Book a Discovery Call
Edit Content
Click on the Edit Content button to edit/add the content.

Security & Compliance

Last updated: [January 1, 2026]

What “Security & Compliance” means (plain English)

  • Security = how we protect your data and project information from loss, misuse, unauthorised access, or disclosure.

  • Compliance = how we operate within applicable laws, contracts, and good practice (especially data protection and confidentiality) when delivering consulting and training.

This page is a summary. Where required, we also agree security and data processing terms in a contract/DPA.

1. Data protection and privacy compliance

We aim to comply with applicable data protection laws, including:

  • UK GDPR and the Data Protection Act 2018; and

  • EU GDPR where we offer services to individuals in the EEA or process EEA personal data.

2. Core security controls

We apply reasonable technical and organisational measures, which may include:

  • access controls (least-privilege access, strong authentication);

  • secure configuration and device protection;

  • encryption in transit (HTTPS/TLS) and, where appropriate, encryption at rest;

  • controlled sharing of documents and project artefacts;

  • staff/contractor confidentiality obligations where applicable;

  • regular review of supplier security practices.

(Do not claim certifications you do not have, e.g., ISO 27001.)

3. Confidentiality for consulting and training

  • We treat client information and project details as confidential.

  • We do not share client materials externally unless authorised or legally required.

  • Where we deliver corporate consulting, confidentiality terms are defined in the service contract.

4. Supplier and tool management

We may use trusted third-party tools for:

  • meetings and training delivery,

  • scheduling and payments,

  • document collaboration and storage,

  • analytics and marketing communications.

We aim to choose reputable providers and configure them securely.

5. Data minimisation and retention

We collect and keep only what we need to deliver the service and meet legal obligations. We retain data for defined periods and delete/archieve securely when no longer required.

6. Incident response

If we become aware of a personal data breach that is likely to risk individuals’ rights and freedoms, we will assess and take appropriate steps, including notifications where required by law.

7. Responsible AI usage

Where we use AI to support delivery (e.g., drafting, summarisation, templates, productivity workflows):

  • we avoid uploading confidential client data into AI tools unless agreed and appropriately protected;

  • humans review outputs—AI does not replace professional judgement;

  • we prioritise accuracy, confidentiality, and compliance over speed.

8. Customer responsibilities

To keep engagements safe and effective, clients/users should:

  • avoid sharing unnecessary personal or sensitive data;

  • use secure channels for sending confidential materials;

  • notify us promptly if they suspect unauthorised access or misuse.

9. Contact

Security/compliance enquiries: [security@vettedready.com] or [hello@vettedready.com].