HTTPS everywhere
Every page, asset and form submission is served over TLS. HTTP requests are redirected to HTTPS, HSTS is enabled and the site uses a publicly trusted certificate authority.
Corporate networks, security tools and end users should be able to interact with northshinegroup.com with confidence. This page sets out how we protect data, harden the site and handle responsible disclosure.
Every page, asset and form submission is served over TLS. HTTP requests are redirected to HTTPS, HSTS is enabled and the site uses a publicly trusted certificate authority.
We set a strict Content Security Policy, X-Frame-Options, X-Content-Type-Options and Referrer-Policy to reduce the risk of cross-site scripting, clickjacking and content sniffing.
The website is delivered through a managed, globally distributed edge platform with DDoS protection, automated patching and continuous security monitoring.
We collect only the information needed to respond to your enquiry. No customer accounts, no payment processing and no advertising or tracking pixels are used on this site.
We publish a /.well-known/security.txt and welcome reports of suspected security issues. We will acknowledge reports promptly and work in good faith to investigate and remediate.
We process personal data in line with UK GDPR, store it on reputable providers and only retain it for as long as needed to respond to and follow up on enquiries.
If you believe you have identified a security issue affecting northshinegroup.com, please contact our team. We treat every report seriously and respond in good faith.
Email: security@northshinegroup.com
Alternative: info@northshinegroup.com
Machine-readable contact details are published at /.well-known/security.txt.
Please do not test for vulnerabilities in a way that could degrade service, disclose third-party data or breach UK law. We will not pursue researchers acting in good faith and within these guidelines.
We collect personal data through two forms: the general contact enquiry form and the Northshine Healthcare interest form. Data is stored on Supabase (EU region) and email notifications are delivered via Google Workspace. We do not sell or share personal data with advertisers, and we do not operate any advertising pixels on this site.
You have the right to access, correct or request deletion of your personal data at any time. To exercise these rights, or for any privacy question, please contact info@northshinegroup.com or read the full Privacy Policy, Cookie Policy and Terms of Use.