ESProfiler

Terms & Conditions

Last updated: 19 June 2026

1. About these terms

These Terms & Conditions ("Terms") govern your use of the Capability Exchange platform ("Platform", "we", "us", "our"), operated by ESPROFILER Ltd, a company registered in the United Kingdom with its registered office at Midway House, Herrick Way, Staverton, Cheltenham, GL51 6TQ, United Kingdom.

By creating an account or using the Platform, you agree to be bound by these Terms and our Privacy Policy , which explains how we collect, use, and protect your personal data in compliance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

ESPROFILER never collects data to sell to third parties or vendors without notification, permission, and a genuine interest to improve our platform.

2. The service

Capability Exchange is an independent registry for cyber security capability, provided by ESProfiler. The Platform allows you to search vendors and products, explore security frameworks, build a portfolio of your security stack, and map your tools against industry frameworks to identify coverage gaps and overlaps.

The Platform is a free tier offering. ESProfiler may also offer enterprise-grade products and services separately. We may update, suspend, or withdraw features of the Platform at any time. We do not guarantee that the Platform will be uninterrupted or error-free.

3. Your account

You must sign in using a supported authentication provider (currently LinkedIn). When you sign in, we receive profile information from that provider (such as your name, email address, and profile image) to create and maintain your account.

You are responsible for maintaining the security of your account and for all activity that occurs under it. You must provide accurate information and keep your account details up to date.

You must be at least 18 years old and have authority to accept these Terms on behalf of yourself or the organisation you represent.

4. Acceptable use

You agree not to:

  • Use the Platform for any unlawful purpose or in breach of applicable regulations
  • Attempt to gain unauthorised access to the Platform, its systems, or other users' accounts
  • Scrape, harvest, or systematically extract data from the Platform without our written consent
  • Misrepresent your identity, affiliation, or the security products in your portfolio
  • Interfere with or disrupt the integrity or performance of the Platform

5. Data protection and privacy

5.1 Data controller

ESPROFILER Ltd is the Data Controller responsible for your personal data processed through the Platform. We have appointed a Data Protection Officer ("DPO") who can be contacted at:

  • Name: Louis Holt
  • Email:[email protected]
  • Address: Midway House, Herrick Way, Staverton, Cheltenham, GL51 6TQ, United Kingdom

You have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection ( www.ico.org.uk ). We would appreciate the chance to address your concerns before you contact the ICO.

5.2 Personal data we collect on the Platform

When you use Capability Exchange, we may collect and process the following categories of personal data:

  • Profile/Identity Data: name and profile image received from LinkedIn when you sign in
  • Contact Data: email address (from LinkedIn or company verification), company name, and company email address if you choose to verify your organisation
  • Account Data: your portfolio of security products, framework mapping history, account tier status, and records of when you accepted these Terms and any marketing preferences
  • Technical/Usage Data: information about how you interact with the Platform (such as pages visited and features used), collected via analytics tools to help us improve the service
  • Marketing and Communications Data: your preferences for receiving marketing from us, where you have opted in separately

We do not collect special categories of personal data (such as health, biometric, or political data) through the Platform.

5.3 Legal basis for processing

We process your personal data only where we have a lawful basis under the UK GDPR:

  • Contractual obligation — to create and manage your account, provide portfolio and mapping features, and deliver the services you request
  • Consent — where you opt in to marketing communications, or where required for specific optional processing
  • Legitimate interests — to improve the Platform, understand usage patterns, maintain security, and prevent fraud, where those interests are not overridden by your rights
  • Legal compliance — where we are required to process or retain data by law

5.4 How we use your data

We use your personal data to:

  • Provide, operate, and maintain your Capability Exchange account
  • Enable portfolio management, framework mapping, and related platform features
  • Verify your company email address if you choose to upgrade your account tier
  • Send service-related communications (such as mapping result notifications and verification emails)
  • Improve the Platform through analytics and aggregated usage insights
  • Comply with legal obligations and enforce these Terms

We may also aggregate and anonymise data derived from Platform usage to produce industry reports and insights. Where such data cannot identify you, it is not treated as personal data. Where aggregated data is combined with personal data in a way that could identify you, we treat it as personal data in accordance with our Privacy Policy .

5.5 Data retention

We retain your personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. If you request deletion of your account, please contact our DPO. We may retain certain data where required by law or where there is a prospect of litigation.

5.6 Third parties and international transfers

We use third-party service providers to operate the Platform, including authentication (LinkedIn), hosting, email delivery, and analytics. These providers process data on our behalf under appropriate contractual safeguards. Some providers may process data outside the United Kingdom; where this occurs, we ensure appropriate safeguards are in place as required by UK GDPR.

We do not sell your personal data. We may share data with interested parties in connection with a change of control, acquisition, or licensing of our technology, as described in our Privacy Policy . We may also disclose data where required by law or to enforce these Terms.

5.7 Your rights

Under UK data protection law, you have the right to:

  • Be informed about how we use your data (as set out here and in our Privacy Policy)
  • Access a copy of the personal data we hold about you
  • Rectification of inaccurate or incomplete data
  • Erasure of your data in certain circumstances
  • Restrict processing in certain circumstances
  • Object to processing, including for direct marketing
  • Data portability for data you provided, where applicable
  • Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, contact our DPO at [email protected]. You will not normally have to pay a fee. We may need to verify your identity before responding. Full details are in our Privacy Policy .

5.8 Security

We implement appropriate technical and organisational measures to protect your personal data. However, no transmission of data over the internet is guaranteed to be completely secure. You are responsible for keeping your sign-in credentials secure. If you believe your account has been compromised, contact us immediately.

6. Marketing and sales communications (optional)

Marketing communications are not a condition of using the Platform. If you choose to opt in separately when creating your account, ESProfiler may contact you by email or other electronic means about:

  • ESProfiler products, features, and services
  • Cyber industry reports and insights generated using Capability Exchange data
  • Invitations to events, webinars, and demonstrations
  • Sales outreach regarding ESProfiler's enterprise offerings

We process your contact details for marketing only where you have given explicit consent. From time to time we may make suggestions about goods or services that may be of interest to you, consistent with our Privacy Policy .

You may withdraw consent or opt out at any time by clicking the unsubscribe link in our marketing emails or by contacting [email protected]. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. We will continue to retain other personal data necessary to provide the Platform.

7. Intellectual property

All content, data, software, branding, and materials on the Platform are owned by or licensed to ESPROFILER Ltd. You receive a limited, non-exclusive, non-transferable licence to access and use the Platform for your internal business purposes. You may not copy, modify, distribute, or create derivative works from Platform content without our prior written consent.

8. Third-party data and links

The Platform aggregates and presents data about vendors, products, and frameworks from various sources. While we strive for accuracy, we do not warrant that all third-party information is complete, current, or error-free. Decisions made based on Platform data are your sole responsibility.

The Platform may include links to third-party websites (including LinkedIn for authentication). We do not control those sites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

9. Limitation of liability

To the fullest extent permitted by applicable law, ESPROFILER Ltd shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of profits, data, or business opportunities arising from your use of the Platform.

Nothing in these Terms excludes or limits our liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be excluded under UK law.

10. Termination

We may suspend or terminate your access to the Platform if you breach these Terms or if we discontinue the service. You may stop using the Platform at any time. To request deletion of your account and associated personal data, contact our DPO. Provisions that by their nature should survive termination will continue to apply.

11. Changes to these terms

We may update these Terms from time to time. If we make material changes, we will notify you by email or through the Platform. Continued use after changes take effect constitutes acceptance of the updated Terms, subject to your rights under applicable data protection law.

12. Governing law

These Terms are governed by the laws of England and Wales. The courts of England and Wales shall have exclusive jurisdiction over any dispute arising from or relating to these Terms or your use of the Platform.

13. Contact

For questions about these Terms or your personal data, contact our Data Protection Officer:

Full privacy details: ESProfiler Privacy Policy

← Back to home

My Stack

Map to security frameworks
See how your products align to NIST 800-53, ISO 27001 and SOC 2 controls so you can evidence coverage in seconds.
Spot coverage gaps
Quickly identify missing capabilities across endpoint, cloud, app security and more to guide your roadmap.
Compare vendors & products
Understand which products drive overlapping capabilities and where you can consolidate spend.