BladeSec IA Logo

Company Information

Company principles
Certifications and qualifications
Why choose BladeSec IA?
News and comment

Products and Services

Typical work
Engaging us
Specific highlights

Travel Advice


Contact us
Privacy statement <
Terms and conditions
Environment statement
Equality and diversity statement

Privacy Statement

BladeSec IA Services, Ltd is committed to maintaining and safeguarding the privacy of our clients and website users. This statement sets out how we will manage your data and as a consequence, we think that it is slightly different. We may vary this from time-to-time:-

Use of this website.

We don't use cookies. Period. We conduct no performance analysis, user-experience, profiling or tracking of your device.

No part of this website requires registration to use. We do not collect information from this site nor do we conduct any analysis of log files except for detecting problems.

Use of e-mail.

You may voluntarily submit information to us by e-mail. In this case, it will remain a legitimate, recoverable business record for 7+1 years. (This means that it will remain accessible and auditable for the remainder of the current fiscal year plus a further seven years. Thus if you send us an e-mail in July, 2020, we will be able to access it until March 2028. This is calculated on the basis of the remainder of the current fiscal year, which takes us to March 2021, plus another seven years.)

Our e-mail is hosted on in a G-Suite account configured in accordance with NCSC guidance. We have a variety of methods of ensuring that e-mail use is and remains secure. If your e-mail is PGP encrypted, the key is held locally on the recipient's corporate device and hence only the sender and recipient will have access to the e-mail content. BladeSec IA e-mail is configured properly, and if a mail server supports it, 100% of fake and spoofed e-mail will be rejected.

Unsolicited commercial e-mail (or spam).

We do not undertake any automated or bulk direct marketing activities. We do not operate an opt-in marketing list either. All of these things are wrong in our view. If you do get an apparent unsolicited commercial e-mail from us, please forward it, including all the e-mail headers to We will be happy to donate half-a-day of consultancy to organisations who provide us with information that permits us identify a fraudulent sender.

Storage of electronic information.

All corporately owned devices that could, potentially go off site, are encrypted. The platform used to back data up from those devices is secure and physically located within the UK. Backups of that device are held in a fireproof safe in a geographically diverse location within the UK. Backups also reflect our information retention policy.

All computer storage media is replaced on a rolling three year cycle to minimise the risk of corruption.

One year after last contact with you, all electronic documentation will be securely, but non-destructively deleted in accordance with HMG IS5 for reuse in the same environment.

Electronic records that are required for evidential, insurance, statutory or regulatory requirements will be kept beyond this period, but will be maintained on the basis of being the "minimum" possible for a maximum of 7+1 years. (This means that it will remain accessible and auditable for the remainder of the current fiscal year plus a further seven years. Thus if our last contact with you is in July, 2020, we will hold all your information until July, 2021. At that point, we will remove your customer files. Items such as time-sheets, invoices, e-mail, etc., will be deleted by March 2029. This is calculated on the basis of the remainder of the current fiscal year, which takes us to March 2022, plus another seven years.)

Storage of physical information.

Physical documentation that is generated as part of delivering a service is stored in SEAP Class 2 filing cabinet. Other, particularly sensitive items are encapsulated within an additional SEAP Class 2 box within the filing cabinet. Additional controls are available as required by clients.

Physical documents will be kept for 1+1 years after last contact. (This means that documents will be destroyed at the end of the fiscal year following the current one. Thus, if our last contact with you is July, 2020, the documents will be destroyed in March, 2022.) This is different to the way we handle your electronic documents.

Transfer of information.

Transferring material across the internet is inherently insecure. If you have particular requirements, please let us know as we have a variety of mechanisms to support this.

Sometimes, as part of delivering a service to you, we may disclose material to a third party. It could be, for example, to engage in a specialist associate, for escrow or for a document to be quality assured. We will always attempt to confirm that you are content for this to happen, however, we will assume that by engaging with us, you are content to trust us to permit this on your behalf. We assert that we have taken, and continue to take appropriate statutory, organisational, procedural, technical and personnel measures to protect and manage your information when we do so. No data is sent outside of the UK when doing this.

Destruction of information.

Old computer storage media is destroyed in accordance with HMG IS5.

Physical, paper documents are reduced to 2mm x 10mm particles before being recycled.

Data protection.

You may ask to see a copy of the personal information that we associate with you at any point. There is a £10 charge for this. (Our address is listed here. Please do not send cash and make cheques payable to "BladeSec IA Services, Ltd").

Please advise us of any corrections that you require.

BladeSec IA Services, Ltd. are a data controller registered with the UK Information Commissioner's Office. Our registration number is ZA349302.

Warrant canary.

We are not in possession of any warrant compelling us to disclose any material.