Last Updated: March 2026 | ICO Registration: ZB567741

ZORB Security Limited (“ZORB”, “we”, “our”, “us”) is a cybersecurity software company incorporated in England and Wales. We develop and operate DataShield, an endpoint security product for businesses.

This Privacy Policy covers two distinct contexts: (1) visitors to our website; and (2) customers and their employees who use our DataShield product. Different sections apply to different groups.

Registered address: 124 City Road, London, EC1V 2NX

Compliance: compliance@zorbsecurity.com

Data Protection Officer: dpo@zorbsecurity.com

1. What Information We Collect

Website visitors

When you visit our website we may collect: your IP address, browser type, pages visited, and interaction data. If you fill in a form we collect your name, job title, company, email address, and phone number.

We also use Apollo.io, a B2B visitor intelligence tool that identifies the company organisation associated with your IP address using publicly available business data. It does not identify you personally.

DataShield customers and their employees

The DataShield endpoint agent captures metadata about outbound data flows from devices it is installed on. This includes: timestamps, device name, logged-in username, application names, source and destination IP addresses, and port information. DataShield does not read the content of files, emails, or messages — no packet content is ever captured.

If you are an employee of a ZORB customer organisation, your employer is the data controller for this data. ZORB processes it only to provide the DataShield service on your employer’s behalf. Data subject rights requests should be directed to your employer in the first instance.

2. Why We Use It

  • To respond to enquiries and provide our services
  • To manage customer accounts and deliver the DataShield service
  • To send relevant business communications (you can opt out at any time)
  • To improve our website
  • To detect and prevent fraud and security threats
  • To comply with our legal obligations

3. Legal Basis for Processing

We rely on the following legal bases under UK GDPR: performance of contract; legitimate interests (including B2B marketing, service delivery, and security); consent (where specifically requested); and legal obligation.

4. Who We Share Data With

We work with carefully selected service providers:

  • Google Analytics 4 / Google Tag Manager — website analytics and tag management (Google LLC, US-based, EU-US Data Privacy Framework)
  • Apollo.io — B2B visitor intelligence (US-based, Standard Contractual Clauses)
  • Akismet — spam filtering for contact forms (Automattic Inc., US-based)
  • Google Fonts — font delivery (may transmit your IP to Google servers)
  • AWS and Hetzner — cloud hosting for DataShield (UK/EEA regions only)
  • Microsoft Clarity — session recording and heatmaps (planned, opt-in only — we will update this policy when activated)

We do not sell your personal data.

5. International Transfers

Some service providers are based in the United States. We use appropriate safeguards including the EU-US Data Privacy Framework and Standard Contractual Clauses. DataShield customer data is hosted in the UK/EEA only and does not leave those regions.

6. Cookies

For full details of the cookies we use and your choices, please see our Cookie Policy.

7. How Long We Keep Data

  • Active customer relationships: duration of relationship plus up to 7 years
  • Business prospects: up to 3 years from last meaningful contact
  • Website analytics: up to 14 months
  • DataShield event data: 30 days after contract ends (or as agreed in your Data Processing Agreement)
  • Job applicants: up to 12 months after recruitment concludes

8. Your Rights

Under UK GDPR you have the right to: access your data; correct it; delete it in certain circumstances; restrict how we use it; receive it in a portable format; object to processing based on legitimate interests (including direct marketing); and withdraw consent at any time.

To exercise any of these rights, contact us at compliance@zorbsecurity.com. We will respond within one calendar month.

If you are not satisfied with our response, you can complain to the Information Commissioner’s Office (ICO) at https://ico.org.uk/concerns/.

9. Security

As a cybersecurity company we implement robust security measures including encryption in transit and at rest, customer data isolation, access controls, and regular security assessments. In the event of a personal data breach we will notify affected parties and the ICO as required by law.

10. Changes to This Policy

We review this policy periodically. Material changes will be notified via our website and by updating the date above.

11. Contact Us

compliance@zorbsecurity.com

dpo@zorbsecurity.com

ZORB Security Limited, 124 City Road, London, EC1V 2NX ICO registration: ZB567741

Privacy Preference Center

Privacy Preferences

ZORB respects your right to privacy. You can choose which cookies we set — only strictly necessary cookies are active by default. Declining analytics cookies will not affect your experience on this site. Full details at zorbsecurity.com/cookie-policy

Privacy Policy

You agree to our privacy policy