Book a Demo
We Secure Data Privacy Policy

We Secure Data Privacy Policy

Last Updated: 8 June 2026

1. Introduction

This Privacy Policy explains how We Secure Data Ltd ("We Secure Data", "we", "our", or "us") collects, uses, stores, and protects personal data when you use our website, platform, applications, and related services.

We Secure Data provides secure data sharing, encrypted storage, provenance, verification, and audit services. Some deployments may operate within customer-controlled cloud environments using customer-managed encryption keys.

This Privacy Policy should be read alongside our Terms of Service and any applicable customer agreement, Data Processing Agreement, or security documentation.

2. Who This Policy Applies To

This Privacy Policy applies to:

  • Visitors to our website.
  • Users of the We Secure Data platform.
  • Customer administrators.
  • Message recipients and external users.
  • Individuals whose personal data is processed through our services.
  • People who contact us for support, sales, or general enquiries.

Where an organisation provides access to We Secure Data, that organisation may also be responsible for how your personal data is used.

3. Our Role

Depending on the circumstances, We Secure Data may act as either a data controller or a data processor.

We act as a data controller where we decide how and why personal data is processed, such as for website enquiries, account administration, billing, service management, and our own business operations.

We act as a data processor where we process personal data on behalf of a customer using the We Secure Data platform.

Where we act as a processor, the customer remains responsible for determining the purpose and lawful basis for processing personal data.

4. Personal Data We May Collect

We may collect and process the following types of personal data:

  • Name.
  • Email address.
  • Organisation name.
  • Job title or role.
  • Login and account information.
  • Authentication and security information.
  • IP address and device information.
  • Browser and usage information.
  • Support and communication records.
  • Billing and payment-related information.
  • Audit logs and activity records.
  • Message, file, vault, recipient, and sharing metadata.
  • Verification and provenance activity.

Depending on how the Service is configured, we may not be able to access the contents of encrypted files, messages, or vault data.

5. Encrypted Customer Content

We Secure Data is designed to support client-side encryption, customer-controlled encryption keys, and Bring Your Own Cloud (BYOC) deployment models.

Where customer-controlled encryption or zero-knowledge functionality is enabled:

  • Customer content may be encrypted before being stored or transmitted.
  • We Secure Data may not possess the technical ability to decrypt customer content.
  • Encryption keys may remain under the control of the customer.
  • We may process metadata, audit records, access logs, and technical information needed to operate, secure, and verify the Service.
  • Loss or mismanagement of customer-controlled keys may make encrypted content permanently inaccessible.

6. Bring Your Own Cloud Deployments

Some customers may deploy We Secure Data within cloud infrastructure owned or controlled by the customer.

In BYOC deployments:

  • Customer content may be stored within the customer's own cloud environment.
  • The customer may control infrastructure, storage, network access, backups, and encryption key management.
  • We Secure Data may have limited or no access to customer content depending on the deployment configuration.
  • The customer is responsible for its own cloud security settings, access controls, and compliance obligations unless otherwise agreed in writing.

7. How We Use Personal Data

We may use personal data to:

  • Provide, operate, and maintain the Service.
  • Create and manage user accounts.
  • Authenticate users and protect accounts.
  • Enable secure messaging, file sharing, vaults, and verification services.
  • Maintain audit logs and provenance records.
  • Provide customer support.
  • Monitor platform security and prevent abuse.
  • Improve the Service.
  • Manage billing and commercial relationships.
  • Respond to enquiries.
  • Comply with legal and regulatory obligations.
  • Enforce our Terms of Service and customer agreements.

8. Legal Bases for Processing

Where UK GDPR or EU GDPR applies, we rely on one or more of the following lawful bases:

  • Performance of a contract.
  • Legitimate interests.
  • Compliance with legal obligations.
  • Consent, where required.
  • Processing on behalf of a customer under a Data Processing Agreement.

Our legitimate interests include operating a secure platform, protecting users, preventing misuse, improving our services, and supporting customer relationships.

9. Audit Logs, Provenance, and Verification Records

The Service may generate audit logs, provenance records, cryptographic verification records, timestamps, access events, and related metadata.

These records may include:

  • User identifiers.
  • Email addresses.
  • Organisation details.
  • File or message metadata.
  • Access and download events.
  • Verification events.
  • Timestamps.
  • IP address or device-related data.
  • Cryptographic hashes and integrity evidence.

These records are used to support security, compliance, traceability, dispute resolution, and verification of digital evidence.

Depending on customer configuration, some audit and provenance records may be retained for compliance and integrity purposes and may not be editable by ordinary users.

10. Sharing Personal Data

We may share personal data with:

  • Customer organisations that administer user accounts.
  • Service providers who help us operate the Service.
  • Cloud hosting and infrastructure providers.
  • Payment and billing providers.
  • Professional advisers.
  • Regulators, courts, law enforcement, or public authorities where required by law.
  • A purchaser or successor if our business is sold, merged, or reorganised.

We do not sell personal data.

11. Service Providers

We may use trusted third-party providers for hosting, storage, communications, analytics, support, payment processing, security, and operational services.

Where required, we put appropriate contractual safeguards in place with service providers who process personal data on our behalf.

12. International Transfers

Personal data may be processed in the United Kingdom, the European Economic Area, or other jurisdictions where we or our service providers operate.

Where personal data is transferred internationally, we will use appropriate safeguards where required by law, such as adequacy decisions, standard contractual clauses, or equivalent protections.

13. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and audit records.

Retention periods may vary depending on:

  • Customer configuration.
  • Contractual requirements.
  • Legal and regulatory obligations.
  • Security and audit requirements.
  • Backup and disaster recovery processes.
  • Whether data forms part of provenance, verification, or immutable audit records.

Customers may be responsible for setting retention policies for their own users and content.

14. Security

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

These measures may include:

  • Encryption.
  • Access controls.
  • Authentication controls.
  • Audit logging.
  • Secure development practices.
  • Monitoring and security review.
  • Customer-managed encryption key options.
  • Bring Your Own Cloud deployment options.

No system can be guaranteed to be completely secure. Customers are responsible for maintaining appropriate user access controls, device security, cloud configuration, and key management.

15. Your Rights

Depending on applicable law, you may have rights to:

  • Access your personal data.
  • Correct inaccurate personal data.
  • Request deletion of personal data.
  • Restrict processing.
  • Object to processing.
  • Request data portability.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a data protection authority.

Where we process personal data on behalf of a customer, we may need to refer your request to that customer.

16. Customer-Controlled Data

If your access to We Secure Data is provided by an organisation, that organisation may control your account, access rights, retention settings, and data processing purposes.

Requests relating to customer-controlled data should usually be directed to the relevant organisation.

17. Cookies and Similar Technologies

Our website and Service may use cookies or similar technologies to:

  • Keep users signed in.
  • Maintain security.
  • Remember preferences.
  • Measure website usage.
  • Improve performance.
  • Support platform functionality.

Where required by law, we will request consent before using non-essential cookies.

18. Children

The Service is intended for business and organisational use and is not directed at children.

We do not knowingly collect personal data from children.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Where changes are material, we will take reasonable steps to notify users or customers.

The updated version will be posted on our website with a revised "Last Updated" date.

20. Contact Information

We Secure Data Ltd

Website: https://www.wesecuredata.com

Email: privacy@wesecuredata.com

21. Supervisory Authority

If you are based in the United Kingdom and are unhappy with how we handle your personal data, you may contact the Information Commissioner's Office.

You can also contact us first so we can try to resolve the issue directly.