Privacy Policy
Last updated: [22nd September 2025]
LeoTrace (“we,” “our,” “us”) respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, store, and safeguard information when you use our penetration testing and related security services.
1. Information We Collect
We may collect and process the following types of information:
Client Information: Name, email, phone number, company name, billing details, and contract records.
Service-Related Data: System information, network configurations, IP addresses, vulnerability data, and other technical details required to perform penetration testing.
Website Data: Log data, analytics, and cookies when you visit our website.
Communication Data: Emails, support tickets, and call logs related to our services.
We do not collect unnecessary personal data and limit collection to what is required for delivering services.
2. How We Use Your Information
We use collected information to:
Deliver penetration testing, vulnerability assessments, and related services.
Communicate with clients regarding service delivery, support, and reports.
Improve our services, methodologies, and security tools.
Meet contractual, legal, and regulatory obligations.
Prevent fraud, unauthorized access, and misuse of systems.
3. Data Security
Because security is at the core of our business, we employ strict measures to protect your data, including:
Encryption of sensitive data in transit and at rest.
Secure data transfer channels for test results and reports.
Strict access controls with logging and monitoring.
Secure storage and disposal of penetration testing data.
All testing data and client deliverables are retained only as long as necessary for service delivery or as required by law, after which they are securely deleted.
4. Data Sharing and Disclosure
We do not sell or trade client data. We may share limited information only in the following circumstances:
With authorized client representatives as part of service delivery.
With trusted third-party providers (e.g., secure hosting, analytics, billing) under confidentiality and security agreements.
When required by law or regulatory authorities.
5. International Data Transfers
If we transfer information outside the UK (e.g., to secure cloud providers), we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA), the Addendum to the EU Standard Contractual Clauses, or other approved legal mechanisms.
6. UK GDPR & Data Protection Act 2018
Lawful Basis for Processing
We process personal data under the lawful bases set out in the UK GDPR and the Data Protection Act 2018, including:
Contractual necessity: To provide penetration testing and related services.
Legitimate interests: To improve our services, maintain security, and communicate with clients.
Legal obligations: To comply with tax, regulatory, and legal requirements.
Consent: Where required (e.g., for marketing communications).
Your Rights
Under UK data protection law, you have the right to:
Access the personal data we hold about you.
Request correction or deletion of your data.
Restrict or object to certain types of processing.
Request data portability.
Withdraw consent (where applicable).Lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk/.
Requests to exercise these rights can be made by contacting us at fwalter@leo-trace.com.
7. Data Processing Agreement (DPA)
As part of providing penetration testing services, we may process data on behalf of our clients. In these cases:
We act as a Data Processor and the client remains the Data Controller.
Data will be processed solely for the purposes of delivering penetration testing and related services as agreed in the contract.
We will not process client data for our own purposes or share it with unauthorized third parties.
Appropriate technical and organisational measures are maintained to safeguard all processed data.
Upon request or termination of services, we will securely return or delete client data in accordance with the contract and applicable law.
If required, we are willing to enter into a formal Data Processing Agreement (DPA) with clients to ensure UK GDPR compliance.
8. Cookies & Website Tracking
Our website may use cookies and analytics tools to improve functionality and user experience. You can manage cookie preferences through your browser settings.
9. Data Retention
Client engagement data is retained for the duration of the contract and a limited period thereafter for compliance.
Penetration test results are retained only as long as required to deliver the service or as agreed with the client.
10. Children’s Privacy
Our services are not directed toward individuals under 18, and we do not knowingly collect data from them.
11. Updates to This Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated “Last Updated” date.
12. Contact Us
For questions or requests related to this Privacy Policy, contact us at: fwalter@leo-trace.com
If you have concerns that we have not resolved, you may contact the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection: