Privacy Policy

How PerkIQ collects, uses and protects your personal data

Last updated: March 2026

1 Who We Are

PerkIQ Ltd (company number 17102662, registered in England and Wales) operates the PerkIQ platform at www.perkiq.co.uk. We are the data controller for personal data processed through the platform. This policy is published at www.perkiq.co.uk/platform-privacy.

Registered address: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF

Contact: info@perkiq.co.uk

ICO registration number: ZC108098

PerkIQ Ltd is not required to appoint a Data Protection Officer under UK GDPR. Data protection queries should be directed to info@perkiq.co.uk.

2 Who This Policy Applies To

This policy applies to:

  • Employer users who register for and use the platform
  • Colleagues invited to join a company account
  • Employees who complete an anonymous benefit survey via a shared link
  • Individuals who contact us through the website contact form

This policy does not cover third-party websites linked from our platform.

Some users access PerkIQ through a broker or reseller who has deployed the platform under their own brand. If you are accessing the platform via a broker-branded or white-label instance, the broker is the data controller for your account data and is responsible for their own privacy notices to you. PerkIQ processes your data as a data processor on the broker's behalf in accordance with a Data Processing Agreement between PerkIQ and the broker. This Privacy Policy continues to govern any data PerkIQ processes in its own capacity as data controller, including contact form submissions made directly to PerkIQ.

3 Data We Collect and Why

3.1 Account holders

When you register, we collect your first name, work email address, and password (stored as a one-way hash). During onboarding we ask for your job title, company name, approximate employee count, and industry. You may optionally upload a company logo. We also store your in-app notification preferences.

We use this data to create and manage your account and to deliver the platform. The lawful basis is contractual necessity (UK GDPR Article 6(1)(b)). Providing this information is a condition of using the platform. Without it, we cannot create or operate your account.

3.2 Invited team members

When an account admin invites a colleague, we collect the invitee's email address and their assigned role. The invitation link expires after 7 days. The lawful basis is contractual necessity (Article 6(1)(b)).

If you have been invited to join a company account, your email address was provided to us by the admin who invited you, not by you directly. We will send you an invitation email explaining this. If you did not expect to receive an invitation or wish to be removed, contact us at info@perkiq.co.uk and we will delete your details.

3.3 Business data you enter

Using the platform you may enter details about your organisation's benefits, including provider names, costs, renewal dates, and utilisation data, as well as action tracker entries and diagnostic questionnaire responses. This is organisational business data, not personal data relating to individual employees.

3.4 Employee survey respondents

Employees complete benefit surveys via a public link without creating an account. No personally identifiable information is collected. We record survey responses (ratings and multiple choice selections), a submission timestamp, and an irreversible cryptographic hash used only to prevent duplicate submissions. This hash cannot identify any individual.

Survey results are only visible to the employer once a minimum of five responses have been received. These responses are anonymous data as defined in UK GDPR Article 4. Because no individual can be identified from them, UK GDPR does not apply to these responses and individual data subject rights of access, rectification, and erasure do not apply to them.

3.5 Contact form

We collect your name, email address, optional company details, and message content to respond to your enquiry. We also log the IP address of the request for rate limiting and security purposes. The lawful basis is legitimate interest (Article 6(1)(f)). Our legitimate interest is in being able to respond to enquiries received through our website. Providing your name and email is not a statutory requirement, but without them we cannot respond to you.

4 Automated Decision-Making

PerkIQ does not carry out automated decision-making or profiling that produces legal or similarly significant effects on any individual, as described in UK GDPR Article 22. Our Snapshot scoring engine produces a diagnostic score for your organisation based on the information you provide. This score is generated deterministically from your inputs and relates to your organisation as a whole, not to any individual. It has no legal or similarly significant effect on any person.

5 Special Category Data

PerkIQ does not collect or process special category data as defined in UK GDPR Article 9. Employee survey questions relate to benefits satisfaction, not health conditions, disability, or any other sensitive category.

6 Who We Share Your Data With

We do not sell or share your personal data with third parties for marketing purposes. We use the following service providers to operate the platform:

ProviderPurposeLocation
Supabase Inc.Database, user authentication, and file storageEU (Ireland)
Vercel Inc.Application hosting and performance monitoringUS
Google LLCSocial login (Google OAuth) and optional website analyticsUS
Resend Inc.Transactional emails (account confirmation, password reset, invitations)US
Upstash Inc.Request rate limitingEU (confirmed EU-hosted instance)
Sentry Inc.Error tracking and performance monitoring. Error logs may incidentally contain personal data such as user IDs.US

We may also disclose your data where required by law, regulation, or court order.

To request a copy of our Data Processing Agreement (DPA), email info@perkiq.co.uk.

7 International Data Transfers

Our primary database is hosted in Ireland and our rate limiting service is hosted in the EU. Both are adequate jurisdictions under UK GDPR and no additional transfer mechanism is required for those providers. Vercel, Google, Resend, and Sentry operate in the United States. For those transfers we rely on Standard Contractual Clauses (SCCs) supplemented by the UK International Data Transfer Addendum (IDTA), as incorporated in each provider's Data Processing Agreement. If the hosting region of any provider changes, this policy will be updated accordingly.

8 Cookies

Strictly necessary (no consent required)

We use a session cookie to keep you logged in, and a short-lived cookie used during the sign-up flow. These are required for the platform to function and cannot be disabled.

Analytics (requires your consent)

With your consent, we use Google Analytics to understand how visitors use our website. You can accept or decline analytics cookies via the cookie banner when you first visit. You can change your preference at any time using the cookie settings link in the footer.

We also collect basic web performance data through our hosting provider. No personal data is attached to these measurements.

We do not use advertising, marketing, or third-party tracking cookies.

Local storage

We use browser local storage to save your in-progress diagnostic answers and provider comparison shortlist on your device. This data is not transmitted to our servers.

9 How Long We Keep Your Data

DataRetention period
Account dataRetained while your account is active. Deleted immediately and in full if you close your account.
Anonymous survey responsesRetained indefinitely. These are anonymous data to which UK GDPR does not apply.
Invitation recordsInvitation links expire after 7 days. The invitation record is kept for audit purposes.
Error logs12 months
Contact form submissions24 months
Google Analytics dataPer Google Analytics retention settings (default: 14 months)

Account deletion is permanent. Deletion cascades to all associated company data, diagnostic history, and action items.

10 Your Rights

Under UK GDPR you have the following rights in relation to your personal data: the right to access a copy of your data, the right to correct inaccurate data, the right to request deletion, the right to data portability, the right to restrict or object to processing, and the right to withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at info@perkiq.co.uk. We will respond within 30 days of receiving your request. Where a request is complex or we receive a large number of requests simultaneously, we may extend this period by a further two months. We will notify you of any extension within the initial 30-day period and explain the reason for the delay.

You can also:

  • Export your data at any time using the data export feature in your account Settings
  • Edit your profile, company details, and entered data directly in the platform
  • Delete your account and all associated data via Settings
  • Manage notification preferences and cookie consent via Settings and the cookie banner
If you are not satisfied with our response, you may complain to the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113.

11 Children

PerkIQ is a business platform intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. Contact us at info@perkiq.co.uk if you believe we have inadvertently collected data from a minor and we will delete it promptly.

12 Changes to This Policy

We will notify you of material changes to this policy by email or in-app notification not less than 14 days before they take effect. The current version is always available at www.perkiq.co.uk/platform-privacy.

13 Contact

PerkIQ Ltd

167-169 Great Portland Street, 5th Floor, London, W1W 5PF

Company number: 17102662

ICO registration: ZC108098

Email: info@perkiq.co.uk

Website: www.perkiq.co.uk