Privacy

We hold your data because the service can't work without it.

Here's exactly what, why, who else touches it, and what you can do about any of it.

Who we are

Peopl'd Limited (company number 17212665), registered in England & Wales.

We're a People Ops platform for UK startups. You sign up, you give us information about your company and your people, we help you run People Ops compliantly.

ICO registration: ZC154670

Two relationships, two roles

This is the bit most privacy policies skip. Read it once and the rest makes sense.

When you visit our website or sign up as a customer:

  • We collect your personal data — name, email, work details.
  • For that data, we are the controller.
  • We decide how it's used (running your account, sending product comms, checking the website is running properly etc.) and we're answerable to you for it.

When you enter your employees' data into Peopl'd:

  • We process that data on your behalf.
  • You are the controller. We are the processor.
  • We only do what you tell us to with that data. You're responsible for the legal basis (you have an employment contract with them; they're part of your workforce).
  • Their data subject rights (access, correction, deletion) come to you first; we help you action them.

In plain English: your account is ours to think about. Your employees' data is yours to think about, with us as your safe storage and tooling.

What we collect

You are under no obligation to provide us with your personal data but if you don't we won't be able to provide our service to you.

We'll only use your personal information for the reason we collected it. If we ever need to use it for something else, we'll make sure it's a valid and related reason.

If we ever plan to use your information for something totally different, we'll let you know first and explain why we're allowed to do that.

In some cases, the law may require or allow us to use your information without telling you, but this would only happen in limited situations.

About you (the customer)

We collect the following information from you when you interact with our service.

Data Why Legal basis
Name, email, company name Account creation, authentication, updating you about the service Contract
Authentication session Keeping you signed in Our legitimate interest in making our systems easy for you to use
Support emails Helping when you ask Our legitimate interest in supporting you to use the service
Payment info Subscription billing (held by Stripe, never on our servers) Contract
Product usage Improving the service. No third-party analytics; internal logs only. Our legitimate interest of making the service run efficiently
Name and contact details, transaction information To comply with mandatory reporting obligations and other legal requirements like tax and data protection laws) and disclosures required by enforcement agencies) seek advice from professional advisers like lawyers or insurers. Necessary to comply with a legal obligation or in our legitimate interests in seeking advice and guidance.

About your people

Data Why Our role
Employee names, roles, contact details Generating contracts, handbooks, offer letters, JDs Processor — acting on your instructions as their employer
Salary, employment terms, start dates Generating contracts and statutory documents Processor
Other personal details you include What you've asked us to include in a generated document Processor

We hold the minimum needed to deliver the service. We don't extract, profile, or repurpose this data.

What we don't do

  • We don't sell your data. Not to "partners," not to advertisers, not in any form.
  • We don't train AI models on your data — yours or your employees'. Anthropic's commercial terms explicitly prohibit it. That's a contractual line, not a setting we toggle.
  • We don't run analytics, profiling or behavioural tracking. See our Cookie Policy for the full no-tracking story.
  • We don't share data across customers. Your tenant is yours — isolated at the database level.
  • We don't make any decisions about you on an automated basis.

Limited Sharing

  • We may share your information with government bodies, law enforcement, regulators, or courts but only if we're legally required to do so and they make a valid request.
  • We might also share it with trusted third parties if needed to respond to legal requests or need advice. This could include sharing information with our legal advisors, accountants or insurers.
  • [We may share your personal data with a prospective investor or purchaser so that they can appropriately value the business].

Processors

Services we use to deliver Peopl'd. All UK GDPR-compliant; all bound by data processing agreements.

Processor What it does Where data sits
Vercel Hosting (app + marketing site) EU/global edge
Upstash Encrypted database (KV) for account + employee data London (eu-west-2)
Resend Transactional email (sign-in links, account comms) EU (eu-west-1)
Anthropic AI processing for document generation US — your data passes through but is not stored or used to train models
Stripe Payment processing US/EU
Vercel Blob Logo and brand file storage EU

Full Data Processing Agreement (DPA) available — email hello@peopld.com.

We'll notify you in advance of any new sub-processor.

International transfers

Most processing happens inside the UK/EU. The one exception is Anthropic (US), where your data passes through to generate documents. We rely on Anthropic's Standard Contractual Clauses (SCCs) under the UK addendum to ensure the international transfer meets the required appropriate safeguard standards, and Anthropic doesn't store or train on this data per their commercial terms.

How long we keep your data

Data Retention
Your account data For as long as you're a customer + 12 months after cancellation, then deleted
Support emails 2 years
Billing records 7 years (UK statutory requirement)
IP address and session data from Peopld_session cookie information 30 days
IP address from Peopld_csrf cookie information The duration of the browser session

Need something pulled out before deletion? Email hello@peopld.com.

Your rights

Under UK GDPR you have the right to:

  • Access the data we hold about you
  • Correct anything inaccurate
  • Delete your data (with statutory exceptions for billing records)
  • Object to processing
  • Portability — get your data in a usable format

For your account data, email hello@peopld.com — replies come from Peopl'd. We respond within 30 days, usually much sooner.

For your employees' data, you'll usually action those rights yourself as the controller. We help if you need us — same email, same response time.

Security

We have implemented appropriate technical and organisational measures (not just IT security but sensible measures across the business to keep your information safe).

We're required to keep your data up to date so please keep us informed of any changes to your data – especially your contact information.

Children

Peopl'd is for businesses. We don't knowingly collect data about anyone under 18. If you think we have, tell us and we'll delete it.

Cookies

See our Cookie Policy — short version: only what's strictly necessary, no analytics, no tracking, no third-party requests on peopld.com.

If we mess up

If you think we've handled your data badly please let us know so we can try and fix it for you

Just the same for exercising your rights, email hello@peopld.com — replies come from Peopl'd. We respond within 30 days, usually much sooner.

If we haven't fixed it to your satisfaction, you can complain to the Information Commissioner's Office (ICO):

ico.org.uk · 0303 123 1113

If this policy changes

We'll update this page and email you if the change is material. We won't bury changes in legalese.

Questions?

hello@peopld.com — replies come from Peopl'd.

Last updated: 20 May 2026

Peopl'd Limited · Company number 17212665 · Registered in England & Wales

About Privacy Cookies DPA Sub-processors Trust hello@peopld.com
© 2026 Peopl'd Ltd