Privacy Notice
This notice explains how Platform Resilience Ltd collects, processes, stores, and governs information across the public website, application platform, communications, outreach, and advisory activities.
Platform Resilience Ltd Privacy Notice
Effective Date: 12 May 2026
Owner: Platform Resilience Ltd
Contact: privacy@platformresilience.io
1. Introduction
Platform Resilience Ltd is committed to protecting personal information and operating with transparency in relation to how information is collected, processed, stored, and governed.
This Privacy Notice explains:
- what personal information we collect
- how and why we process it
- how long we retain it
- the third parties involved in processing
- how security and governance controls are applied
- your rights in relation to your information
This notice applies to:
- the Platform Resilience public website
- Platform Resilience operational and governance services
- the Platform Resilience application platform
- communications, enquiries, outreach, and advisory activities
This notice does not form part of any contract.
2. Who We Are
Platform Resilience Ltd provides infrastructure resilience advisory, governance, operational resilience, and information-security-related services.
The organisation also develops and operates a proprietary governance platform supporting:
- risk management
- supplier governance
- operational resilience workflows
- security incident management
- audit and governance activities
- asset and change management
- monitoring and operational review workflows
Controller contact:
Platform Resilience Ltd
privacy@platformresilience.io
3. Information We Collect
The information processed by Platform Resilience depends on the services, workflows, or interactions involved.
3.1 Public Website Enquiries
The public website may collect:
- name
- work email address
- company name
- environment and operational context
- resilience or operational concerns submitted in free-text fields
- website attribution and enquiry metadata
This information is submitted voluntarily through public enquiry forms or direct contact.
3.2 Operational and Client Information
Operational and governance workflows may process:
- client and organisation details
- session notes
- workshop outputs
- governance records
- risk information
- operational and resilience observations
- engagement artifacts and deliverables
- workflow submissions and review records
3.3 Security and Governance Information
The Platform Resilience application may process:
- audit events
- security events
- anomaly records
- incident records
- threat-intelligence data
- supplier governance information
- authentication and access-control records
- review and approval history
This processing supports operational governance, security monitoring, auditability, and resilience management.
3.4 Outreach and Business Development Information
Platform Resilience may process limited business contact information for B2B outreach and relationship management activities.
This may include:
- names
- work email addresses
- role titles
- LinkedIn profile URLs
- company information
- outreach interaction history
- suppression and unsubscribe records
Platform Resilience does not intentionally conduct consumer marketing activities.
3.5 AI-Assisted Operational Processing
Platform Resilience uses AI-assisted tooling to support selected operational, analytical, governance, drafting, outreach, threat-intelligence, and workflow activities.
Depending on the workflow, AI-assisted processing may involve:
- governance records
- operational context
- outreach context
- supplier information
- incident or threat-analysis context
- engagement artifacts
- workflow submissions
AI-assisted outputs remain subject to human review, approval, and governance controls.
Platform Resilience does not intentionally request special-category personal data. Users should avoid including unnecessary sensitive personal information within free-text submissions, operational records, or governance workflows unless operationally necessary.
4. How We Use Information
Platform Resilience processes information for the following operational purposes:
- responding to enquiries
- assessing suitability for advisory services
- delivering resilience and governance services
- operating the Platform Resilience governance platform
- supporting auditability and operational traceability
- managing supplier governance and operational dependencies
- managing risks, incidents, and operational resilience workflows
- protecting systems, services, and operational integrity
- conducting limited B2B outreach and relationship management
- improving operational governance and resilience workflows
5. Lawful Basis for Processing
Platform Resilience relies primarily on the following lawful bases:
Legitimate Interests
Platform Resilience processes information where necessary for legitimate operational and business purposes, including:
- responding to resilience and advisory enquiries
- operating governance and security workflows
- protecting systems and operational integrity
- conducting proportionate B2B outreach
- improving operational resilience and governance capabilities
- maintaining auditability and operational traceability
Platform Resilience seeks to ensure such processing remains proportionate, relevant, and appropriately governed.
Pre-Contract and Service Delivery Activities
Certain processing may occur where necessary to:
- assess engagement suitability
- support delivery preparation
- deliver advisory and governance services
- maintain operational service records
Legal, Audit, and Security Obligations
Certain governance, audit, security, and operational records may be retained where necessary to support:
- legal obligations
- audit requirements
- contractual obligations
- operational integrity
- incident investigation
- security monitoring
- governance traceability
6. Analytics, Tracking, and Attribution
The public website uses limited operational analytics and attribution tracking to:
- understand website usage
- measure engagement with resilience-related content
- assess service enquiry activity
- improve operational effectiveness and user experience
This includes:
- Vercel Analytics
- CTA interaction tracking
- attribution metadata
- browser local storage identifiers
- UTM and campaign attribution parameters
Platform Resilience does not currently use:
- behavioural advertising networks
- advertising retargeting platforms
- cross-site advertising profiling technologies
Tracking and analytics are intended to remain proportionate and operationally focused.
7. Cookies and Browser Storage
The website uses limited browser-side storage and analytics functionality.
This includes:
- browser local storage identifiers for operational attribution tracking
- analytics and interaction tracking
- operational website telemetry
Platform Resilience provides transparency regarding these technologies through this notice and related cookie/tracking information.
8. Processors and Third Parties
Platform Resilience uses selected third-party providers to support operational delivery, hosting, identity, analytics, communications, storage, governance workflows, and AI-assisted processing.
These may include:
| Provider | Purpose |
|---|---|
| Google Workspace | Identity, email delivery, collaboration, storage, and backup/export workflows |
| Vercel | Website and application hosting, runtime delivery, and analytics |
| Neon | Database hosting |
| OpenAI | AI-assisted operational and governance workflows |
| Hunter | Lead enrichment and outreach support |
| Outreach and integration workflows | |
| BlockMark / IASME | Certification badge and verification services |
Platform Resilience seeks to use providers considered operationally appropriate for the services delivered.
9. International Transfers
Some third-party providers used by Platform Resilience may process or transfer information outside the UK.
Platform Resilience seeks to ensure that appropriate contractual, operational, and governance measures are applied where such processing occurs.
10. Retention
Platform Resilience applies retention controls appropriate to operational, governance, audit, security, and contractual requirements.
Current operational retention principles include:
| Record Type | Retention Position |
|---|---|
| Public website enquiries | Up to 24 months |
| Outreach and lead records | Up to 24 months inactive |
| Suppression and unsubscribe records | Retained to prevent future unwanted contact |
| Client engagement and governance records | Up to 6 years after engagement closure |
| Incident, audit, and security records | Minimum 6 years |
| AI-assisted records | Retained in alignment with the related operational record class |
| Backups | Retained under a rolling operational backup lifecycle |
Certain audit, governance, operational integrity, legal, or security records may be retained longer where operationally necessary.
Deleted records may temporarily persist within retained backup sets until those backups naturally expire under the backup retention lifecycle.
11. Security and Governance Controls
Platform Resilience applies technical and operational controls designed to support:
- access control
- least privilege
- operational monitoring
- incident management
- anomaly detection
- auditability
- backup and restore governance
- change management
- supplier governance
- resilience and operational review
The organisation currently maintains Cyber Essentials Plus certification.
Operational controls include externally governed identity and device controls, including MFA and managed endpoint governance.
12. Data Subject Rights
Subject to applicable law, individuals may have rights relating to their personal information, including:
- access to information
- correction of inaccurate information
- objection to certain processing
- restriction of processing
- deletion requests in certain circumstances
Requests are handled through a governed manual review process across relevant operational systems and records.
Certain records may be retained where necessary to preserve:
- security
- auditability
- legal obligations
- contractual obligations
- operational integrity
- governance traceability
Privacy-related requests may be submitted to:
privacy@platformresilience.io
13. Deletion and Backup Limitations
Platform Resilience supports deletion and operational cleanup in selected workflows.
However:
- certain governance and audit records may be retained under documented operational exceptions
- historical backups may temporarily contain deleted records until backup expiry
- restoration activities may reintroduce previously deleted records from retained backup sets until those backups naturally expire
Platform Resilience seeks to apply deletion and retention controls proportionately while preserving governance integrity and operational resilience.
14. Changes to This Notice
Platform Resilience may update this Privacy Notice periodically to reflect:
- operational changes
- governance improvements
- supplier changes
- regulatory developments
- new platform capabilities
The latest version will be published through Platform Resilience controlled channels.
15. Contact
Privacy and data protection related enquiries may be directed to:
privacy@platformresilience.io