Introduction
This Privacy Policy explains how OTVerdict collects, uses, and protects information submitted through this website and through the OTVerdict assessment process. OTVerdict is an independent operational technology cybersecurity assessment service operating from the United Kingdom. This policy is effective from March 2026.
Who We Are
OTVerdict provides independent OT cybersecurity defensibility assessments for industrial operators. For the purposes of UK GDPR, OTVerdict acts as a data controller in respect of information collected through this website, and as a data processor in respect of operational evidence and documents submitted by clients during the assessment process.
Information We Collect
OTVerdict may collect personal and organisational information submitted through website contact forms, scoping questionnaires, and assessment evidence submissions. This may include: contact name, job title, email address, phone number, company name, sector, and operational context information. For assessment engagements, clients may also submit operational documentation, architecture diagrams, policy documents, and other evidence materials.
How Information Is Used
Information submitted through the website or assessment process is used solely for the purpose of scoping, delivering, and communicating the OTVerdict assessment service. Submitted information is not sold, rented, or shared with third parties for marketing or commercial purposes.
Evidence and Document Handling
Operational artifacts, documents, and evidence submitted as part of an assessment engagement are treated as confidential. Submitted materials are used only for evaluation and preparation of the defensibility assessment report. Clients should not submit credentials, passwords, or other sensitive authentication data.
Third-Party Data Processing
Information submitted through questionnaires and assessment forms may be processed using secure third-party platforms that act as data processors on behalf of OTVerdict, including form submission tools and engagement data management systems. Some of these platforms may be hosted outside the United Kingdom. Where data is transferred internationally, OTVerdict ensures appropriate safeguards are in place in accordance with UK GDPR requirements. A Data Processing Agreement (DPA) is available to enterprise clients on request.
Data Retention
Assessment submissions, evidence documents, and engagement records are retained for a period of 12 months following delivery of the final assessment report. After this period, data may be securely deleted on request. Clients may request early deletion of their data at any time by contacting OTVerdict at help@otverdict.com.
Your Data Rights
Under UK GDPR, you have the right to access, correct, or request deletion of personal data held by OTVerdict. You also have the right to restrict or object to processing, and the right to data portability. To exercise any of these rights, please contact help@otverdict.com. Complaints may also be directed to the Information Commissioner's Office (ICO) at ico.org.uk.
Data Security
OTVerdict takes reasonable technical and organisational measures to protect submitted information. Access to client records and evidence is restricted on a need-to-know basis. No shared credentials are used for client data storage.
Cookies and Website Use
This website may use basic cookies or analytics tools to understand website usage. These do not collect sensitive operational information. Where analytics tracking is used, it will be disclosed and consent obtained where required.
Changes to This Policy
OTVerdict may update this Privacy Policy from time to time. The current version will always be available on this page. Continued use of the website or services following updates indicates acceptance of the revised policy.
Contact
For privacy or data enquiries, including requests to access, correct, or delete data, please email help@otverdict.com or use the contact form on the website.