Facebook Instagram Linkedin X-twitter
Contact Us

Privacy Policy

Effective Date: February 14, 2026

1. Introduction

Welcome to the Netravix website. This website is owned and operated by Netravix Ltd (“we,” “us,” or “our”).

We are committed to protecting your corporate and personal data and respecting your privacy to the highest international standards. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage with our B2B consultancy services.

Please read this policy carefully. If you do not agree with the terms outlined here, please refrain from using the site.

2. Data Controller & Global Operations

Netravix Ltd is the Data Controller responsible for your personal data. We operate a global delivery model with legal governance anchored in the United Kingdom and technical operations distributed internationally.

Headquarters (Data Controller):
124 City Road, London, EC1V 2NX, United Kingdom

Contact:
contact@netravix.com

3. Information We Collect

We collect two primary categories of information to facilitate our B2B services.

A. Data You Provide

We may collect data when you:

  • Register on the website
  • Fill out a contact form
  • Engage in a commercial contract

This may include:

  • Identity Data — First name, last name, job title, corporate entity
  • Contact Data — Corporate email address, business address
  • Billing Data — Payment and invoicing information

B. Automated Technical Data

To ensure enterprise-grade security and site performance, we automatically collect:

  • Technical Data — IP address, browser type, version, time zone, operating system
  • Usage Data — How you interact with our platform

4. Why We Process Your Data

We process your data for legitimate business purposes:

Service Delivery
To fulfil consultancy and infrastructure contracts.

Security Monitoring
To identify fraud and cyber threats.

Communication
To send updates and administrative information.

Legal Compliance
To comply with applicable laws including UK Data Protection Act 2018.

5. International Data Transfers

Netravix Ltd operates global engineering nodes. Your data may be processed by global technical teams including Pakistan and Australia for 24/7 monitoring.

We use UK International Data Transfer Agreements (IDTAs) and follow ISO/IEC 27001 security standards.

6. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Be informed
  • Access your data
  • Request rectification
  • Request erasure
  • Restrict processing

Contact:
contact@netravix.com

7. Data Retention & Security

We retain data only as long as necessary. Your data is protected by:

  • Administrative safeguards
  • Technical safeguards
  • Physical safeguards

No internet transmission is fully secure.

8. Governing Law

This Privacy Policy is governed by the laws of England and Wales. Disputes fall under England and Wales jurisdiction.

Step 1 of 13

1. How do you assess and manage enterprise cyber risk?

Formal enterprise risk framework with continuous third-party monitoring and executive reporting.
Point-in-time compliance checks and annual risk assessments.
Ad-hoc risk assessments, mostly driven by external audit requirements.
Currently building our formal risk and vendor management framework.

2. How is sensitive corporate data classified, protected, and tracked?

Automated data discovery, strict classification tagging, and global DLP enforcement.
Manual data classification policies with basic access controls.
Fragmented data storage with no formal enterprise-wide classification.
Rely entirely on cloud service providers for data protection.

3. What architectural principles govern your cloud and on-premise security?

Secure-by-design with mandatory encryption, container security, hardened baselines.
Standard infrastructure deployments with partial encryption.
Legacy architecture with minimal cryptographic enforcement.
Visibility into total cryptographic and architectural posture is limited.

4. How is your internal network segmented to prevent lateral movement?

Micro-segmentation & strict Zero Trust applied universally.
Basic VLANs separate critical servers from user traffic.
Flat network architecture, traffic largely unrestricted.
Cloud-native, lateral movement unmonitored in VPCs.

5. How is identity authentication & privileged access managed?

Universal MFA, SSO, PAM with Just-in-Time access.
MFA on critical systems, admin accounts without formal PAM.
Partial MFA, standard accounts used for high-level IT tasks.
Fragmented visibility into privileged accounts.

6. What is your methodology for validating defenses and managing vulnerabilities?

Continuous scanning, automated patching, annual penetration testing.
Monthly patch cycles & occasional compliance scans.
Ad-hoc patching or only when required by regulator.
No formal tracking of patch compliance or testing.

7. What level of continuous threat detection & monitoring is deployed?

Next-Gen EDR/XDR with 24/7 SOC monitoring, automated isolation.
Standard Antivirus or unmonitored EDR alerts during business hours.
Legacy antivirus or fragmented solutions across regions.
Lack centralized visibility into endpoint fleet & network telemetry.

8. How prepared is your organisation to respond to critical ransomware?

Documented IR plan tested with immutable, air-gapped backups.
Documented IR plan with offsite backups, rarely tested together.
No formal IR plan, rely on local backups only.
Fully external MSPs/SaaS without joint recovery plan.

9. How is security integrated into software development or procurement?

Shift-left DevSecOps with automated SAST/DAST & dependency checks.
Security reviews immediately prior to deployment/procurement.
Minimal security testing, vulnerabilities patched post-deployment.
No internal development or formal SaaS code assessment.

10. How is continuous cybersecurity awareness & social engineering defence handled?

Monthly phishing simulations, role-specific training, active threat education.
Annual compliance-based video training for all staff.
Ad-hoc training only after security incidents.
Currently implementing formal security awareness program.

Does your organisation have any unique architectural factors (like heavily OT/ICS, purely serverless, complex regulatory needs) that our Principals should know before calculating your final report?

Assessment Complete. Generate Your Global Resilience Score.