Trust

How AI and humans share the work

Every contract, policy, and handbook template Peopl'd uses is drafted in partnership with UK employment counsel. AI doesn't write employment law from scratch — it generates your documents from templates that lawyers have already vetted. You bring the specifics, AI does the speed, humans (ours and yours) own the judgement calls.

Every document Peopl'd generates is yours to review and edit before it goes anywhere. We don't auto-send, auto-sign, or auto-action.

UK employment law shifts. We update our templates so every new document you generate reflects the latest position. Notifications for legislation changes that affect existing documents are on the roadmap — so when something material changes, you'll know and can re-issue or amend.

What's true today

• UK GDPR compliant. Peopl'd Limited is your data controller for account data and your data processor for the employee data you submit. Full GDPR rights apply, and the full breakdown lives in our Privacy Policy.
• Your data isn't used to train AI. Anthropic's commercial terms explicitly prohibit it. Not a setting we toggle — a contractual line.
• Encrypted in transit and at rest. TLS everywhere. Encrypted storage on every processor that handles your data.
• UK-hosted where it matters. Your data lives on UK and EU regions of Vercel and Upstash (London). The two exceptions — Anthropic and Stripe in the US — are covered by UK Standard Contractual Clauses.
• Minimum data collection. We only ask for what's needed to deliver the service. No tracking pixels on peopld.com. No third-party analytics. No marketing cookies. The fonts are self-hosted, so visitors' IP addresses don't leave our infrastructure.
• Sign in your way — securely. Email and password if you've got a password manager, magic link if you don't. Passwords are hashed using industry-standard methods (never stored in plaintext) and authentication tokens are signed, time-limited, and one-time-use.
• Multi-tenant isolation. Each customer's data sits in its own namespaced partition, validated end-to-end. We've tested for cross-tenant leakage and continue to.
• 30-day data deletion on termination. If you leave, your data is deleted within 30 days. Statutory retention (tax, billing) is the only exception, and it's documented.

Who handles your data

A short list of sub-processors keeps the service running. Each is bound by a written data processing agreement and chosen with data protection in mind. The full register, including what each one does and where data lives, is at Sub-processors.

Material changes to that list trigger a 30-day notice to all customers, with a right to terminate if you object.

What Peopl'd isn't

Peopl'd isn't a law firm. We build technology that helps you generate professional, UK-compliant documents quickly — but the responsibility for using them well stays with you.

Our templates are crafted with care and grounded in UK employment law, kept current as legislation changes. For anything genuinely tricky — disputes, dismissals, novel situations — we'd always tell you to call your lawyer.

We handle the 80% so you can spend your budget on the 20% that really needs human expertise.

What's on the roadmap

We'll tell you when we get there. We won't pretend we already have.

• Independent penetration testing — second half of 2026.
• SOC 2 Type II — 2027.
• ISO 27001 — 2028.
• Self-serve data export — V2 (currently manual on request).
• Automated breach detection — V2.

The formal stuff

The claims above are backed by formal policies. The full set:

• Privacy Policy — what data we hold, why, and your rights
• Cookie Policy — short version: we don't track you
• Sub-processors — the complete list, including regions and compliance
• Data Processing Agreement (DPA) — available on request from hello@peopld.com

A formal Data Protection Impact Assessment (DPIA) sits behind these and is reviewed annually.

Talk to us

Data protection queries, security concerns, or anything you want to push on: hello@peopld.com

It's a small team. Replies come from Peopl'd, not a ticket queue.