Privacy Policy

How we handle and protect your personal data

Last updated: 17 February 2026

1. Introduction

PolicySuite ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our policy management platform.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, company name, job title
  • Policy Content: Policies, documents, and related content you create or upload
  • Usage Data: Information about how you use our platform, including log data and analytics
  • Communication Data: Records of your communications with us

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your transactions and send related information
  • Send you technical notices, updates, and support messages
  • Respond to your comments and questions
  • Monitor and analyse usage patterns and trends
  • Detect, prevent, and address technical issues and security threats

4. Data Security

We implement appropriate technical and organisational security measures to protect your data, including:

  • 256-bit SSL encryption for data in transit
  • AES-256 encryption for data at rest
  • Multi-tenant data isolation
  • Regular security audits and penetration testing
  • SOC 2 Type II certification

5. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfill the purposes outlined in this policy. When you close your account, we will delete or anonymize your data within 90 days, except where we are required to retain it for legal or regulatory purposes.

6. Your Rights (UK GDPR)

Under UK GDPR, you have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to processing of your data

Swiss Data Protection (nDSG)

For users in Switzerland, your data is also processed in accordance with the Swiss Federal Act on Data Protection (nDSG/DSG). The Federal Data Protection and Information Commissioner (FDPIC) serves as the supervisory authority. You may contact the FDPIC at edoeb.admin.ch.

7. Cookies

We use essential cookies to operate our platform and analytics cookies to understand usage. You can control cookies through your browser settings. See our Cookie Policy for details.

8. Third-Party Services

We use trusted third-party service providers to help us deliver our services, including:

  • Hosting infrastructure (Render.com)
  • Email delivery services
  • Analytics providers (Google Analytics)
  • Payment processors (Stripe)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

9. International Data Transfers

Your data is primarily stored and processed in the United Kingdom. If we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our platform.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@policy-suite.com
Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Data Protection Officer: dpo@policy-suite.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data properly. For Swiss users, the FDPIC; for EU users, the relevant national data protection authority.