Technologies Ltd

Company Registration Number: 15995466

Registered Address: 167-169 Great Portland Street, London, W1W 5PF, United Kingdom

Data Protection Officer: dpo@paforatech.co.uk

3Information We Collect

We collect different types of information depending on how you interact with our services:

3.1 Information You Provide

When you register for an account or use our services, you provide:

  • Account Information: Name, email address, company name, job title, phone number
  • Billing Information: Payment card details, billing address (processed securely by Stripe)
  • Business Information: Company size, industry, security requirements, compliance needs
  • Support Communications: Messages, queries, and feedback you send to our support team
  • Security Data: Information about your IT infrastructure, security posture, and vulnerabilities (only what you choose to share)

3.2 Information We Collect Automatically

When you use our platform, we automatically collect:

  • Usage Data: Pages visited, features used, time spent, actions performed
  • Technical Information: IP address, browser type, device information, operating system
  • Log Data: Access times, error logs, performance metrics
  • Security Events: Login attempts, authentication events, security alerts
  • Cookies: Session identifiers, preferences, analytics data (see Section 11)

3.3 Information from Third Parties

We may receive information from:

  • Breach Databases: Publicly available breach data (e.g., Have I Been Pwned)
  • Threat Intelligence: Security threat feeds and vulnerability databases
  • Payment Processors: Transaction confirmations from Stripe
  • Analytics Providers: Aggregated usage statistics

4How We Use Your Data

We use your personal information for the following purposes:

Service Delivery

  • • Provide access to our platform
  • • Monitor security threats
  • • Scan for vulnerabilities
  • • Generate compliance reports
  • • Deliver security training

Account Management

  • • Create and maintain accounts
  • • Authenticate users
  • • Process payments
  • • Manage subscriptions
  • • Provide customer support

Communications

  • • Send service notifications
  • • Deliver security alerts
  • • Respond to inquiries
  • • Share product updates
  • • Send marketing (with consent)

Improvement & Compliance

  • • Analyze usage patterns
  • • Improve our services
  • • Detect and prevent fraud
  • • Comply with legal obligations
  • • Enforce our terms

6Data Sharing and Disclosure

We do not sell, rent, or trade your personal information.

Your data is never sold to third parties for their marketing purposes.

We may share your information in the following limited circumstances:

6.1 Service Providers

We work with trusted third-party service providers who help us deliver our services:

  • Hosting & Infrastructure: Vercel, Supabase (data stored in UK/EU regions)
  • Payment Processing: Stripe (PCI-DSS compliant)
  • Email Services: Resend (for transactional emails)
  • Analytics: Privacy-focused analytics tools
  • Security Services: Have I Been Pwned (breach data), threat intelligence providers

All service providers are contractually obligated to protect your data and use it only for specified purposes.

6.2 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal process (court orders, subpoenas)
  • Enforce our Terms of Service
  • Protect the rights, property, or safety of PaForA, our users, or the public
  • Respond to government or regulatory requests

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

7Data Security

We implement industry-leading security measures to protect your personal information:

Encryption

  • • TLS 1.3 for data in transit
  • • AES-256 for data at rest
  • • End-to-end encryption

Access Controls

  • • Multi-factor authentication
  • • Role-based access
  • • Regular access reviews

Monitoring

  • • 24/7 security monitoring
  • • Regular security audits
  • • Penetration testing

Important Security Notice

While we implement robust security measures, no system can guarantee 100% security. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately of any unauthorized access.

7.1 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of becoming aware of the breach (as required by GDPR)
  • Inform relevant supervisory authorities
  • Provide details about the nature of the breach and steps we're taking
  • Offer guidance on protecting yourself from potential harm

8Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Data TypeRetention Period
Active account dataDuration of your subscription + 30 days
Billing and transaction records7 years (UK tax requirements)
Security logs and audit trails90 days (unless investigating an incident)
Marketing consent recordsUntil consent is withdrawn + 3 years
Support communications3 years after case closure

After the retention period expires, we securely delete or anonymize your personal data unless we are legally required to retain it longer (e.g., for tax, legal, or regulatory purposes).

9Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal information:

Right to Access

You can request a copy of the personal data we hold about you. We will provide this within 30 days.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal data. You can update most information directly in your account settings.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.

Right to Restrict Processing

You can ask us to limit how we use your personal data in certain circumstances.

Right to Data Portability

You can request a machine-readable copy of your data to transfer to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time. This won't affect processing that occurred before withdrawal.

Right to Lodge a Complaint

You have the right to complain to the UK Information Commissioner's Office (ICO):

ICO: ico.org.uk | Phone: 0303 123 1113

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at:

Data Protection Requests

Email: dpo@paforatech.co.uk

We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.

10International Data Transfers

Your personal data is primarily stored in data centers located in the United Kingdom and European Union. If we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules for intra-group transfers
  • Your explicit consent where required

All our service providers are required to implement GDPR-compliant data protection measures regardless of their location.

11Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our platform:

Cookie TypePurposeDuration
Essential CookiesRequired for platform functionality, authentication, and securitySession / 1 year
Analytics CookiesHelp us understand how users interact with our platform1 year
Preference CookiesRemember your settings and preferences1 year

Managing Cookies

You can control cookies through:

  • Your browser settings (most browsers allow you to refuse or delete cookies)
  • Our cookie consent banner (when you first visit our website)
  • Your account preferences (for preference cookies)

Note: Disabling essential cookies may affect the functionality of our platform.

12Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at dpo@paforatech.co.uk, and we will delete the information.

13Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

  • Update the "Effective Date" at the top of this policy
  • Notify you via email to your registered email address
  • Display a prominent notice on our website and within our platform
  • Provide at least 30 days' notice before changes take effect

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

14Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Privacy Inquiries

Email: privacy@paforatech.co.uk

Support: support@paforatech.co.uk

Website: paforatech.co.uk

Data Protection Officer

Email: dpo@paforatech.co.uk

Address:

PaForA Technologies Ltd
167-169 Great Portland Street
London, W1W 5PF
United Kingdom

This Privacy Policy was last updated on January 1, 2025. By using PaForA's services, you acknowledge that you have read and understood this Privacy Policy.

© 2026 PaForA Technologies Ltd. All rights reserved. Company Registration Number: 15995466