Last Updated: 1st August 2025
Version: 3.0
1. Who We Are
Your Pilla Ltd ("Pilla," "we," "us," or "our") is a UK limited company registered with Companies House. We develop and operate the Pilla platform, including our web application and mobile app, to help employers manage and motivate their employees.
Company Details:
- •Company Name: Your Pilla Ltd
- •Registered Address: 86-90 Paul Street, London, EC2A 4NE
- •ICO Registration Number: ZB114085
- •Data Protection Officer: Liam Jones (liam@yourpilla.com)
2. This Privacy Policy
This Privacy Policy explains how we collect, use, store, and share information when you use the Pilla platform, including:
- •Our web application accessed through browsers
- •Our mobile application on iOS or Android devices
- •Related services and communications
This policy covers data collection through all Pilla services and does not apply to third-party websites or services linked from our platform.
Data Controller/Processor Relationship:
- •The employer who pays for the Pilla software is the Data Controller of employee personal data
- •Pilla is the Data Processor of employee personal data
3.1 Data Types Collected
Our platform may collect the following categories of data:
Personal Identifiers
- •Name and email address
- •Employee ID number
- •Profile photos (if uploaded)
- •Device identifiers (IDFA/GAID when permitted - mobile app only)
- •Browser identifiers
Contact Information
Location Data
- •Web Application: None
- •Mobile App: Approximate location for timezone settings; precise location only when explicitly enabled
Device and Technical Information
Web Application:
- •Browser type, version, and language settings
- •Operating system and device type
- •Screen resolution and viewport size
- •Referring website URLs
Mobile App:
- •Device model and operating system version
- •App version and crash logs
Both Platforms:
- •IP address
- •Usage analytics and performance data
- •Session duration and frequency
Usage Data
Web Application:
- •Pages visited and time spent
- •Click patterns and navigation paths
- •Form interactions and search queries
- •Feature usage and preferences
Mobile App:
- •App interaction data and screen views
- •Feature usage patterns
- •Push notification interactions
Both Platforms:
- •Session duration and frequency
- •Content preferences and settings
Employee Data
- •Work schedules and availability
- •Performance metrics (as configured by employer)
- •Training records and certifications
- •Goal and task completion data
Communications Data
Web Application:
- •Contact form submissions
- •Live chat conversations
- •Email communications
Mobile App:
- •In-app messages and notifications
- •Push notification preferences
Both Platforms:
- •Support ticket communications
- •Feedback and survey responses
3.2 How We Collect Data
We collect information:
- •Directly from you: When you register, update your profile, or use platform features
- •Automatically: Through your use of our services via analytics and tracking technologies
- •From your employer: When they configure your account and input employee data
- •Through third-party integrations: From connected services your employer has authorized
- •Web-specific: Through cookies, web beacons, and similar tracking technologies
- •Mobile-specific: Through app analytics and device sensors (with permission)
3.3 Data We Don't Collect
We do not collect:
- •Health or medical information
- •Financial account information
- •Biometric data
- •Content of personal communications outside the platform
We use collected data for the following purposes:
4.1 Platform Functionality
- •Web Application: Providing browser-based employee management features
- •Mobile App: Providing mobile app functionality and offline capabilities
- •Both Platforms:
- •Authenticating your account access
- •Syncing data across devices and platforms
- •Enabling communication between you and your employer
4.2 Analytics and Improvement
- •Web Application: Understanding website navigation and user behavior
- •Mobile App: Identifying app crashes and performance issues
- •Both Platforms:
- •Analyzing feature usage and user engagement
- •Improving platform performance and user experience
- •Developing new features based on usage patterns
4.3 Communications
- •Web Application: Sending email notifications and updates
- •Mobile App: Sending push notifications and in-app messages
- •Both Platforms:
- •Providing customer support
- •Sending important security notifications
- •Product updates and announcements (with consent)
4.4 Security and Fraud Prevention
- •Protecting against unauthorized access
- •Detecting and preventing fraudulent activity
- •Ensuring data security and integrity
4.5 Legal Compliance
- •Complying with applicable laws and regulations
- •Responding to legal requests and court orders
- •Protecting our legal rights and interests
5. Data Sharing and Third Parties
5.1 We Share Data With:
Service Providers
We work with trusted third-party service providers who process data on our behalf:
- •Cloud Storage: AWS/Google Cloud for secure data hosting
- •Web Analytics: Google Analytics for website usage insights
- •Mobile Analytics: Google Analytics for Firebase (mobile app usage insights)
- •Customer Support: Intercom (our CRM system for support communications)
- •Email Services: [Email Provider] for transactional and marketing emails
- •Push Notifications: Apple Push Notification Service (iOS) / Firebase Cloud Messaging (Android)
- •Crash Reporting: Crashlytics for identifying and fixing mobile app issues
All service providers are contractually required to:
- •Process data only as instructed by us
- •Implement appropriate security measures
- •Not use data for their own purposes
- •Delete data when our relationship ends
Your Employer
As the Data Controller, your employer has access to:
- •Data they have configured in the system
- •Employee performance and usage metrics
- •Work-related communications and activities
Legal Requirements
We may share data when required by law:
- •Court orders or government requests
- •Legal compliance in jurisdictions where we operate
- •Protection of our legal rights or safety of users
5.2 We Don't Share Data For:
- •Advertising or marketing by third parties
- •Sale to data brokers
- •Purposes unrelated to providing our service
5.3 Third-Party Technologies
Web Application Technologies:
Technology | Purpose | Data Collected | Privacy Policy |
---|
Google Analytics | Website usage analytics | Browsing behavior, demographics | Google Privacy |
Intercom Web SDK | Customer support chat | User identifier, browsing data | Intercom Privacy |
Cookies | Session management, preferences | User preferences, session data | See Cookies section below |
Mobile App SDKs:
SDK Name | Purpose | Data Collected | Privacy Policy |
---|
Firebase Analytics | App usage analytics | Device info, usage patterns | Firebase Privacy |
Firebase Crashlytics | Crash reporting | Device info, crash data | Firebase Privacy |
Intercom SDK | Customer support | User identifier, device info | Intercom Privacy |
Each third-party technology operates under its own privacy policy and data practices. We ensure all providers meet our data protection standards.
6. Data Security
We implement industry-standard security measures:
- •Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- •Access Controls: Role-based access with multi-factor authentication
- •Regular Audits: Security assessments and vulnerability testing
- •Secure Development: Code reviews and security-focused development practices
- •Incident Response: Procedures for detecting and responding to security breaches
7. Data Retention
We retain personal data only as long as necessary:
- •Active Account Data: While your employer's account is active and you are employed
- •Support Communications: 3 years after resolution
- •Analytics Data: 26 months (anonymized after 14 months)
- •Legal Compliance: As required by applicable laws (typically 7 years for employment records)
When data is no longer needed, it is securely deleted or anonymized.
8. Your Privacy Rights
Under applicable data protection laws (including UK GDPR), you have the following rights:
8.1 Right to Access
Request a copy of personal data we hold about you.
8.2 Right to Rectification
Request correction of inaccurate or incomplete data.
8.3 Right to Erasure
Request deletion of your personal data (subject to legal requirements).
8.4 Right to Restrict Processing
Request limitation of how we process your data.
8.5 Right to Data Portability
Request transfer of your data in a machine-readable format.
8.6 Right to Object
Object to processing based on legitimate interests.
8.7 Right to Withdraw Consent
Withdraw consent for processing that requires it (this won't affect previous lawful processing).
To Exercise Your Rights: Contact your employer (as Data Controller) or our DPO at liam@yourpilla.com. We will respond within 30 days.
9.1 Web Application Privacy Features
- •Cookie Controls: Manage cookie preferences through browser settings
- •Do Not Track: We respect browser Do Not Track signals
- •Data Downloads: Export your data through account settings
- •Browser Privacy: Compatible with private/incognito browsing modes
9.2 Mobile App Privacy Features
iOS Privacy Features
- •App Tracking Transparency: We request permission before tracking your activity across other apps
- •Privacy Labels: View our data practices in the App Store before downloading
- •Permission Requests: Clear explanations when requesting access to device features
Android Privacy Features
- •Data Safety: View our data practices in Google Play Store before downloading
- •Permission Controls: Granular control over what device features the app can access
- •Data Deletion: Request deletion of your data through in-app settings
9.3 Device Permissions (Mobile App Only)
Our mobile app may request the following device permissions:
Permission | Purpose | Required/Optional |
---|
Camera | Profile photo upload | Optional |
Photos | Profile photo selection | Optional |
Notifications | App alerts and updates | Optional |
Location (Approximate) | Timezone and regional settings | Optional |
Location (Precise) | Location-based features | Optional |
You can manage these permissions in your device settings at any time.
10. Children's Privacy
Our platform is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.
11. International Data Transfers
Your data may be processed outside the UK by our service providers. When data is transferred internationally, we ensure appropriate safeguards through:
- •Adequacy decisions by the UK government
- •Standard Contractual Clauses approved by UK authorities
- •Other legally approved transfer mechanisms
12. Cookies and Tracking Technologies
12.1 Web Application Cookies
We only use strictly necessary cookies to ensure the basic functionality of our website. These cookies are essential for the website to operate and do not require user consent under GDPR regulations. As we do not use cookies for analytics, marketing, or tracking purposes, you will not see a cookie banner on our site. For more information on how we handle your data, please refer to the relevant sections of this privacy policy.
Strictly Necessary Cookies
- •Authentication: Secure login and session management
- •Security: CSRF protection and security measures
- •Functionality: User preferences and settings
12.2 Mobile App Technologies
Our mobile app uses minimal tracking technologies:
Essential Technologies
- •Authentication tokens for secure login
- •Session management for app functionality
- •Preference storage for user settings
Analytics Technologies
- •Firebase Analytics for usage insights (can be opted out)
- •Crash reporting for app stability (essential for security)
12.3 Your Tracking Choices
Web Application:
- •Disable cookies in browser settings
- •Use private/incognito browsing mode
- •Install ad blockers or privacy extensions
Mobile App:
- •Disable analytics in app settings
- •Control advertising tracking through device settings:
- •iOS: Settings > Privacy & Security > Tracking
- •Android: Settings > Privacy > Ads
13. Communications and Notifications
13.1 Web Application Communications
- •Email Notifications: Account updates, security alerts, and system notifications
- •In-Browser Notifications: Real-time updates while using the web application
- •Marketing Emails: Product updates and feature announcements (with consent)
13.2 Mobile App Notifications
We send push notifications for:
- •Important work-related updates
- •App security notifications
- •Feature updates and announcements
13.3 Managing Communications
Web Application:
- •Update email preferences in account settings
- •Unsubscribe links in all marketing emails
- •Browser notification controls in browser settings
Mobile App:
- •Control notification types in app settings
- •Device notification settings:
- •iOS: Settings > Notifications > Pilla
- •Android: Settings > Apps > Pilla > Notifications
14. Data Deletion
You can request deletion of your data through:
14.1 Web Application
- •Account settings page (self-service deletion options)
- •Contact form on our website
- •Emailing our DPO at liam@yourpilla.com
14.2 Mobile App
- •In-app data deletion tools (if available)
- •App settings menu
- •Contacting support through in-app chat
14.3 General Deletion Process
- •Contact your employer (primary data controller)
- •Email our DPO directly at liam@yourpilla.com
- •Submit a formal data subject access request
Note: Some data may be retained for legal compliance or legitimate business purposes as outlined in our retention policy.
15. Updates to This Privacy Policy
We may update this Privacy Policy to reflect:
- •Changes in our data practices
- •Legal or regulatory requirements
- •New platform features
When we make material changes:
- •We'll update the "Last Updated" date
- •Notify you through email, web notifications, or mobile app alerts
- •Request consent for significant changes affecting your rights
- •Post updates on our website and in app stores
For Privacy Questions:
- •Data Protection Officer: Liam Jones
- •Email: liam@yourpilla.com
- •Address: Clockwise, Edward Pavilion, Royal Albert Dock, Liverpool, L3 4AF
For Platform Support:
For Complaints:
If you're not satisfied with our response to your privacy concerns, you can file a complaint with:
- •Information Commissioner's Office (ICO)
- •Phone: 0303 123 1113
- •Website: ico.org.uk
17. Legal Basis for Processing
We process personal data under the following legal bases:
- •Contract Performance: To provide services requested by your employer
- •Legitimate Interests: For analytics, security, and service improvement
- •Legal Compliance: To meet employment and business legal requirements
- •Consent: For marketing communications and optional features (where required)
This Privacy Policy is compliant with:
- •UK General Data Protection Regulation (UK GDPR)
- •Data Protection Act 2018
- •Apple App Store Privacy Requirements
- •Google Play Store Privacy Requirements
- •ePrivacy Directive (Cookie Law)
- •California Consumer Privacy Act (CCPA) - if applicable
For questions about this Privacy Policy, please contact liam@yourpilla.com.