MANGROVE

Privacy Policy

Last updated: February 2026

1. Introduction

Cyber Mangrove Ltd (Company No. SC625467) ("Mangrove," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website or engage our services.

Registered Address: Hudson House, 8 Albany Street, Edinburgh, Scotland, EH1 3QB

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

2. Information We Collect

2.1 Information You Provide

  • Contact information: Name, email address, phone number, and company name when you contact us via our website or email
  • Enquiry details: Information about your project or requirements that you share with us
  • Meeting bookings: Information provided when you book a consultation via Google Calendar

2.2 Information Collected Automatically

  • Usage data: Pages visited, time spent on pages, and navigation patterns (only with your analytics consent)
  • Device information: Browser type, operating system, and screen resolution (only with your analytics consent)
  • Cookies: See our Cookie Policy for full details

3. How We Use Your Information

We use your information for the following purposes:

  • Responding to enquiries: To reply to your questions and provide information about our services
  • Service delivery: To deliver consulting and software development services you engage us for
  • Website improvement: To understand how visitors use our website so we can improve it (analytics data, with your consent only)
  • Legal compliance: To comply with legal obligations and protect our rights

We do not send marketing emails unless you have explicitly opted in. We do not sell your personal information to third parties.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Consent: For analytics cookies and any marketing communications you opt into
  • Legitimate interests: For responding to enquiries you submit to us and improving our website
  • Contract performance: For delivering services you have engaged us to provide
  • Legal obligation: For complying with applicable laws (e.g., tax records, anti-money laundering)

5. Data Sharing

We may share your information with:

  • Google Analytics: Anonymised website usage data (only with your consent). Google acts as a data processor under their data processing terms.
  • Google Calendar: If you book a consultation through our website, Google processes your booking information under their privacy policy.
  • Email providers: If you email us, your message is processed by our email service provider.
  • Legal requirements: When required by law, court order, or governmental authority.

We do not share your personal information with any other third parties for marketing purposes.

6. International Data Transfers

Some of our service providers (such as Google) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions, to protect your data in accordance with UK data protection law.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption for all website traffic
  • Security headers (CSP, HSTS, X-Frame-Options)
  • Access controls on all systems
  • Regular security reviews

8. Data Retention

  • Enquiry data: Retained for up to 2 years after your last contact with us, then deleted
  • Client project data: Retained for the duration of the engagement plus 6 years as required by UK tax law
  • Analytics data: Google Analytics retains data for up to 26 months (configurable)
  • Cookie preferences: Stored in your browser until you clear your data

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request that we limit how we process your data
  • Portability: Receive your data in a portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent at any time where processing is based on consent (e.g., analytics cookies)

To exercise any of these rights, contact us at privacy@mangrove.co.uk.

10. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@mangrove.co.uk
  • Registered Address: Cyber Mangrove Ltd (SC625467), Hudson House, 8 Albany Street, Edinburgh, Scotland, EH1 3QB

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

See also our Cookie Policy for information on how we use cookies.