Complaints Policy
Last updated: 2 July 2026
CyberSprouts aims to provide clear, practical and responsible cyber-safety support. If something has gone wrong, or if you are unhappy with our service, we want to understand the issue and respond fairly.
This Complaints Policy explains how to raise a complaint and how we will handle it.
1. Who we are
CyberSprouts is operated by CyberSprouts Limited, a company registered in England and Wales.
- Company number: 13031873
- Registered office: 61 Bridge Street, Kington, United Kingdom, HR5 3DJ
- Contact email: hello@cybersprouts.com
2. What this policy covers
This policy covers complaints about:
- CyberSprouts services;
- assessments, reports, recommendations or action plans;
- exposure checks or public-source checks;
- consultancy or support activity;
- customer service;
- billing, cancellation or refund handling;
- privacy or data protection concerns;
- safeguarding-related concerns connected with our services.
This policy does not cover complaints about third-party providers, platforms, websites or services that we do not control. Where appropriate, we may signpost you to the relevant third party.
3. Before making a complaint
If your concern is straightforward, you can contact us first at hello@cybersprouts.com and we may be able to resolve it informally.
If you want the issue treated as a formal complaint, please say so in your email.
4. How to make a complaint
Please email your complaint to:
To help us review the matter, please include:
- your name;
- the email address used to contact or purchase from CyberSprouts;
- the service involved, if applicable;
- the date of purchase, booking or contact, if relevant;
- a clear description of what has happened;
- what outcome you are seeking;
- any relevant documents, screenshots or correspondence.
Please do not send passwords, recovery codes or unnecessary sensitive information when making a complaint.
5. How we handle complaints
We will handle complaints fairly, carefully and proportionately.
Our usual process is:
- We acknowledge the complaint.
- We review the information provided.
- We may ask you for clarification or further evidence.
- We assess what happened against the relevant service description, terms, policy or legal obligation.
- We provide a written response.
- Where appropriate, we explain any action we will take.
6. Response times
We aim to acknowledge complaints within 5 working days.
We aim to provide a full response within 20 working days of receiving the complaint.
Some complaints may take longer, especially if they involve complex service history, data protection issues, safeguarding concerns, third-party providers or technical review. If we need more time, we will tell you and explain why.
7. Possible outcomes
Depending on the circumstances, we may:
- explain what happened;
- correct an error;
- apologise where appropriate;
- provide further clarification or guidance;
- amend a report or recommendation;
- repeat part of a service;
- provide a partial or full refund where appropriate;
- decline the complaint and explain why;
- update our process, documentation or controls.
A complaint will not automatically result in a refund. Refunds and cancellations are handled in line with our Cancellation Policy for Services, Service Terms and Conditions and your statutory rights.
8. Service complaints
If your complaint relates to a CyberSprouts service, we will consider:
- what service was purchased;
- what was included and excluded;
- what information was available to us at the time;
- whether the service was provided with reasonable care and skill;
- whether the report, advice or support matched the agreed scope;
- whether any delay or issue was caused by missing, incomplete or inaccurate information.
CyberSprouts provides advice, assessment, support and recommendations based on the information available at the time. We cannot guarantee that every risk will be identified, that every issue can be resolved, or that third parties will act in a particular way.
9. Billing, cancellation and refund complaints
If your complaint relates to billing, cancellation or refunds, we will review it against:
- the service purchased;
- the order confirmation;
- the Cancellation Policy for Services;
- the Service Terms and Conditions;
- whether work had started or been completed;
- any relevant statutory rights.
If we agree that a refund is due, we will normally refund using the same payment method used for the original purchase unless we agree otherwise.
10. Privacy and data protection complaints
If your complaint relates to privacy or data protection, please make this clear in your email.
Examples include concerns about:
- how we collected or used personal information;
- how long we kept information;
- information shared with suppliers or third parties;
- correction or deletion of information;
- access to personal information;
- security of personal information.
We will handle privacy complaints in line with our Privacy Policy and applicable data protection law.
You also have the right to complain to the UK Information Commissioner’s Office.
Information Commissioner’s OfficeWycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom
11. Safeguarding-related concerns
If a complaint raises a safeguarding concern involving a child, young person, vulnerable adult or person at risk of harm, we may need to prioritise safety over the normal complaints process.
Depending on the concern, we may:
- limit what we can discuss;
- avoid sharing information where doing so could increase risk;
- seek appropriate advice;
- signpost to relevant support services;
- contact appropriate authorities where we believe there is a serious or immediate risk of harm, or where we are legally required to do so.
Safeguarding-related complaints will be handled sensitively and proportionately.
12. Complaints involving other people’s information
Some complaints may involve information about children, family members, household members or other third parties.
We may need to limit what we can disclose in our response if it would reveal another person’s personal information, create a safety risk, or breach confidentiality.
13. Unreasonable, abusive or unsafe communications
We will not ignore genuine complaints.
However, we may limit or end correspondence where communications become abusive, threatening, discriminatory, excessive, repetitive, unlawful or unsafe.
We may also refuse to continue with a request where it asks us to access accounts, systems or information without authority, obtain passwords, bypass security controls, carry out covert monitoring, or act in a way that would create legal, ethical, security or safeguarding concerns.
14. Keeping complaint records
We may keep records of complaints and our responses for business, legal, regulatory, insurance, quality improvement and dispute-resolution purposes.
Complaint records will be handled in line with our Privacy Policy and retention approach.
15. Changes to this policy
We may update this Complaints Policy from time to time.
The latest version will be published on our website with the date it was last updated.
16. Contact
To raise a complaint, contact:
Trust • Protection • Confidence • Resilience