Privacy Policy

How QL Security collects, uses, and protects your personal information

Last updated: 28 December 2025

Privacy Policy

This Privacy Policy explains how Quantum Leap Security Limited (“QL Security”, “we”, “us” or “our”) collects, uses, and protects personal information. We are committed to protecting your privacy and handling your data with care and respect.

Who We Are

We are Quantum Leap Security Limited, an AI Security and GRC consultancy specialising in gap analysis and compliance-aligned cybersecurity services. We help organisations identify vulnerabilities in their AI systems and build resilient security frameworks.

Our registered office is at 13 St Mary’s Street, Stamford, England, PE9 2DE. We are registered in England and Wales under company number 16896166.

We are the data controller for personal information we process, which means we determine how and why your information is processed.

Information We Collect

We only collect personal information when you choose to provide it to us. We do not collect information automatically through cookies or tracking technologies beyond what is strictly necessary for the website to function.

Information You Provide Directly

We may collect the following information when you contact us or engage our services:

Contact and Enquiry Information: When you submit an enquiry through our contact form or email us, we collect your name, email address, organisation name, phone number (if provided), and the content of your message or enquiry.

Consultation and Service Engagement: When you engage our consulting services, we collect additional information necessary to provide those services, including contact details for relevant personnel, technical information about your systems and security requirements, and any other information you choose to share with us in the course of our engagement.

AI Chat Interface (when implemented): If you use our planned AI chat interface, we will collect your messages, preferences for the conversation, and session information to provide and improve the service.

Information We Do Not Collect

We do not currently use analytics or tracking tools. We do not collect information about your browsing behaviour, demographics, or other characteristics unless you explicitly provide this information to us.

How We Use Your Information

We use your personal information for the following purposes:

Responding to Enquiries: To respond to your questions, provide information about our services, and communicate with you about potential engagement.

Providing Consulting Services: To deliver the security gap analysis, GRC consulting, and other services you have engaged us to provide.

Service Improvement: To understand how our clients use our services and identify areas where we can improve our offerings.

Legal Compliance: To comply with legal obligations, respond to legitimate requests from authorities, and protect our legal rights.

Business Operations: To manage our business operations, including administration, billing, and maintaining our client relationships.

Under UK data protection law (UK GDPR), we must have a lawful basis for processing your personal information. Our lawful bases include:

Contractual Necessity: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract (e.g., providing consulting services).

Legitimate Interests: Processing is necessary for our legitimate interests in operating our business, improving our services, and managing client relationships, provided these interests are not overridden by your rights and freedoms.

Legal Obligation: Processing is necessary to comply with our legal obligations.

Consent: Where we process information based on your consent (e.g., for marketing communications), you have the right to withdraw consent at any time.

How We Protect Your Information

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, or damage.

Our security measures include:

  • Encrypted data transmission using SSL/TLS protocols
  • Secure data storage with access controls
  • Regular security assessments and updates
  • Staff training on data protection and security
  • Incident response procedures

As a cybersecurity consultancy, we apply the same rigorous security standards to our own operations that we recommend to our clients.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected or as required by law.

Enquiry Information: We retain enquiry information for up to 12 months after last contact, unless we have an ongoing relationship with you.

Client Information: For clients who engage our services, we retain information for the duration of the engagement and for up to 7 years afterwards to comply with legal and professional obligations.

AI Chat History (when implemented): Chat logs will be retained for 90 days unless you request earlier deletion.

You may request deletion of your information at any time, subject to any legal obligations we have to retain certain records.

Sharing Your Information

We do not sell, rent, or trade your personal information to third parties.

We may share your information in the following limited circumstances:

Service Providers: We may engage trusted third-party service providers to assist in operating our business (e.g., hosting providers, email services). These providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or where necessary to protect our rights or the rights of others.

Business Transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity, subject to the same privacy protections.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner’s Office
  • Adequacy decisions recognising equivalent data protection standards
  • Other legally recognised transfer mechanisms

Your Rights

Under UK data protection law, you have the following rights:

Right of Access: You can request a copy of the personal information we hold about you.

Right to Rectification: You can ask us to correct inaccurate or incomplete information.

Right to Erasure: You can request deletion of your personal information in certain circumstances.

Right to Restrict Processing: You can ask us to restrict how we use your information in certain circumstances.

Right to Data Portability: You can request a copy of your information in a structured, commonly used format.

Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time.

To exercise any of these rights, please contact us using the details provided at the end of this policy.

Children’s Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will post any changes on this page and update the “Last updated” date.

For significant changes, we will provide additional notice, such as an email notification to our clients or a prominent notice on our website.

Contact Us and Complaints

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your information, please contact us:

Quantum Leap Security Limited
13 St Mary’s Street
Stamford
England
PE9 2DE

Email: Contact form

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), the supervisory authority for data protection in the UK:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: https://ico.org.uk/
Helpline: 0303 123 1113