Legal
Privacy Policy
Last updated: 1 May 2026
GuardLayer Ltd ("we", "us", "our") is committed to protecting the privacy of all individuals who interact with our services. This policy explains what data we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
Summary: We collect only what we need. We never sell your data. We store it securely in the UK. You can request deletion at any time by emailing privacy@guardlayer.co.uk.
1. Who we are
GuardLayer Ltd is a company registered in England and Wales. We are the data controller for personal data collected through guardlayer.co.uk and our compliance API services. Our registered address and Data Protection contact: privacy@guardlayer.co.uk.
2. What data we collect
We collect the following categories of personal data:
- Contact information — name, work email address, company name, when you book a demo or contact us
- Audit responses — answers to our compliance audit tool (platform type, features, compliance status). This data is not linked to individuals unless you subsequently provide contact details
- Usage data — pages visited, time on site, referral source (via anonymised analytics only)
- Communication data — emails and messages you send us
For B2B platform clients using the GuardLayer API, a separate Data Processing Agreement governs all data handling. We act as a data processor on behalf of the platform (the data controller) for any end-user data.
3. Legal basis for processing
- Legitimate interests — responding to demo requests and enquiries, improving our compliance audit tool
- Contract performance — processing data necessary to deliver GuardLayer services to B2B clients
- Legal obligation — complying with UK law including the Online Safety Act 2023 and associated Ofcom requirements
- Consent — marketing communications (you can withdraw consent at any time)
4. How we use your data
- Responding to demo booking requests and enquiries
- Providing and improving the GuardLayer compliance audit tool
- Sending relevant updates about Online Safety Act compliance (with consent)
- Fulfilling contractual obligations to B2B platform clients
- Meeting our legal obligations under UK law
5. Data sharing
We do not sell, rent, or trade personal data. We may share data with:
- Service providers — hosting, email delivery, and analytics providers who process data on our behalf under strict data processing agreements
- Law enforcement — where required by law or to protect children from harm (our core purpose)
- Professional advisers — legal, accounting, and compliance advisers under confidentiality obligations
6. Data retention
We retain personal data only as long as necessary:
- Demo enquiries and contact data: 2 years from last contact, or until you request deletion
- Client contract data: 7 years (legal requirement)
- Anonymised audit tool data: indefinitely (no personal data attached)
7. Your rights under UK GDPR
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request deletion of your data ("right to be forgotten")
- Restrict or object to processing
- Data portability — receive your data in a machine-readable format
- Withdraw consent at any time where processing is based on consent
To exercise any of these rights, email privacy@guardlayer.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
We use minimal cookies. Strictly necessary cookies enable core site functionality and cannot be disabled. Analytics cookies (anonymised) help us understand how the site is used — you can decline these via our cookie banner. We do not use advertising or tracking cookies.
9. Security
We implement appropriate technical and organisational security measures including encryption in transit (TLS), access controls, and regular security reviews. No internet transmission is 100% secure, but we take all reasonable steps to protect your data.
10. Changes to this policy
We may update this policy. Material changes will be notified by email to registered contacts. The "last updated" date at the top of this page reflects the most recent revision.
11. Contact
For any privacy questions or to exercise your rights: privacy@guardlayer.co.uk