HomeBlog

Privacy Policy Statement

Last updated at February 11, 2026

1. Introduction

Weve Security Limited is a software company incorporated in Ireland that provides autonomous cybersecurity solutions.

This Privacy Notice explains how Weve Security Limited collects, uses, discloses, and protects personal data in connection with its website, products, and services. It also describes the rights available to individuals under applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

Weve Security Limited processes personal data in accordance with applicable data protection legislation and maintains policies and procedures designed to ensure lawful, fair, and transparent processing.

This Privacy Notice may be updated from time to time to reflect changes in our processing activities, legal requirements, or operational practices. The “Effective Date” above indicates when this Privacy Notice was last revised.

2. Data Controller

Weve Security Limited is a company incorporated in Ireland and acts as the data controller for the purposes of the GDPR.

Weve Security Limited
Registered in Ireland
Registered Office: Commercial House, Millbank Business Park, Lower Lucan Road, Dublin, K78X5W6
Email: [email protected]

As data controller, Weve Security Limited determines the purposes and means of processing your personal data.

3. Data Protection Officer

Although not legally required to do so, Weve Security Limited has appointed a Data Protection Officer (DPO) to oversee its data protection compliance.

Daniel June

Workstreet, Inc. (Data Protection Officer as a Service provider)

Email: [email protected]

You may contact the DPO regarding questions about this Privacy Notice, the processing of your personal data, or to exercise your data protection rights.

4. How We Collect and Use Personal Data

Categories of Personal Data

Depending on your interaction with us, we may collect:

  • Name
  • Job title
  • Employer name
  • Work address
  • Work email address
  • Work telephone number
  • IP address and device information
  • Website usage information
  • Communications with us
  • Information relating to your interest in our products and services

We may also obtain business contact information from publicly available sources or trusted third-party providers, where permitted by law.

Purposes and Legal Bases

We process personal data under the following legal bases:

1. Providing Our Services

Legal Basis: Article 6(1)(b) GDPR (performance of a contract)

To provide cybersecurity services, manage accounts, and fulfil contractual obligations.

2. Responding to Inquiries and Demo Requests

Legal Basis: Article 6(1)(b) (pre-contractual steps) or Article 6(1)(f) (legitimate interests)
To respond to requests and communicate regarding our services.

3. Marketing Communications

Legal Basis: Article 6(1)(f) (legitimate interests) and, where required, Article 6(1)(a) (consent)
To provide information about our products, services, and events.You may opt out at any time.

4. CRM Management and Lead Enrichment

Legal Basis: Article 6(1)(f) (legitimate interests)To manage business relationships and better understand prospective and existing customers.

5. Website Operation and Improvement

Legal Basis: Article 6(1)(f) (legitimate interests)
To operate, secure, and improve our website and services.

Where we rely on legitimate interests, we consider and balance any impact on your rights.

5. Cookies and Tracking Technologies

Weve Security Limited uses technical and operational measures necessary to ensure the security, stability, and functionality of its website and web application.

We are currently conducting a review of our use of cookies, browser storage, and similar technologies to ensure full compliance with applicable data protection and ePrivacy laws.

Where strictly necessary technologies are used for authentication, security, or service delivery, they do not require consent under applicable law.

If non-essential cookies or tracking technologies are introduced, we will update this Privacy Notice and implement an appropriate consent mechanism where required.

6. Sharing Personal Data

We may share personal data with service providers supporting our operations, including:

  • Cloud infrastructure providers
  • Customer relationship management providers
  • Security and monitoring service providers
  • Collaboration and development platforms

All service providers are subject to contractual data protection obligations.

We may also disclose personal data where required by law, to enforce agreements, or to protect rights and security.

7. International Data Transfers

Personal data may be processed outside the European Economic Area (EEA), including in the United States.

Where transfers occur, Weve Security Limited ensures appropriate safeguards under Chapter V GDPR, including:

  • Reliance on European Commission adequacy decisions (including the EU–U.S. Data Privacy Framework, where applicable);
  • Standard Contractual Clauses (SCCs);
  • Supplementary technical and organizational safeguards; and
  • Data processing agreements.

For further information, contact [email protected].

8. Data Storage and Retention

Personal data is hosted within secure AWS cloud infrastructure in customer-selected regions (e.g., Frankfurt, London, Oregon).

Security measures include encryption at rest (AES-256), encryption in transit (TLS 1.2+), RBAC, MFA, tenant isolation, and restricted production access.

Account and User Information

Retained for the duration of the customer relationship and deleted within 30 days following termination, unless required for legal compliance.

Security Operations Data

Retained during the customer relationship and deleted within 30 days following termination.

Internal security monitoring data may be retained for up to 365 days.

Operational and Audit Logs

Audit logs retained for at least 365 days.

Operational logs retained up to 90 days unless required for investigations.

Data may be retained longer where required for legal or regulatory purposes.

9. Security of Processing

Weve Security Limited implements appropriate technical and organizational measures in accordance with Article 32 GDPR, including:

  • Encryption at rest and in transit
  • Role-based access controls
  • Multi-factor authentication
  • Logical tenant isolation
  • Secure AWS infrastructure
  • Continuous monitoring and threat detection
  • Audit logging and integrity validation
  • Vendor risk management

While no system can guarantee absolute security, safeguards are appropriate to the risks presented.

10. Data Subject Rights

Individuals have rights under GDPR, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to data portability
  • Right to object
  • Rights relating to automated decision-making

Weve Security Limited does not carry out automated decision-making that produces legal or similarly significant effects. Our services may use automated analytical processes, but final decisions are not made solely by automated means.

Requests may be submitted to [email protected] or [email protected].

We respond within one month, extendable by two additional months where permitted by law.

Right to Lodge a Complaint

As Weve Security Limited is established in Ireland, our lead supervisory authority is:

Data Protection Commission (Ireland) https://www.dataprotection.ie

Individuals may lodge complaints with their local supervisory authority.

11. Children’s Data

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data relating to children under 16.

If such data is identified, we will take reasonable steps to delete it.

Table of contents

© 2024 Weve Security. All rights reserved.

Terms of Service | Privacy Policy