|

Home
Platform
Seamless Integration with Cloud Platforms

PurpleWASP integrates with popular cloud storage solutions like OneDrive, SharePoint, Google Drive, and Dropbox to manage policies where they already exist. This integration allows for easy import, export, and management of policies stored across platforms, centralizing your policy management process.

Solutions
Seamless Integration with Cloud Platforms

PurpleWASP integrates with popular cloud storage solutions like OneDrive, SharePoint, Google Drive, and Dropbox to manage policies where they already exist. This integration allows for easy import, export, and management of policies stored across platforms, centralizing your policy management process.

Pricing
Partners
Maximize Your Potential with PurpleWASP

PurpleWASP offers a diverse set of partnerships that can help your business grow. Whether you’re a technology partner or a reseller, we provide the tools, support, and resources needed for mutual success.

Resources
Seamless Integration with Cloud Platforms

PurpleWASP integrates with popular cloud storage solutions like OneDrive, SharePoint, Google Drive, and Dropbox to manage policies where they already exist. This integration allows for easy import, export, and management of policies stored across platforms, centralizing your policy management process.

1. Introduction

Last updated: July 07, 2025

PurpleWASP Ltd. ("PurpleWASP", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share personal information when you use our websites (including www.purplewasp.com), our cloud-based SaaS platform, and related services (collectively, the “Services”).

This Privacy Policy also explains your rights under UK and European data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU GDPR (if applicable).

We review and update this Privacy Policy from time to time to reflect legal, operational, or business changes. Any significant updates will be communicated appropriately.

2. Scope of this Privacy Policy

This policy applies to:

  • • Visitors to our website;
  • • Customers using our Services;
  • • Individuals whose data we process as part of delivering our Services.

3. Types of Information We Collect

We collect and process the following types of personal data, depending on how you interact with our Services:

Context Types of Data Purpose of Collection
Customer Account Information Name, email, job title, company, password, billing details To provide our Services, manage accounts, deliver customer support, and process payments (performance of contract).
Vendor Account Information Name, email, job title, company, password To enable vendor participation within the platform, including questionnaire sharing and compliance communications (legitimate interest & contract performance).
Communications & Support Requests Names, emails, phone numbers, and contents of messages or calls (which may be recorded with notice) To respond to inquiries, provide customer service, and resolve issues (legitimate interest).
Cookies & Analytics Data Device data, IP address, browsing activity, preferences To operate our website, analyse usage, improve functionality, and for security (legitimate interest, or consent where required).
Marketing & Mailing Lists Email addresses, subscription preferences To send marketing materials and updates, based on your consent or our legitimate interest (you can opt out at any time).
Employment & Job Applications CVs, employment history, contact details, etc. To process job applications and recruit staff (pre-contractual steps & legal obligations).
Payment Data Payment card details (collected via a secure payment processor) To process payments and prevent fraud (contract performance & legitimate interest).
Surveys & Feedback Any data you provide voluntarily in surveys To collect feedback, improve services, and for internal research (legitimate interest).

We may also collect information from third parties, such as business partners, public sources, or your employer (if you use our Services on behalf of an organisation).

4. How We Use Your Information

We use personal data for the following purposes, in accordance with applicable data protection laws:

Purpose Legal Basis
To provide and operate our Services Performance of a contract with you.
To provide customer support and service notifications Performance of contract; Legitimate interest (to ensure proper service functioning).
To manage vendor submissions and interactions Performance of contract; Legitimate interest (to deliver contracted features).
To improve and develop our Services Legitimate interest (to improve and grow our services).
To send marketing communications and service-related updates Consent (for marketing, where required); Legitimate interest (for customer updates where allowed by law).
To analyse usage and security Legitimate interest (to safeguard the platform and users).
To comply with legal obligations Compliance with legal obligations.
For recruitment and employment purposes Pre-contractual steps; Compliance with employment laws.

Multiple Purposes

In some cases, we may use your personal data for more than one lawful purpose. For example:

  • If you purchase a service, we process your data to fulfil the contract but may also retain it for legal compliance (e.g., tax reporting).
  • If we detect security issues, we may process data for both legitimate interests and legal obligations.

5. Sharing of Information

We only share your personal data where necessary and in accordance with applicable data protection laws. The situations where we may share your information include:

Recipient Purpose of Sharing Legal Basis
Service Providers & Processors We use trusted third-party vendors (e.g., cloud hosting, analytics, email platforms, payment processors) to help deliver our Services and support business operations. These providers may only process your data according to our instructions and for specified purposes. Legitimate interest; Performance of contract; Compliance with legal obligations.
Affiliates and Group Companies We may share data with our affiliates or subsidiaries for internal administrative purposes, shared services, or corporate restructuring. Legitimate interest (efficient operations and service delivery).
Business Transfers If we are involved in a merger, acquisition, or sale of all or part of our business or assets, your personal data may be shared with involved parties during due diligence or as part of the completed transaction. Legitimate interest (business continuity or restructuring); Legal obligations (where applicable).
Legal Obligations & Rights Protection We may disclose data where required to comply with legal obligations, government requests, or to protect our rights, property, or the safety of our users or others (including fraud prevention). Compliance with legal obligations; Legitimate interest (protecting legal rights and safety).
With Your Consent We may share your information with third parties if you provide explicit consent for us to do so. Consent.

International Transfers of Personal Data

Due to the global nature of our operations, your personal data may be transferred to, stored, and processed in countries outside of the United Kingdom (UK) and the European Economic Area (EEA), including countries that may not offer the same level of data protection as your home country.

Key Points:

  • Where We Transfer Data: This may include transfers to countries where we or our service providers operate, such as the United States.
  • How We Safeguard Transfers: Where personal data is transferred outside of the UK or EEA, we ensure appropriate safeguards are in place, including:
    • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office or the European Commission;
    • Other lawful mechanisms under applicable data protection laws.
  • Your Rights: You may request further information about international transfers of your data, including a copy of the relevant safeguards, by contacting us via the details provided in the Contact Us section of this Policy.

Your Consent: By using our Services, you acknowledge that your personal data may be transferred to countries outside of the UK/EEA as described above.

6. Your Rights and Choices

Under the UK General Data Protection Regulation (UK GDPR) and EU GDPR, you have specific rights regarding your personal data. We are committed to respecting your rights and enabling you to exercise them easily.

Your Data Protection Rights

Right Description
Access Request a copy of the personal data we hold about you and how we process it.
Rectification Request corrections to inaccurate or incomplete personal data we hold about you.
Erasure (“Right to be Forgotten”) Request deletion of your personal data where there is no lawful reason for us to continue processing it (subject to legal or contractual retention obligations).
Restriction of Processing Request that we restrict processing of your personal data in certain circumstances (e.g., where you contest the data’s accuracy or object to processing).
Data Portability Request to receive your personal data in a structured, commonly used, machine-readable format, and transmit that data to another controller (where technically feasible and where processing is based on consent or contract).
Objection Object to the processing of your personal data where we rely on legitimate interests, including profiling; or to processing for direct marketing purposes.
Withdraw Consent Withdraw your consent at any time where we rely on consent for processing. This does not affect the lawfulness of processing carried out before your withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us by:

Please include your full name, account details (if applicable), and details of your request.

We may ask for verification of your identity before processing your request.

Response Time

We will respond to your request without undue delay and in any event within one month of receipt. This period may be extended by up to two further months where necessary, considering the complexity and number of requests. If an extension is required, we will inform you.

Lodging a Complaint

If you are not satisfied with how we handle your personal data, you can:

  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) via www.ico.org.uk
  • If you are located in the EU, you may also complain to your local Data Protection Authority.

7. How We Protect Your Personal Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against:

  • Unauthorised access
  • Accidental loss
  • Destruction
  • Misuse or alteration

Our Security Measures Include:

  • Encryption of data in transit and at rest, where appropriate.
  • Role-based access controls and authentication procedures to restrict access to authorised personnel only.
  • Regular security assessments, audits, and penetration testing.
  • Continuous monitoring for suspicious activities and potential vulnerabilities.
  • Secure data storage environments provided by trusted cloud service providers with relevant certifications (such as ISO 27001, SOC 2, etc.).
  • Employee training on data protection and security best practices.
  • Incident detection, response, and remediation plans for handling security events and data breaches.

Account Security

Where we provide account-based access to the Services:

  • You are responsible for safeguarding your password and other authentication credentials.
  • You must promptly notify us of any unauthorised use of your account or suspected security incidents.

Data Breach Notification

In accordance with applicable data protection laws:

  • If we experience a data breach likely to result in a high risk to your rights and freedoms, we will notify the relevant data protection authority without undue delay (and within 72 hours if required by law).
  • We will also notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

Limitations of Security

While we use reasonable efforts to protect your personal data, no system or transmission over the internet can be guaranteed to be completely secure.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or service offerings. When we update the Policy, we will revise the "Last Updated" date at the top of this document.

If we make material changes to how we collect or use personal data, we will provide a prominent notice (such as by email or through our Services) and, where required by applicable law, obtain your consent before applying those changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data.

9. Contact Information

If you have any questions, concerns, or complaints regarding this Privacy Policy or our handling of your personal data, you may contact us at:

Privacy Team
Thrixity, Ltd.
61 Bridge Street, Kington, Herefordshire, United Kingdom, HR5 3DJ
Email: privacy@purplewasp.com

If you are located in the United Kingdom or European Economic Area, you also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO):

We are committed to resolving any complaints or concerns regarding your personal data fairly and promptly.

PurpAI Chat

Session Expiring

Your session will expire in 60 seconds due to inactivity.