// Legal

Privacy Policy

Last updated: 24 May 2026

1. Who We Are and Scope of This Policy

This Privacy Policy describes how ctfwithai(“we”, “us”, “our”) collects, uses, stores, and protects personal data when you visit https://ctfwithai.com or contact us about our cybersecurity services.

We are a practitioner-led cybersecurity firm. We are committed to handling personal data responsibly, in compliance with applicable data protection laws including the General Data Protection Regulation (GDPR) where applicable.

2. Information We Collect

We collect information in the following ways:

Information you provide directly

  • Name, email address, phone number, and company name submitted through our quote request form.
  • The content of any message or enquiry you send us.
  • Service preferences you select in contact or quote forms.

Information collected automatically

  • IP addresses, browser type, operating system, referring URL, and pages visited, collected through standard server logs.
  • We do not use tracking cookies or third-party analytics scripts on this website.

The Bridge threat intelligence tool

When you use The Bridge, the indicator you submit (IP address, domain, file hash, URL, email address, ASN, or Bitcoin address) is processed server-side to query third-party threat intelligence APIs. We apply per-IP rate limiting to prevent abuse. We do not store submitted indicators or link them to your identity after the query is resolved.

3. How We Use Your Information

We use the personal data we collect for the following purposes:

  • To respond to quote requests and service enquiries.
  • To scope and deliver the cybersecurity services you have requested.
  • To prevent abuse of our free tools (rate limiting).
  • To comply with legal obligations.
  • To protect the security and integrity of our systems.

We do not use your personal data for marketing purposes without your explicit consent. We do not sell, rent, or trade your personal data to any third party.

4. Legal Basis for Processing (GDPR)

Where the GDPR applies, our legal bases for processing personal data are:

  • Legitimate interests — responding to your enquiry and operating our website securely.
  • Contract performance — processing data necessary to deliver services you have engaged us for.
  • Legal obligation — retaining certain records as required by applicable law.
  • Consent — where you have explicitly opted in to a specific use.

5. Sharing of Personal Data

We do not sell or disclose your personal data to third parties except:

  • Service providers we engage to operate our infrastructure (for example, our email delivery provider for sending quote responses). These providers are contractually bound to process data only on our instructions.
  • Third-party threat intelligence APIs used by The Bridge tool. When you submit an indicator, that indicator is transmitted to the relevant external APIs. No personally identifying data about you is included in those requests.
  • Law enforcement or regulators where we are legally compelled to disclose.

6. Data Retention

We retain contact and quote enquiry data for up to 24 months from the date of last contact, or longer if required for an ongoing client relationship or legal obligation. Server log data is retained for up to 90 days. The Bridge query data is not retained beyond the duration of a single server request.

7. Security of Your Data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include encrypted transmission (TLS), access controls, and server-side input sanitisation on all form submissions.

No method of transmission over the internet is entirely secure. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities as required by applicable law.

8. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request that inaccurate or incomplete data be corrected.
  • Erasure — request deletion of your personal data where there is no legal basis for continued processing.
  • Restriction — request that we limit processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format where technically feasible.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies and Tracking

This website does not use advertising cookies, tracking pixels, or third-party analytics services. We do not build profiles of visitors or share browsing data with advertising networks.

Session-related cookies may be set by the web framework for standard operation. These are strictly necessary and do not track you across other websites.

10. International Transfers

Some of the third-party threat intelligence APIs used by The Bridge are operated by companies based outside the European Economic Area. Where such transfers occur, we rely on the service provider's standard contractual clauses or equivalent safeguards as recognised under applicable data protection law.

11. Children

Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has submitted personal data to us, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will reflect any changes. We encourage you to review this page periodically. Continued use of our website after a change constitutes acceptance of the updated policy.

13. Contact Us

For any questions about this Privacy Policy or to exercise your data rights, contact:

ctfwithai

Email: [email protected]

Website: https://ctfwithai.com

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data lawfully.

← Back to home