Privacy Policy

1. Who We Are

PerkIQ Ltd ("PerkIQ", "we", "us") is the data controller for personal data processed through this platform. We are registered in England and Wales. Our platform is designed for HR administrators at UK-based SMEs.

For data protection enquiries, contact: privacy@perkiq.co.uk

2. What Data We Collect

We collect the following categories of data:

• •Account data: Name, email address, company name, role.
• •Company data: Company size, industry, benefits currently in place, primary business objectives.
• •Assessment data: Responses to Health Check and Deep Dive questionnaires, resulting scores and insights.
• •Usage data: Pages visited, actions taken, features used — for platform improvement.

We do not collect personal data about your employees unless you explicitly provide it through future survey features, and only with appropriate consent mechanisms in place.

3. Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

• •Contract performance: To deliver the service you have signed up for.
• •Legitimate interests: To improve the platform and prevent fraud.
• •Consent: For marketing communications, where separately obtained.

4. How We Use Your Data

We use your data to: provide and operate the PerkIQ platform; generate benefits assessments and recommendations; match you with relevant providers; send account and service communications; improve platform functionality through anonymised aggregate analysis.

We do not sell your data to third parties. Provider recommendations are generated by our own deterministic algorithms — your data is not shared with providers without your explicit action.

5. Data Retention

We retain your account and assessment data for the duration of your subscription and for 7 years thereafter, as required for financial and legal compliance. You may request earlier deletion — see Section 7.

6. Data Security

All data is stored in Supabase-managed PostgreSQL databases hosted within the EU. We enforce row-level security, encrypted connections (TLS), and access controls. Authentication is handled via Supabase Auth with support for multi-factor authentication.

7. Your Rights (UK GDPR)

Under UK GDPR, you have the right to: access your personal data; correct inaccurate data; request deletion of your data; restrict or object to processing; data portability; and lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email privacy@perkiq.co.uk. We will respond within 30 days.

8. Cookies

PerkIQ uses only essential cookies required for authentication and session management. We do not use tracking or advertising cookies. No third-party analytics cookies are set.

9. Changes to This Policy

We may update this policy periodically. Material changes will be communicated by email to registered account holders. Continued use of the platform after notification constitutes acceptance of the updated policy.