We hold ourselves to the same standard we help you reach.
Our website controls, data handling and submission safeguards are designed to support disciplined governance.
What we collect: name, email, company, role and concern details submitted through forms.
What we do not collect: sensitive compliance evidence through public forms.
Retention: only as long as required for enquiry handling, service delivery and legal obligations.
UK GDPR rights: access, rectification, erasure, restriction and portability where applicable.
HTTPS-only delivery for all website traffic.
Input validation and rate limiting on all form endpoints.
reCAPTCHA / hCaptcha to reduce automated abuse on booking flows.
Admin access protected with strong authentication.
No sensitive compliance evidence accepted through public forms.
Primary infrastructure: Firebase / Google Cloud.
Preferred regional alignment: europe-west2 (London), depending on service configuration.
Data is not sold and not shared with unrelated third parties.
HIMAYA provides cybersecurity, governance, risk, compliance and operational assurance support. HIMAYA does not provide legal advice, regulatory representation or guarantee regulatory outcomes.