We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal data when you use our services.
Contents
- What information we collect
- How we use your information
- Sharing and disclosure
- Cookies and similar technologies
- Data storage and security
- International data transfers
- Your rights under UK GDPR
- Special category (sensitive) data
- Children’s data
- Changes to this policy
- Contact information
- What Information We Collect
We collect the following categories of personal data:
- Information You Provide to Us
This includes:
- Contact details (name, email address, phone number)
- User credentials and profiles
- Content submitted through our platform (including text, files, uploads)
- Data entered during onboarding or training (which may include sensitive data like ethnicity or salary)
- Information We Collect Automatically
We may collect:
- Usage data (pages visited, features used, timestamps)
- Device and browser information
- IP address and location data (approximate)
- Cookies and similar tracking technologies
- How We Use Your Information
We use personal data to:
- Provide, operate, and improve our services
- Respond to user inquiries or support requests
- Personalise user experiences
- Send administrative or system notifications
- Enforce our terms of service
- Meet legal and regulatory obligations
- Conduct research and analytics
- With consent, send marketing communications (which you can opt out of at any time)
Legal bases for processing include: consent, performance of a contract, legal obligation, and our legitimate interests.
- Sharing and Disclosure
We do not sell your data. We may share it with:
- Service providers (e.g., email platforms, cloud storage, analytics tools)
- Legal or regulatory authorities, when required
- Third parties during business transfers (e.g. merger, acquisition)
Sub-processors
To deliver our services, we engage trusted sub-processors. These sub-processors are bound by data protection obligations equivalent to those in our Privacy Policy and Data Processing Agreement. Our current sub-processors include:
Core infrastructure & hosting
- Microsoft Azure – Legacy hosting environment (to be decommissioned by October 2025)
- Amazon Web Services (AWS) – Current hosting environment
Customer communications & notifications
- Intercom – Customer support platform
- Mailerlite – Email marketing and communications
- SendGrid – Email delivery platform
- Twilio – SMS/voice messaging platform
Workflow automation
- Zapier – Workflow automation platform
CRM & analytics
- Pipedrive – CRM platform
- Hotjar – Analytics/session recording tool
Mobile app distribution
- Apple App Store – iOS app distribution
- Google Play Store – Android app distribution
Payment processing
- GoCardless – Client/employee billing information
A full list of sub-processors will always be available on this page. Their privacy policies can be found in the ‘Resources & Further Information’ section of this policy.
- Cookies and Similar Technologies
We use cookies and tracking tools to:
- Authenticate users
- Monitor performance and errors
- Improve the platform
You can manage cookie preferences in your browser settings.
- Data Storage and Security
We store your data on secure servers located in the UK and EEA.
Security measures include:
- Encryption (in transit and at rest)
- Access controls and logging
- Regular audits and vulnerability scanning
We retain data only as long as necessary for the purposes described in this policy.
- International Data Transfers
When we transfer your data outside the UK or EEA (e.g., to US-based processors), we ensure appropriate safeguards, such as:
- Standard Contractual Clauses (SCCs)
- Transfers to countries with adequate protection standards
- Your Rights Under UK GDPR
You have the following rights:
- Access – Request a copy of your data
- Rectification – Correct inaccurate or incomplete data
- Erasure – Ask us to delete your data (subject to exceptions)
- Objection – Object to data processing based on legitimate interests
- Restriction – Ask us to restrict processing
- Portability – Request your data in a structured format
- Withdraw consent – At any time, for processing based on consent
- Lodge a complaint – With the UK Information Commissioner’s Office (ICO)
To exercise any of these rights, please contact us at help@onehrsoftware.com.
- Special Category (Sensitive) Data
Our platform may collect and process special category data (such as ethnicity, gender identity, or salary) for purposes related to equity analysis or employer compliance.
We rely on one or more of the following legal bases:
- Explicit consent (where you have provided it)
- Contractual necessity (for service delivery)
- Legal obligation (where required by law)
We apply heightened safeguards when processing such data.
- Children’s Data
Our services are not intended for use by children under the age of 16. We do not knowingly collect personal data from children.
- Changes to This Policy
We may update this Privacy Policy from time to time. If significant changes are made, we will notify you through the platform or via email.
- Contact Us
If you have questions or concerns about this Privacy Policy, contact us at help@onehrsoftware.com.
Resources & Further Information
Overview of the GDPR – General Data Protection Regulation
Data Protection Act 1998
Privacy and Electronic Communications Regulations 2003
The Guide to the PECR 2003
Amazon Web Services (AWS) Privacy Policy
Apple App Store Policy
Facebook/Meta Privacy Policy
GoCardless Privacy Policy
Google Privacy Policy
Hotjar Privacy Policy
Intercom Privacy Policy
LinkedIn Privacy Policy
Mailerlite Privacy Policy
Microsoft Privacy Policy
Microsoft Azure Privacy Policy
Pipedrive Privacy Policy
SendGrid and Twilio Privacy Policy
X Privacy Policy
YouTube Privacy Policy
Zapier Privacy Policy
Zoom Privacy Policy
Last updated: 20 August 2025