Privacy Policy
Last updated: January 1, 2026
1. Introduction
NewWorldSecurity Ltd. (“NewWorldSecurity,” “we,” “us,” or “our”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website (newworldsecurity.com), use any of our applications or platforms, or engage our professional services (collectively, the “Services”). By accessing or using the Services you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
We may collect the following categories of personal information:
- Contact and Identity Data: name, email address, telephone number, postal address, employer, job title, and professional credentials submitted via our contact form, during service engagements, or at events.
- Account and Authentication Data: usernames, passwords (stored in hashed form only), multi-factor authentication tokens, and session identifiers for any client portal access.
- Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, time zone, pages visited, clickstream data, and referring URLs collected automatically via server logs and analytics tools.
- Communications Data: records of correspondence, meeting notes, call recordings (where disclosed and consented to), and support interactions.
- Engagement Data: information provided in the course of penetration testing scopes, vulnerability disclosures, security assessments, incident response activities, or other professional engagements, including system configurations, network diagrams, and technical artefacts.
- Financial Data: billing address, payment card details (processed and stored exclusively by PCI DSS-compliant third-party payment processors — we do not store full card numbers), and invoicing records.
- Usage and Analytics Data: aggregated and anonymised data about how users interact with the Services, including feature usage, session duration, and performance metrics.
3. How We Use Your Information
We use your personal information for the following purposes:
- Respond to enquiries and provide requested Services.
- Deliver penetration testing reports, vulnerability assessments, security audits, incident response support, and advisory deliverables.
- Manage our business relationship, including billing, contract administration, and account management.
- Comply with applicable legal, regulatory, and professional obligations, including anti-money laundering and sanctions screening.
- Improve our website, platforms, and Services through aggregated, anonymised analytics.
- Send service-related communications, security advisories, and threat intelligence updates where you have requested or consented to them.
- Enforce our Terms of Service and protect our rights, property, or safety and that of our clients and the public.
- Detect, prevent, and respond to fraud, security incidents, and technical issues.
- Conduct internal research and development to improve our methodologies and tooling.
4. Legal Basis for Processing (EEA / UK)
Where the EU General Data Protection Regulation (GDPR) or UK GDPR applies, we process personal data on one or more of the following lawful bases:
- Performance of a contract: processing necessary to fulfil our obligations under an Engagement Agreement or other contract with you.
- Legal obligation: processing necessary to comply with applicable law, regulation, or court order.
- Legitimate interests: processing necessary for our legitimate business interests (such as improving our Services, preventing fraud, and ensuring network security), provided those interests are not overridden by your rights and freedoms.
- Consent: where required by law, we obtain your explicit consent before processing (e.g., for marketing communications). You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
5. Disclosure of Information
We do not sell, rent, or trade your personal information. We may share it with the following categories of recipients:
- Service providers: cloud infrastructure, CRM, analytics, and payment processing providers acting as data processors under appropriate data processing agreements that require equivalent levels of protection.
- Professional advisors: lawyers, auditors, accountants, and insurers bound by professional duties of confidentiality.
- Regulatory and law enforcement authorities: where required by law, regulation, legal process, or enforceable governmental request.
- Corporate transactions: successors in the event of a merger, acquisition, divestiture, restructuring, or asset sale, subject to the same protections described in this Privacy Policy.
- With your consent: to any other third party where you have provided explicit consent.
6. Data Security
We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to: encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, multi-factor authentication, network segmentation, intrusion detection systems, regular vulnerability assessments, and annual independent third-party security audits of our own infrastructure. No method of transmission or storage is completely secure; however, we strive to use commercially reasonable means to protect your data.
7. Data Retention
We retain personal data only as long as necessary for the purposes described above, or as required by applicable law and regulation. Our standard retention periods are:
- Engagement records: seven (7) years following project completion, in accordance with professional and regulatory requirements.
- Contact form submissions: up to twenty-four (24) months unless a client relationship is established.
- Technical and server logs: up to twelve (12) months.
- Financial records: as required by applicable tax and accounting regulations (typically seven years).
Upon expiration of the applicable retention period, personal data is securely deleted or anonymised in accordance with our data disposal procedures.
8. International Transfers
Personal data may be transferred between jurisdictions and to sub-processors located in other countries. Where data originating in the EEA, UK, or Switzerland is transferred to a jurisdiction that has not received an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, or other legally recognised transfer mechanisms to ensure an adequate level of protection.
9. Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
- Access: request a copy of the personal data we hold about you.
- Rectification: request correction of inaccurate or incomplete data.
- Erasure: request deletion of your data where there is no compelling reason for continued processing.
- Restriction: request that we restrict processing of your data in certain circumstances.
- Portability: receive your data in a structured, commonly used, machine-readable format.
- Objection: object to processing based on legitimate interests or for direct marketing purposes.
- Withdraw consent: where processing is based on consent, withdraw that consent at any time.
- Automated decision-making: not be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you.
To exercise any right, contact us at . We will respond within thirty (30) days, or within any shorter period required by applicable law. EEA and UK residents may also lodge a complaint with their local supervisory authority.
10. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you additional rights:
- Right to know: you may request the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
- Right to delete: you may request deletion of personal information we have collected, subject to certain exceptions.
- Right to correct: you may request correction of inaccurate personal information.
- Right to opt out of sale/sharing: we do not sell or share (as defined by the CCPA/CPRA) your personal information.
- Right to non-discrimination: we will not discriminate against you for exercising any of your CCPA/CPRA rights.
To submit a request, email with the subject line “California Privacy Request.” We may need to verify your identity before fulfilling your request.
11. Cookies and Tracking Technologies
We use the following categories of cookies and similar technologies:
- Strictly necessary cookies: essential for website functionality (e.g., session management, security). These cannot be disabled.
- Analytics cookies: help us understand site usage through aggregated, anonymised data. Deployed only with your consent where required by law.
- Functional cookies: remember your preferences (e.g., language, region) to enhance your experience.
We do not use advertising or behavioural tracking cookies. You may manage cookie preferences through your browser settings. Note that disabling certain cookies may affect site functionality.
12. Do Not Track
Some browsers transmit “Do Not Track” (DNT) signals. There is currently no uniform standard for responding to DNT signals. We do not track users across third-party websites and therefore do not respond to DNT signals at this time, but we will re-evaluate this position as standards evolve.
13. Third-Party Links
Our website may contain links to third-party websites or services not operated by NewWorldSecurity. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party site you visit.
14. Automated Decision-Making
We do not currently use solely automated decision-making (including profiling) that produces legal effects or similarly significantly affects you. If this changes, we will update this Privacy Policy and provide appropriate safeguards, including the right to obtain human intervention.
15. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required by applicable law, within seventy-two (72) hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals directly and without undue delay, providing details of the breach and the measures taken or proposed to address it.
16. Children’s Privacy
Our Services are not directed to individuals under 18 years of age (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from minors. If we become aware that we have collected personal data from a minor without verified parental consent, we will take steps to delete that information promptly.
17. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. Material changes will be posted on this page with a revised effective date and, where required by applicable law, we will notify you by email or prominent notice on our website. Continued use of our Services following such changes constitutes acceptance of the revised Privacy Policy.
18. Contact
NewWorldSecurity Ltd. — Data Protection Officer
Terms of Service
Last updated: January 1, 2026
1. Agreement to Terms
These Terms of Service (“Terms”) constitute a legally binding agreement between you (“Client,” “you,” or “your”) and NewWorldSecurity Ltd. (“NewWorldSecurity,” “we,” “us,” or “our”) governing your access to and use of the newworldsecurity.com website and any associated professional services (collectively, the “Services”). By accessing the website or engaging our Services, you agree to be bound by these Terms. If you do not agree, do not use our website or Services.
2. Services
NewWorldSecurity provides cybersecurity services including, but not limited to, penetration testing, satellite communications security, post-quantum cryptography advisory, incident response, cloud security, artificial intelligence security, and managed security operations. The specific scope, deliverables, timelines, and fees for professional services are governed by a separate Statement of Work (“SOW”) or Engagement Agreement executed between the parties. In the event of a conflict between these Terms and a signed SOW or Engagement Agreement, the SOW or Engagement Agreement shall prevail with respect to the specific engagement.
3. Eligibility
Our Services are intended for business entities and organisations. By engaging NewWorldSecurity, you represent and warrant that: (a) you are authorised to act on behalf of your organisation; (b) your organisation is duly incorporated or registered under applicable law; (c) you have the legal authority to enter into binding agreements on behalf of your organisation; and (d) the use of our Services does not violate any applicable law, regulation, or third-party agreement to which you are bound.
4. Authorisation and Scope
All penetration testing, vulnerability assessment, red team, and offensive security activities performed by NewWorldSecurity require explicit written authorisation from the system owner or authorised representative prior to commencement. NewWorldSecurity operates strictly within the agreed scope of work as defined in the applicable SOW or Engagement Agreement. The Client is solely responsible for obtaining all necessary internal and third-party authorisations (including from cloud service providers, hosting companies, and other relevant parties) before testing begins. Engaging NewWorldSecurity does not transfer any authorisation to conduct security testing beyond what is explicitly agreed in the relevant Engagement Agreement.
5. Client Responsibilities
The Client shall: (a) provide timely access to systems, environments, credentials, and documentation as reasonably required for NewWorldSecurity to perform the Services; (b) ensure that all necessary internal approvals, change management procedures, and third-party consents are obtained prior to engagement commencement; (c) designate a primary point of contact with authority to make decisions relating to the engagement; (d) maintain adequate backups of all systems and data within the testing scope; and (e) promptly notify NewWorldSecurity of any changes to the scope, environment, or timeline that may affect service delivery.
6. Confidentiality
All deliverables, findings, vulnerability details, methodologies, reports, and communications produced during an engagement (“Confidential Information”) are strictly confidential. NewWorldSecurity will not disclose client-specific Confidential Information to third parties without prior written consent, except: (a) as required by law, regulation, or court order; (b) to our employees, contractors, and sub-processors who need access to perform the Services and are bound by confidentiality obligations at least as protective as these Terms; or (c) in anonymised, aggregated form that cannot reasonably identify the Client. The Client must not disclose NewWorldSecurity’s proprietary methodologies, tools, or techniques without our prior written consent. The obligations in this section survive termination of these Terms for a period of five (5) years.
7. Acceptable Use (Website)
You agree not to: (a) use our website for any unlawful purpose or in violation of these Terms; (b) attempt to gain unauthorised access to any system, network, or data; (c) introduce malware, viruses, or other disruptive or harmful code; (d) harvest, scrape, or collect data from the site through automated means without prior written consent; (e) misrepresent your identity or affiliation; (f) interfere with or disrupt the integrity or performance of the website; (g) use the website to transmit unsolicited commercial communications; or (h) attempt to reverse-engineer, decompile, or disassemble any part of the website.
8. Intellectual Property
All content on this website — including text, graphics, logos, icons, images, and software — is the exclusive property of NewWorldSecurity or its licensors and is protected by applicable intellectual property laws. Engagement deliverables (reports, findings, recommendations) are licensed to the Client for internal use only upon full payment of all applicable fees. NewWorldSecurity retains all rights, title, and interest in and to its tools, methodologies, frameworks, know-how, and any pre-existing intellectual property. Nothing in these Terms transfers ownership of any intellectual property from one party to the other.
9. Data Protection
Each party shall comply with all applicable data protection laws and regulations (including the GDPR, UK GDPR, and CCPA/CPRA) in connection with any personal data processed in relation to the Services. Where NewWorldSecurity processes personal data on behalf of the Client, a separate Data Processing Agreement (“DPA”) shall be executed. NewWorldSecurity will implement appropriate technical and organisational measures to protect personal data and will not process personal data for any purpose other than performing the Services unless required by applicable law.
10. Fees and Payment
Fees for professional services are set out in the applicable SOW or Engagement Agreement. Unless otherwise agreed in writing: (a) invoices are due within thirty (30) days of the invoice date; (b) late payments accrue interest at the lesser of 1.5% per month or the maximum rate permitted by applicable law; (c) all fees are exclusive of applicable taxes, which shall be borne by the Client; and (d) NewWorldSecurity reserves the right to suspend Services upon fifteen (15) days’ written notice of non-payment.
11. Disclaimers
THIS WEBSITE AND ITS CONTENT ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR ACCURACY. NEWWORLDSECURITY DOES NOT WARRANT THAT THE SITE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF HARMFUL COMPONENTS. PROFESSIONAL SERVICES ARE PROVIDED ON A REASONABLE-EFFORTS BASIS AND ARE GOVERNED BY THE TERMS OF THE APPLICABLE ENGAGEMENT AGREEMENT. SECURITY TESTING CANNOT GUARANTEE THE IDENTIFICATION OF ALL VULNERABILITIES, AND NEWWORLDSECURITY MAKES NO REPRESENTATION THAT SYSTEMS WILL BE FULLY SECURE FOLLOWING AN ENGAGEMENT.
12. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW: (A) NEWWORLDSECURITY SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, REVENUE, DATA, BUSINESS OPPORTUNITIES, OR GOODWILL, ARISING FROM YOUR USE OF THE WEBSITE OR OUR SERVICES, REGARDLESS OF THE THEORY OF LIABILITY; (B) NEWWORLDSECURITY’S AGGREGATE LIABILITY FOR ANY AND ALL CLAIMS ARISING FROM OR RELATED TO PROFESSIONAL SERVICES SHALL NOT EXCEED THE TOTAL FEES ACTUALLY PAID BY THE CLIENT TO NEWWORLDSECURITY IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM; AND (C) NEWWORLDSECURITY’S AGGREGATE LIABILITY FOR CLAIMS ARISING FROM USE OF THE WEBSITE (OUTSIDE OF A PROFESSIONAL ENGAGEMENT) SHALL NOT EXCEED ONE HUNDRED US DOLLARS (US $100). THESE LIMITATIONS APPLY EVEN IF NEWWORLDSECURITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
13. Indemnification
You agree to indemnify, defend, and hold harmless NewWorldSecurity and its officers, directors, employees, contractors, and agents from and against any and all claims, demands, damages, losses, liabilities, costs, and expenses (including reasonable legal fees and court costs) arising from or relating to: (a) your breach of these Terms; (b) your misuse of the Services; (c) your violation of any applicable law or regulation; (d) your infringement of any third-party intellectual property or other rights; or (e) any claim by a third party resulting from the Client’s failure to obtain proper authorisations as required under Section 4.
14. Good-Faith Findings
NewWorldSecurity acts in good faith when conducting authorised security assessments. The Client acknowledges that the discovery and reporting of vulnerabilities is a core function of the Services and that NewWorldSecurity shall not be held liable for any disruption, data exposure, or service degradation that occurs as a natural and foreseeable consequence of authorised testing performed within the agreed scope, provided NewWorldSecurity has exercised reasonable care consistent with industry standards.
15. Termination
Either party may terminate these Terms or any active engagement: (a) for convenience upon thirty (30) days’ prior written notice; or (b) immediately upon written notice if the other party materially breaches these Terms and fails to cure such breach within fifteen (15) days of receiving written notice thereof. Upon termination: (i) the Client shall pay all fees for Services performed up to and including the effective date of termination; (ii) each party shall return or destroy Confidential Information of the other party upon request; and (iii) Sections 6, 8, 11, 12, 13, 14, 20, and 24 shall survive termination.
16. Force Majeure
Neither party shall be liable for any failure or delay in performance due to circumstances beyond its reasonable control, including but not limited to: acts of God, natural disasters, pandemics, epidemics, war, terrorism, cyber-attacks on the party’s own infrastructure, government actions, sanctions, embargoes, power failures, internet or telecommunications outages, or labour disputes. The affected party shall promptly notify the other party and use reasonable efforts to mitigate the impact. If a force majeure event continues for more than sixty (60) days, either party may terminate the affected engagement upon written notice.
17. Export Compliance
The Client acknowledges that the Services and any deliverables may be subject to export control laws and regulations, including the US Export Administration Regulations (EAR), International Traffic in Arms Regulations (ITAR), and equivalent laws of other jurisdictions. The Client shall not export, re-export, or transfer any deliverables or technical data in violation of applicable export control laws without obtaining all required government authorisations.
18. Anti-Bribery and Compliance
Each party represents and warrants that it shall comply with all applicable anti-bribery and anti-corruption laws, including the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act 2010. Neither party shall offer, promise, give, or accept any bribe, kickback, or other improper payment in connection with the Services.
19. Non-Solicitation
During the term of any active engagement and for a period of twelve (12) months following its completion, neither party shall directly solicit for employment any employee or contractor of the other party who was materially involved in the engagement, without the other party’s prior written consent. This does not restrict either party from hiring individuals who respond to general public job advertisements.
20. Governing Law
These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which the Client is domiciled, or as otherwise specified in the applicable Engagement Agreement, without regard to conflict of law principles.
21. Dispute Resolution
Any dispute, controversy, or claim arising from or relating to these Terms or the breach thereof shall first be subject to good-faith negotiation between senior representatives of each party. If the dispute remains unresolved within thirty (30) days of written notice, it shall be submitted to binding arbitration under the rules of a mutually agreed arbitration body. The arbitration shall be conducted in English. The arbitrator’s award shall be final and binding. Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property or Confidential Information.
22. Assignment
Neither party may assign or transfer these Terms, or any rights or obligations hereunder, without the prior written consent of the other party, except that either party may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee agrees in writing to be bound by these Terms. Any attempted assignment in violation of this section shall be void.
23. Notices
All notices required or permitted under these Terms shall be in writing and shall be deemed given when: (a) delivered personally; (b) sent by confirmed email to the address provided by the receiving party; or (c) three (3) business days after being sent by internationally recognised overnight courier to the receiving party’s principal place of business. Notices to NewWorldSecurity shall be sent to .
24. General Provisions
- Entire Agreement: These Terms, together with the applicable SOW, Engagement Agreement, and DPA, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior or contemporaneous communications, proposals, and agreements, whether oral or written.
- Severability: If any provision of these Terms is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent.
- Waiver: The failure of either party to enforce any provision of these Terms shall not constitute a waiver of that party’s right to enforce that provision or any other provision in the future. All waivers must be in writing and signed by the waiving party.
- No Third-Party Beneficiaries: These Terms are for the sole benefit of the parties and do not create any third-party beneficiary rights.
- Relationship of the Parties: NewWorldSecurity is an independent contractor. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between the parties.
- Headings: Section headings are for convenience of reference only and shall not affect the interpretation of these Terms.
- Counterparts: Any SOW or Engagement Agreement may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same instrument. Electronic signatures shall be deemed valid and binding.
25. Changes to Terms
NewWorldSecurity reserves the right to modify these Terms at any time. Material changes will be posted on this page with a revised effective date. Where applicable, we will provide notice via email or prominent notice on our website. Continued use of the website or Services following the posting of changes constitutes your acceptance of the revised Terms. If you do not agree with the modified Terms, you must cease using the Services.
26. Contact
NewWorldSecurity Ltd. — Legal Department