Privacy Policy

Expert Insights Privacy Policy.

Last updated on Apr 2, 2026 13 Minutes To Read
Craig MacAlpine Written by Craig MacAlpine

Last updated: 2 April 2026

This Privacy Policy explains how Expert Insights Tech Ltd (“Expert Insights”, “we”, “us”, “our”) collects, uses, shares, and protects information when you visit our website at expertinsights.com, subscribe to our newsletters, download our research and reports, or otherwise interact with our services (collectively, the “Services”).

Expert Insights is a cybersecurity media and research publication. We provide independent product analysis, buyers’ guides, market research, and editorial content for cybersecurity professionals, IT leaders, and managed service providers.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.

1. Data Controller

The data controller responsible for your personal data is:

Expert Insights Tech Ltd

Company number: 11425031

Registered address: Higher Mill, Buckfast Abbey, Buckfastleigh, Devon, TQ11 0EE, United Kingdom

ICO registration number: ZB060024

VAT number: GB 301 6302 63

Email: [email protected]

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you interact with our Services, including when you subscribe to a newsletter, download a report or research asset, complete a contact form, request a product demo or quote, or respond to a survey. This information typically includes your name, email address, company name, job title, and phone number.

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical and behavioural information using cookies, web beacons, server logs, and similar technologies. This includes your IP address, browser type and version, device type, operating system, referring URL, pages visited, time spent on pages, click behaviour, and general geographic location.

2.3 Newsletter Engagement Data

When you receive emails from us, we may track whether you open the email, which links you click, and how you engage with the content. This data helps us improve our newsletters and understand the topics most relevant to our readers.

2.4 Company-Level Insights (Anonymous Visitors)

When you browse our website without creating an account or submitting a form, we do not collect personal information that identifies you individually. However, we use third-party analytics and data enrichment tools (such as IP-to-company lookup services) to identify the organisation associated with your IP address. This allows us to generate company-level engagement data and intent signals — for example, understanding that a particular company has shown interest in email security products based on the pages visited from that company’s network. This company-level data does not identify you as an individual and is aggregated across all visitors from a given organisation. We may share this company-level insight data with our advertising partners and clients as part of our market intelligence services.

2.5 Registered User Usage Data

When you create an account on Expert Insights, subscribe to a newsletter, or otherwise register with us, we are able to track your individual engagement with our content. This “Usage Data” includes which articles, buyers’ guides, and research reports you view; which links you click; which emails you open; how frequently you visit; and which product categories and topics you engage with. We associate this Usage Data with your registration information (such as your name, email address, company, and job title) to build a profile of your professional interests. We may share or make available this Usage Data, together with your registration information, to our advertising partners, clients, and other third parties for their own sales and marketing purposes. This means that by creating an account, businesses whose products or services match your interests may contact you based on the content you have engaged with on Expert Insights. For further details on this data sharing, see Section 5.4 below.

2.6 Inferred Information and Automated Analysis

We may infer new information from the data we collect, including by using automated means such as machine learning, statistical analysis, and third-party data enrichment services (which may themselves use machine learning or large language models). These inferences may include information about your likely professional interests, the cybersecurity topics or product categories most relevant to you, the market segment or industry your organisation belongs to, and your stage in a purchasing or evaluation cycle. We use these inferences to personalise your experience on Expert Insights, improve our editorial content and services, deliver more relevant communications, generate market intelligence for our advertising partners, and create audience segments for marketing on our own and third-party platforms. Where inferences are derived from individual-level Usage Data (as described in Section 2.5), they are subject to the same data sharing and consent provisions as your Usage Data. We do not use automated decision-making that produces legal or similarly significant effects concerning you.

3. Legal Bases for Processing (UK GDPR / EU GDPR)

We process your personal data on the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to a newsletter, downloading a research asset, or creating an account. When you register with Expert Insights, you consent to us tracking your engagement with our content and sharing your Usage Data and registration information with third parties for their sales and marketing purposes, as described in Sections 2.5 and 5.4. You may withdraw consent at any time by contacting us at [email protected] or using the unsubscribe link in our emails.
  • Legitimate interests: We process data where it is in our legitimate business interests to do so, provided those interests are not overridden by your rights. This includes operating and improving our website, delivering relevant content, measuring the effectiveness of our editorial and commercial activities, generating aggregated company-level market insights from anonymous browsing data (see Section 2.4), and using IP-to-company enrichment tools to understand which organisations are engaging with our content.
  • Performance of a contract: Where processing is necessary to fulfil a contract with you or to take steps at your request before entering into a contract.
  • Legal obligation: Where we are required to process your data to comply with a legal or regulatory obligation.

4. How We Use Your Information

We use the information we collect to:

  • Operate, maintain, and improve our website and Services
  • Deliver newsletters, research reports, and other communications you have requested
  • Personalise your experience and deliver content relevant to your interests
  • Measure and analyse the performance of our content and advertising
  • Generate aggregated company-level market intelligence and intent data from anonymous browsing activity
  • Track registered users’ engagement with our content and share Usage Data with advertising partners and clients for their sales and marketing purposes
  • Administer lead generation campaigns where you have opted in
  • Respond to your enquiries and provide customer support
  • Detect, prevent, and address technical issues, fraud, or security concerns
  • Comply with legal obligations

5. Lead Generation and Data Sharing with Vendors

5.1 Click-Through to Vendor Websites

In most cases, when you click a link to a vendor’s website from our content, you leave our site and interact directly with the vendor. Any data you provide on the vendor’s website is subject to that vendor’s own privacy policy. We do not receive your personal data in these circumstances.

5.2 Hosted Lead Generation Campaigns

In certain campaigns (for example, gated research downloads on resources.expertinsights.com), we collect your information via a form and share it with the sponsoring vendor. This is clearly indicated at the point of data collection, and you will be told which vendor will receive your data before you submit the form. Your data is stored in our CRM (HubSpot) and shared with the sponsoring vendor in accordance with the terms disclosed at the time of collection.

5.3 Aggregated and Company-Level Insights

We may share aggregated or company-level engagement data with advertising partners. This data does not identify you personally but may include information about which companies have shown interest in particular product categories or topics. For details on how we generate this data, see Section 2.4.

5.4 Registered User Usage Data Sharing

If you have created an account or registered with Expert Insights (including by subscribing to a newsletter), we may share or make available your personal information and Usage Data (as described in Section 2.5) with our advertising partners, clients, and other third parties for their own sales and marketing purposes. The information shared may include your name, email address, company name, job title, and details of which content you have engaged with on our platform (such as articles viewed, buyers’ guides read, product categories researched, and emails opened).

This sharing enables cybersecurity vendors and other businesses to understand the interests of IT and security professionals and to contact individuals whose engagement suggests a relevant need. By creating an account with Expert Insights, you acknowledge and consent to this sharing. You may withdraw your consent at any time by contacting us at [email protected], at which point we will cease sharing your personal information with third parties for their marketing purposes. Please note that withdrawal of consent does not affect the lawfulness of sharing that took place before your withdrawal, and third parties who have already received your data will be subject to their own privacy policies regarding any continued use.

For California residents: this sharing of registered user data may constitute a “sale” or “sharing” of personal information under the CCPA/CPRA. For more information on your rights, see Section 10.2.

6. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: Required for the website to function properly.
  • Analytics cookies: Used to understand how visitors interact with our website (e.g. Google Analytics).
  • Advertising and attribution cookies: Used to measure the effectiveness of advertising campaigns and attribute conversions (e.g. Google Ads, LinkedIn Ads, Everflow).
  • Email tracking: Tracking pixels in emails to measure open rates and click-through rates.

You can manage cookie preferences through your browser settings. Please note that disabling cookies may affect the functionality of our website.

7. Third-Party Services

We work with trusted third-party service providers who process data on our behalf, including analytics platforms (such as Google Analytics), advertising platforms (such as Google Ads and LinkedIn), email delivery services, CRM systems (such as HubSpot), campaign tracking and attribution tools (such as Everflow), and data enrichment services. These providers are contractually required to protect your data and may only process it for the purposes we specify.

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any third-party sites you visit.

8. International Data Transfers

Expert Insights is based in the United Kingdom. Our Services are used by visitors and subscribers globally, including in the United States, European Economic Area (EEA), Australia, and the Middle East. Your data may be transferred to and processed in countries outside your own jurisdiction, including the UK and United States.

Where we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office or the European Commission, or reliance on an adequacy decision.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting obligations. When determining retention periods, we consider the nature and sensitivity of the data, the purposes of processing, and applicable legal requirements.

When your data is no longer required, we will securely delete or anonymise it. If deletion is not immediately possible (for example, because the data is stored in backup archives), we will isolate the data from further processing until deletion is practicable.

10. Your Rights

10.1 Rights Under UK GDPR and EU GDPR

If you are located in the United Kingdom or European Economic Area, you have the following rights regarding your personal data: the right to access your data and obtain a copy; the right to rectification of inaccurate or incomplete data; the right to erasure (“right to be forgotten”) in certain circumstances; the right to restrict processing; the right to data portability; the right to object to processing based on legitimate interests; and rights relating to automated decision-making and profiling.

10.2 Rights Under US Privacy Laws

If you are a resident of California or another US state with applicable privacy legislation, you may have additional rights, including the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising your privacy rights.

When you create an account or register with Expert Insights, we may share your personal information (including your registration details and Usage Data as described in Sections 2.5 and 5.4) with our advertising partners and clients for their own sales and marketing purposes. Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), this sharing may constitute a “sale” or “sharing” of personal information. You have the right to opt out of this sale or sharing by contacting us at [email protected] with the subject line “CCPA Opt-Out.” If you opt out, we will cease sharing your personal information with third parties for their own marketing purposes, although we may continue to use your data for our own internal purposes as described in this policy. We do not sell the personal information of anonymous website visitors; the company-level data described in Section 2.4 does not identify individuals and is not considered a sale of personal information under the CCPA. We do not use personal information for automated decision-making or profiling that produces legal or similarly significant effects.

10.3 Exercising Your Rights

To exercise any of your rights, please contact us at [email protected]. We will respond to your request within the timeframe required by applicable law (typically 30 days under UK GDPR). We may need to verify your identity before processing your request.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures are regularly reviewed and updated as necessary. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

12. Age Restriction

Our Services are designed for business professionals and are not intended for use by anyone under the age of 18. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that data promptly.

13. Do Not Track

Some browsers offer a “Do Not Track” (DNT) setting. There is currently no universally accepted standard for how websites should respond to DNT signals. We do not currently respond to DNT signals, but we respect your right to manage cookies and tracking through your browser settings.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of our Services after any changes constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Expert Insights Tech Ltd

Higher Mill, Buckfast Abbey

Buckfastleigh, Devon, TQ11 0EE

United Kingdom

Email: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk, or with your local data protection authority if you are located in the EEA.

16. Related Properties

Expert Insights Tech Ltd also operates the following websites, each of which has its own privacy policy:

Standalone Sites

Cyber Weekly (cyber-weekly.com), Cyber Daily (cyber-daily.com), CyberPolicyFinder (cyberpolicyfinder.com), and Expert Insights Resources (resources.expertinsights.com). Where you interact with these properties, the privacy policy published on that specific site applies.

Verdict Review Sites

Expert Insights Tech Ltd also operates a network of independent review sites across various cybersecurity categories (such as cloud backup, email security, endpoint security, identity and access management, data protection, application security, GRC and compliance, and security awareness training). Each of these sites publishes its own privacy policy and terms of use, and identifies Expert Insights Tech Ltd as the data controller. Where you interact with these properties, the privacy policy published on that specific site applies.

Campaign Subdomains

We also operate campaign-specific subdomains (e.g., [vendor].expertinsights.com and resources.expertinsights.com) for vendor lead generation campaigns. Data collected via forms on these subdomains is shared with the sponsoring vendor as disclosed at the point of collection. The privacy notice published on resources.expertinsights.com governs data collected through these campaign pages.

Written By Written By
Craig MacAlpine
Craig MacAlpine CEO and Founder

Craig MacAlpine is CEO and Founder of Expert Insights. Before founding Expert Insights in August 2018, Craig spent 10 years as CEO of EPA Cloud, an email security provider that rebranded as VIPRE Email Security following its acquisition by Ziff Davies, formerly J2Global (NASQAQ: ZD) in 2013.

Craig is a passionate security innovator with over 20 years of experience helping organizations to stay secure with cutting-edge information security and cybersecurity solutions.

Using his extensive experience in the email security industry, he founded Expert Insights with the singular goal of helping IT professionals and CISOs to cut through the noise and find the right cybersecurity solutions they need to protect their organizations.