Privacy Policy for AllIncontext Limited

This Policy is derived from the proposition by Security Researcher, and Author, Bruce Schneier that Data is a Toxic Asset. See the Schneier on Security blog (HTTPS Direct) for more detail. Note: The AllIncontext Privacy Policy on External Links is here in the following list of Privacy Bullet Points which apply to both AllIncontext Limited as a UK Company and its Web sites:

• AllIncontext Limited only retains Data which it ia legally bound to do so for Record Keeping, by Companies House (HTTPS Direct) in the UK. For example, an Invoice issued by AllIncontext Limited needs to contain certain Data like the Name and Address of the Invoicee. This Data is not shared with third parties unless there is a legal obligation to do so. Usually, this Data is Publically available, for example on Electoral Rolls, or via other Organizations, such as the Postal Service.
  Note1: External links are indicated by the Box and Arrow symbol you can see to the right of the Companies House link above.
  Note2: To the right of that symbol is an indication of the type of Protocol that the Link uses. For AllIncontext Limited, these will be either HTTPS Direct (indicating a Secure and Encrypted Web Browsing Session to that link), or HTTP Direct, not Secure (indicating that any Data sent between your Web Browser, and the Web Site hosting that Link, might be intercepted by a third party).
• AllIncontext Limited does not use Cookies, but your Web Browser might use a Session (HTTPS Direct) Cookie, which is temporary.
• Public Data, such as a Domain Name, is outside the scope of this Privacy Policy. However, if AllIncontext Limited uses Public Data, we endeavour to make use of Hash-based Message Authentication Codes (HMAC's [HTTPS Direct]) to anonymise the Public Data, especially where that Data might reside on an AllIncontext Limited Web Site.
  For example: If your Domain Name was mydomain.uk and AllIncontext Limited needed to store a Globally Unique Identifier (GUID [HTTPS Direct]) to allow you access to specific Web pages, we might authorise that access using an HMAC256 where the GUID is the Message and your Domain Name is the Key.
  The resulting HMAC is just a pseudo-random (HTTPS Direct) string of characters. When you try and access those Web pages over a Secure, HTTPS, session you would need to enter your GUID and Domain Name. The Web site then does a calculation of the HMAC based on what you enter. If the calculated HMAC matches the stored HMAC, then you get access to those Web pages, otherwise access is denied.
  Note: There is an element of quid pro quo (HTTPS Direct) in this process, because the AllIncontext Limited expectation is that you keep the GUID safe and secure. If you lose it, or it leaks out, then potentially anyone can access those Web pages, unless you request a new GUID. That is why Data is a Toxic Asset.
• External Links: AllIncontext Limited cannot guarantee the Security of any External Link. AllIncontext Limited uses best effort to ensure that the External Links provided are suitable when used to provide supporting, or relevant, information. The Box and Arrow symbol is used to make you aware that a Link is External, a Tooltip (HTTPS Direct) is used to indicate an External Link, and we give an indication of the Protocol used to make the connection to the target of the Link.
• Web Browser Scripting: AllIncontext Limited does not use Script in Web pages, only an XHTML (HTTPS Direct) character stream beween our Web Site and your Web Browser. AllIncontext Limited cannot guarantee that an External Link is Free of Scripts. You should adopt a best practice of disabling Script (such as Javascript) in your Web Browser (if possible). Only you can balance the risk between functionality of a Web page and Data Security and Safety. If you do allow Script to be used on Web pages, ensure that your Web Browser Security patches (HTTPS Direct) are up to date.
• To re-iterate: AllIncontext Limited does not collect, or store, Personal Data, other than that legally required by Companies House in the UK. Any other Data, such as Public Data, if required to be stored, will use an HMAC. AllIncontext Limited does not share Data with third parties, unless there is a legal obligation to do so (for example a warrant [HTTPS Direct]).

If you have a query about the AllIncontext Limited Privacy Policy, please see the Contact page.