Privacy Policy for Pilla Platform

Comprehensive privacy policy for Pilla Platform explaining how we collect, use, store, and share your information.

Effective: 1st August 2025
Last Updated: 1st August 2025

Privacy Policy for Pilla Platform

Last Updated: 1st August 2025 Version: 3.0

1. Who We Are

Your Pilla Ltd ("Pilla," "we," "us," or "our") is a UK limited company registered with Companies House. We develop and operate the Pilla platform, including our web application and mobile app, to help employers manage and motivate their employees.

Company Details:

  • Company Name: Your Pilla Ltd
  • Registered Address: 86-90 Paul Street, London, EC2A 4NE
  • ICO Registration Number: ZB114085
  • Data Protection Officer: Liam Jones (liam@yourpilla.com)

2. This Privacy Policy

This Privacy Policy explains how we collect, use, store, and share information when you use the Pilla platform, including:

  • Our web application accessed through browsers
  • Our mobile application on iOS or Android devices
  • Related services and communications

This policy covers data collection through all Pilla services and does not apply to third-party websites or services linked from our platform.

Data Controller/Processor Relationship:

  • The employer who pays for the Pilla software is the Data Controller of employee personal data
  • Pilla is the Data Processor of employee personal data

3. Information We Collect

3.1 Data Types Collected

Our platform may collect the following categories of data:

Personal Identifiers

  • Name and email address
  • Employee ID number
  • Profile photos (if uploaded)
  • Device identifiers (IDFA/GAID when permitted - mobile app only)
  • Browser identifiers

Contact Information

  • Email addresses

Location Data

  • Web Application: None
  • Mobile App: Approximate location for timezone settings; precise location only when explicitly enabled

Device and Technical Information

Web Application:

  • Browser type, version, and language settings
  • Operating system and device type
  • Screen resolution and viewport size
  • Referring website URLs

Mobile App:

  • Device model and operating system version
  • App version and crash logs

Both Platforms:

  • IP address
  • Usage analytics and performance data
  • Session duration and frequency

Usage Data

Web Application:

  • Pages visited and time spent
  • Click patterns and navigation paths
  • Form interactions and search queries
  • Feature usage and preferences

Mobile App:

  • App interaction data and screen views
  • Feature usage patterns
  • Push notification interactions

Both Platforms:

  • Session duration and frequency
  • Content preferences and settings

Employee Data

  • Work schedules and availability
  • Performance metrics (as configured by employer)
  • Training records and certifications
  • Goal and task completion data

Communications Data

Web Application:

  • Contact form submissions
  • Live chat conversations
  • Email communications

Mobile App:

  • In-app messages and notifications
  • Push notification preferences

Both Platforms:

  • Support ticket communications
  • Feedback and survey responses

3.2 How We Collect Data

We collect information:

  • Directly from you: When you register, update your profile, or use platform features
  • Automatically: Through your use of our services via analytics and tracking technologies
  • From your employer: When they configure your account and input employee data
  • Through third-party integrations: From connected services your employer has authorized
  • Web-specific: Through cookies, web beacons, and similar tracking technologies
  • Mobile-specific: Through app analytics and device sensors (with permission)

3.3 Data We Don't Collect

We do not collect:

  • Health or medical information
  • Financial account information
  • Biometric data
  • Content of personal communications outside the platform

4. How We Use Your Information

We use collected data for the following purposes:

4.1 Platform Functionality

  • Web Application: Providing browser-based employee management features
  • Mobile App: Providing mobile app functionality and offline capabilities
  • Both Platforms:
    • Authenticating your account access
    • Syncing data across devices and platforms
    • Enabling communication between you and your employer

4.2 Analytics and Improvement

  • Web Application: Understanding website navigation and user behavior
  • Mobile App: Identifying app crashes and performance issues
  • Both Platforms:
    • Analyzing feature usage and user engagement
    • Improving platform performance and user experience
    • Developing new features based on usage patterns

4.3 Communications

  • Web Application: Sending email notifications and updates
  • Mobile App: Sending push notifications and in-app messages
  • Both Platforms:
    • Providing customer support
    • Sending important security notifications
    • Product updates and announcements (with consent)

4.4 Security and Fraud Prevention

  • Protecting against unauthorized access
  • Detecting and preventing fraudulent activity
  • Ensuring data security and integrity

4.5 Legal Compliance

  • Complying with applicable laws and regulations
  • Responding to legal requests and court orders
  • Protecting our legal rights and interests

5. Data Sharing and Third Parties

5.1 We Share Data With:

Service Providers

We work with trusted third-party service providers who process data on our behalf:

  • Cloud Storage: AWS/Google Cloud for secure data hosting
  • Web Analytics: Google Analytics for website usage insights
  • Mobile Analytics: Google Analytics for Firebase (mobile app usage insights)
  • Customer Support: Intercom (our CRM system for support communications)
  • Email Services: [Email Provider] for transactional and marketing emails
  • Push Notifications: Apple Push Notification Service (iOS) / Firebase Cloud Messaging (Android)
  • Crash Reporting: Crashlytics for identifying and fixing mobile app issues

All service providers are contractually required to:

  • Process data only as instructed by us
  • Implement appropriate security measures
  • Not use data for their own purposes
  • Delete data when our relationship ends

Your Employer

As the Data Controller, your employer has access to:

  • Data they have configured in the system
  • Employee performance and usage metrics
  • Work-related communications and activities

Legal Requirements

We may share data when required by law:

  • Court orders or government requests
  • Legal compliance in jurisdictions where we operate
  • Protection of our legal rights or safety of users

5.2 We Don't Share Data For:

  • Advertising or marketing by third parties
  • Sale to data brokers
  • Purposes unrelated to providing our service

5.3 Third-Party Technologies

Web Application Technologies:

TechnologyPurposeData CollectedPrivacy Policy
Google AnalyticsWebsite usage analyticsBrowsing behavior, demographicsGoogle Privacy
Intercom Web SDKCustomer support chatUser identifier, browsing dataIntercom Privacy
CookiesSession management, preferencesUser preferences, session dataSee Cookies section below

Mobile App SDKs:

SDK NamePurposeData CollectedPrivacy Policy
Firebase AnalyticsApp usage analyticsDevice info, usage patternsFirebase Privacy
Firebase CrashlyticsCrash reportingDevice info, crash dataFirebase Privacy
Intercom SDKCustomer supportUser identifier, device infoIntercom Privacy

Each third-party technology operates under its own privacy policy and data practices. We ensure all providers meet our data protection standards.

6. Data Security

We implement industry-standard security measures:

  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Audits: Security assessments and vulnerability testing
  • Secure Development: Code reviews and security-focused development practices
  • Incident Response: Procedures for detecting and responding to security breaches

7. Data Retention

We retain personal data only as long as necessary:

  • Active Account Data: While your employer's account is active and you are employed
  • Support Communications: 3 years after resolution
  • Analytics Data: 26 months (anonymized after 14 months)
  • Legal Compliance: As required by applicable laws (typically 7 years for employment records)

When data is no longer needed, it is securely deleted or anonymized.

8. Your Privacy Rights

Under applicable data protection laws (including UK GDPR), you have the following rights:

8.1 Right to Access Request a copy of personal data we hold about you.

8.2 Right to Rectification Request correction of inaccurate or incomplete data.

8.3 Right to Erasure Request deletion of your personal data (subject to legal requirements).

8.4 Right to Restrict Processing Request limitation of how we process your data.

8.5 Right to Data Portability Request transfer of your data in a machine-readable format.

8.6 Right to Object Object to processing based on legitimate interests.

8.7 Right to Withdraw Consent Withdraw consent for processing that requires it (this won't affect previous lawful processing).

To Exercise Your Rights: Contact your employer (as Data Controller) or our DPO at liam@yourpilla.com. We will respond within 30 days.

9. Platform-Specific Privacy Features

9.1 Web Application Privacy Features

  • Cookie Controls: Manage cookie preferences through browser settings
  • Do Not Track: We respect browser Do Not Track signals
  • Data Downloads: Export your data through account settings
  • Browser Privacy: Compatible with private/incognito browsing modes

9.2 Mobile App Privacy Features

iOS Privacy Features

  • App Tracking Transparency: We request permission before tracking your activity across other apps
  • Privacy Labels: View our data practices in the App Store before downloading
  • Permission Requests: Clear explanations when requesting access to device features

Android Privacy Features

  • Data Safety: View our data practices in Google Play Store before downloading
  • Permission Controls: Granular control over what device features the app can access
  • Data Deletion: Request deletion of your data through in-app settings

9.3 Device Permissions (Mobile App Only)

Our mobile app may request the following device permissions:

PermissionPurposeRequired/Optional
CameraProfile photo uploadOptional
PhotosProfile photo selectionOptional
NotificationsApp alerts and updatesOptional
Location (Approximate)Timezone and regional settingsOptional
Location (Precise)Location-based featuresOptional

You can manage these permissions in your device settings at any time.

10. Children's Privacy

Our platform is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

11. International Data Transfers

Your data may be processed outside the UK by our service providers. When data is transferred internationally, we ensure appropriate safeguards through:

  • Adequacy decisions by the UK government
  • Standard Contractual Clauses approved by UK authorities
  • Other legally approved transfer mechanisms

12. Cookies and Tracking Technologies

12.1 Web Application Cookies

We only use strictly necessary cookies to ensure the basic functionality of our website. These cookies are essential for the website to operate and do not require user consent under GDPR regulations. As we do not use cookies for analytics, marketing, or tracking purposes, you will not see a cookie banner on our site. For more information on how we handle your data, please refer to the relevant sections of this privacy policy.

Strictly Necessary Cookies

  • Authentication: Secure login and session management
  • Security: CSRF protection and security measures
  • Functionality: User preferences and settings

12.2 Mobile App Technologies

Our mobile app uses minimal tracking technologies:

Essential Technologies

  • Authentication tokens for secure login
  • Session management for app functionality
  • Preference storage for user settings

Analytics Technologies

  • Firebase Analytics for usage insights (can be opted out)
  • Crash reporting for app stability (essential for security)

12.3 Your Tracking Choices

Web Application:

  • Disable cookies in browser settings
  • Use private/incognito browsing mode
  • Install ad blockers or privacy extensions

Mobile App:

  • Disable analytics in app settings
  • Control advertising tracking through device settings:
    • iOS: Settings > Privacy & Security > Tracking
    • Android: Settings > Privacy > Ads

13. Communications and Notifications

13.1 Web Application Communications

  • Email Notifications: Account updates, security alerts, and system notifications
  • In-Browser Notifications: Real-time updates while using the web application
  • Marketing Emails: Product updates and feature announcements (with consent)

13.2 Mobile App Notifications We send push notifications for:

  • Important work-related updates
  • App security notifications
  • Feature updates and announcements

13.3 Managing Communications

Web Application:

  • Update email preferences in account settings
  • Unsubscribe links in all marketing emails
  • Browser notification controls in browser settings

Mobile App:

  • Control notification types in app settings
  • Device notification settings:
    • iOS: Settings > Notifications > Pilla
    • Android: Settings > Apps > Pilla > Notifications

14. Data Deletion

You can request deletion of your data through:

14.1 Web Application

  1. Account settings page (self-service deletion options)
  2. Contact form on our website
  3. Emailing our DPO at liam@yourpilla.com

14.2 Mobile App

  1. In-app data deletion tools (if available)
  2. App settings menu
  3. Contacting support through in-app chat

14.3 General Deletion Process

  1. Contact your employer (primary data controller)
  2. Email our DPO directly at liam@yourpilla.com
  3. Submit a formal data subject access request

Note: Some data may be retained for legal compliance or legitimate business purposes as outlined in our retention policy.

15. Updates to This Privacy Policy

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • Legal or regulatory requirements
  • New platform features

When we make material changes:

  • We'll update the "Last Updated" date
  • Notify you through email, web notifications, or mobile app alerts
  • Request consent for significant changes affecting your rights
  • Post updates on our website and in app stores

16. Contact Information

For Privacy Questions:

  • Data Protection Officer: Liam Jones
  • Email: liam@yourpilla.com
  • Address: Clockwise, Edward Pavilion, Royal Albert Dock, Liverpool, L3 4AF

For Platform Support:

For Complaints: If you're not satisfied with our response to your privacy concerns, you can file a complaint with:

  • Information Commissioner's Office (ICO)
  • Phone: 0303 123 1113
  • Website: ico.org.uk

We process personal data under the following legal bases:

  • Contract Performance: To provide services requested by your employer
  • Legitimate Interests: For analytics, security, and service improvement
  • Legal Compliance: To meet employment and business legal requirements
  • Consent: For marketing communications and optional features (where required)

This Privacy Policy is compliant with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Apple App Store Privacy Requirements
  • Google Play Store Privacy Requirements
  • ePrivacy Directive (Cookie Law)
  • California Consumer Privacy Act (CCPA) - if applicable

For questions about this Privacy Policy, please contact liam@yourpilla.com.

Questions About Our Policies?

If you have any questions about this document or our legal policies, please don’t hesitate to contact us.