Privacy Policy

Last updated: 4 March 2026

This Privacy Policy explains how Karimah (“we”, “us”, “our”) collects, uses, and shares personal information when you visit karimah.co.uk (the “Site”), submit a form, or otherwise interact with us.

If you have questions, contact us at: hello@karimah.co.uk.

1) Who we are (Data Controller)

Data Controller: Karimah
Email: hello@karimah.co.uk

We are the controller of personal data collected through this Site for the purposes described in this policy.

2) What personal data we collect

A) Data you provide directly

When you fill out a form (e.g., lead capture, waitlist, scorecard), we may collect:

  • Name

  • Email address

  • Company stage

  • Role (e.g., Founder / CTO / Engineer)

  • Security challenge (e.g., access control, secure coding, compliance, risk management)

  • Any other information you choose to submit in a message or free-text field

B) Data collected automatically

When you browse our Site, we may collect:

  • Device and browser information

  • IP address

  • Approximate location (derived from IP)

  • Pages viewed and interactions

  • Referring/exit pages

  • Cookies and similar technologies (see Section 6)

C) Marketing and communications data

If you subscribe to our emails, we may collect:

  • Email engagement data (e.g., opens and clicks)

  • Subscription preferences (e.g., interests you select)

3) How we use your data

We use personal information to:

  • Provide requested resources (e.g., checklists, toolkits, recommendations)

  • Respond to enquiries and support requests

  • Send emails you opted into (e.g., newsletters, product updates, educational content)

  • Improve the Site and user experience

  • Measure performance of pages and campaigns (analytics)

  • Maintain the security of the Site and prevent fraud/abuse

  • Comply with legal obligations

4) Legal bases for processing (UK GDPR)

We process your data under the following legal bases:

  • Consent: when you opt into marketing emails or accept cookies (where required).

  • Contract / steps before contract: when you request a resource, recommendation, or information from us.

  • Legitimate interests: to operate, secure, and improve our Site, and to understand how visitors use it (balanced against your rights).

  • Legal obligation: where we must comply with applicable laws.

You can withdraw consent at any time (see Section 9).

5) Who we share your data with

We may share data with trusted third-party service providers that help us run the Site and communications, such as:

  • Email marketing and automation providers (e.g., Klaviyo)

  • Website hosting / website platform providers (e.g., Squarespace)

  • Analytics providers (e.g., Google Analytics if enabled)

We only share the data necessary for them to provide their services and require them to protect your data.

We may also disclose data:

  • If required by law or legal process

  • To protect our rights, users, or the public

  • In connection with a business transfer (e.g., merger, acquisition)

6) Cookies and analytics

We may use cookies and similar technologies to:

  • Remember preferences

  • Understand how the Site is used

  • Measure marketing effectiveness

You can control cookies through:

  • Your browser settings, and/or

  • A cookie banner/manager (if implemented)

Note: disabling cookies may affect parts of the Site.

7) International data transfers

Some of our service providers may process data outside the UK (for example, in the US). Where personal data is transferred internationally, we take steps to ensure appropriate safeguards are in place (such as UK-approved contractual protections).

8) How long we keep your data

We keep personal data only as long as necessary for the purposes described, including:

  • While you remain subscribed to our emails

  • As needed to provide requested resources or support

  • As required to comply with legal obligations

You can request deletion at any time (see Section 9).

9) Your rights (UK GDPR)

You have rights over your personal data, including:

  • Access (request a copy)

  • Rectification (correct inaccurate data)

  • Erasure (request deletion)

  • Restriction (limit how we process it)

  • Objection (to processing based on legitimate interests)

  • Data portability (receive your data in a usable format)

  • Withdraw consent (for consent-based processing)

To exercise your rights, contact: [your email].

Unsubscribing from marketing

You can unsubscribe at any time using the link in our emails. Unsubscribing stops marketing emails but we may still send important administrative messages if relevant.

Complaints

If you are not satisfied, you can complain to the Information Commissioner’s Office (ICO) in the UK.

10) Security

We use reasonable administrative, technical, and organisational measures to protect personal data. However, no method of transmission or storage is 100% secure.

11) Children’s privacy

Our Site is not intended for children under 16 and we do not knowingly collect data from children.

12) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date.

13) Contact

Karimah
Email: hello@karimah.co.uk
Website:karimah.co.uk