OSIRT Ltd · Privacy Policy

Privacy Policy

This policy explains how OSIRT Ltd handles personal information in relation to the OSIRT website, OSIRT iii software, related browser extension features, licensing, support, and associated services.

Last updated: 08 March 2026
Applies to: Website, OSIRT iii, licensing and support

Commitment to Privacy

OSIRT Ltd is committed to respecting and protecting the privacy of its users.

OSIRT iii is designed to support local-first investigations. Where possible, case content is stored locally on the user’s own device or chosen case location, rather than on OSIRT Ltd systems. We aim to minimise the personal information we collect and to be clear about when information is processed locally, when it is transmitted, and why.

Important: investigative material captured through OSIRT iii is generally intended to be stored inside the local case structure on the user’s own machine or storage location, not on OSIRT Ltd servers.

Who We Are

OSIRT Ltd is the controller of personal information described in this policy where we determine the purposes and means of processing.

Contact email: contact@osirt.co.uk
Postal address: MacLaurin Building, 4 Bishops Cl, Hatfield, AL10 9NE

Information We Collect

Information you provide to us

  • Email address and purchase-related details when obtaining a licence or contacting us.
  • Information you provide during support, account, licensing, or product enquiries.
  • Any correspondence you send to us by email or other contact methods.

Licensing and activation information

  • Licence key and related validation status used to activate and maintain the software.
  • A machine identifier used for activation and licence management. Where used by the software, this is intended to be handled in hashed form for validation purposes.

Information processed locally by the software

Depending on how you use OSIRT iii, the software may locally store case data and investigative content such as screenshots, downloaded files, saved page source, text captures, links, visited URLs, screen recordings, attachments, notes, alert tags, OCR or extracted text caches, and case metadata.

Website information

When you use our website, we may collect information through cookies, analytics tools, and standard server logs, such as browser type, pages viewed, approximate location information, and usage data.

Use of Personal Information

We may use personal information to:

  • provide, activate, validate, maintain, and improve our products and services;
  • process purchases, renewals, upgrades, and related administrative tasks;
  • respond to enquiries, technical issues, and support requests;
  • send confirmations, invoices, service notices, security notices, and product updates;
  • send marketing communications where permitted by law, with an option to opt out;
  • monitor website performance and improve the website experience;
  • comply with legal obligations and enforce our terms where necessary.

Lawful Bases for Processing

Where UK GDPR or GDPR applies, we rely on one or more of the following lawful bases:

  • Contract: where processing is necessary to provide software, licensing, support, or related services.
  • Legitimate interests: for operating, securing, supporting, and improving our products and website, provided those interests are not overridden by your rights.
  • Legal obligation: where we must process information to comply with applicable law.
  • Consent: where consent is required, for example for certain cookies or some marketing communications.

Sharing of Personal Information

We do not sell your personal information. We may share personal information only where necessary, including:

  • with service providers who support licensing, hosting, communications, analytics, payments, or customer support;
  • where disclosure is required by law, court order, or regulatory obligation;
  • where necessary to establish, exercise, or defend legal claims;
  • as part of a business sale, merger, or restructuring, subject to appropriate safeguards.

Local Storage and Case Data

OSIRT iii is built around local case storage. Case folders, databases, screenshots, recordings, downloads, notes, and similar artefacts are typically written to the case location selected by the user.

The browser extension and local application may communicate using local services on the user’s device in order to transfer captured material into the local case. This is separate from communications with OSIRT Ltd servers for licensing and related service functions.

Users are responsible for choosing appropriate storage locations, access controls, and internal handling procedures for case material stored within their environment.

Cookies and Similar Technologies

Our website may use cookies and similar technologies to operate the site, understand usage, and improve performance.

Where analytics cookies are used, they may collect information in aggregated or pseudonymised form, such as page visits, traffic sources, and general interaction patterns. You can manage cookie preferences through your browser settings and, where applicable, through on-site consent tools.

Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this policy, including to provide services, maintain records, meet legal or accounting obligations, resolve disputes, and enforce agreements.

Locally stored case data created through OSIRT iii remains under the control of the user or organisation operating the software and is retained according to their own operational and legal requirements.

Security of Your Personal Information

We take reasonable technical and organisational measures to protect personal information against unauthorised access, loss, misuse, alteration, or disclosure. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Communications

From time to time, we may contact you about upgrades, fixes, product notices, licensing matters, and other information relevant to OSIRT products and services.

We may also send marketing communications where permitted by law. You can opt out of marketing emails at any time by using the unsubscribe link in the message or by contacting contact@osirt.co.uk.

Your Rights

Under the UK GDPR, GDPR, and related data protection laws, you may have rights to:

  • be informed about how your personal information is used;
  • request access to the personal information we hold about you;
  • request correction of inaccurate or incomplete information;
  • request erasure in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to processing in certain circumstances;
  • request portability of certain data;
  • withdraw consent where processing relies on consent;
  • lodge a complaint with the relevant supervisory authority.

In the UK, you may raise concerns with the Information Commissioner’s Office if you believe your data protection rights have been infringed.

Changes to This Privacy Policy

We may update this privacy policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes may also be highlighted through the website, software, or other appropriate communications.

Contact Information

OSIRT Ltd

Email: contact@osirt.co.uk
Postal Address: MacLaurin Building, 4 Bishops Cl, Hatfield, AL10 9NE

Please contact us if you have any questions, comments, or concerns about this policy or how personal information is handled.

© OSIRT Ltd. All rights reserved.