Privacy Policy

Effective Date: July 2025
Last Updated: July 2025
Version: 1.1

Workfree Limited (trading as PAIDD) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you visit our website www.paidd.io or use our e-invoicing platform.

Important Information and Who We Are

Data Controller

We are the controller responsible for your personal data:

  • Full name: Workfree Limited (trading as PAIDD)
  • Email: support@paidd.io
  • Address: 128 City Road, London, EC1V 2NX
  • Company Number: 13799043

Your Rights

You have the right to make a complaint to the Information Commissioner's Office (ICO) at www.ico.org.uk. However, we would appreciate the chance to address your concerns first - please contact us at support@paidd.io.

The Data We Actually Collect

Personal Data Categories

We collect limited personal data, primarily business contact information:

Website Visitors

  • Contact Information: Name, email address (only when voluntarily provided)
  • Company Information: Company name, job title (for business context)
  • Technical Data: IP address, browser type (via marketing analytics only)

Platform Users

  • Account Data: Name, email address, company affiliation
  • Usage Data: Login times, feature usage (aggregated, not personal)
  • Support Data: Communication records when you contact us

Business Contacts (B2B)

  • Professional Information: Business email, company name, role
  • Communication Records: Demo requests, sales inquiries
  • Business Requirements: Company size, compliance needs

What We Don't Collect

  • Extensive personal profiles or behavioral data
  • Sensitive personal data (health, financial details, etc.)
  • Detailed tracking across websites or devices
  • Personal data from your business operations (we integrate with your systems)

How We Collect Your Data

Direct Interactions

You provide data when you:

  • Complete contact forms or request demos
  • Create a platform account or trial access
  • Contact us for support or information
  • Subscribe to our services

Automated Collection

We automatically collect data through:

  • Session cookies: Only for platform authentication (paidd_session, session_id)
  • Server logs: Basic technical information for troubleshooting
  • Marketing analytics: Google Analytics on marketing pages only (not stored by us)

Third-Party Sources

We may receive business contact information from:

  • Business networking platforms (LinkedIn)
  • Industry events and conferences
  • Business contact databases for B2B marketing
  • Referrals from existing customers or partners

How We Use Your Data

Legal Bases for Processing

We process personal data when:

  • Contract performance: Delivering services you've requested
  • Legitimate interests: Business operations, security, and B2B marketing
  • Legal obligations: Compliance with business and tax requirements
  • Consent: Where specifically requested (rare for B2B activities)

Purposes for Processing

Purpose Data Types Legal Basis
Platform access and authentication Account data, session information Contract performance
Customer support and troubleshooting Contact data, support communications Contract performance
Business development and demos Contact data, business requirements Legitimate interests
Service improvement and analytics Usage data (aggregated) Legitimate interests
Legal and regulatory compliance Business records, transaction data Legal obligations
Security and fraud prevention Technical data, access logs Legitimate interests

B2B Marketing

For business-to-business marketing, we may:

  • Send information about our services to business email addresses
  • Follow up on inquiries and demo requests
  • Invite you to relevant industry events or webinars
  • Share industry insights and compliance updates

Opt-out: You can unsubscribe from marketing communications anytime by clicking unsubscribe links or contacting support@paidd.io.

Data Sharing and Third Parties

Service Providers

We work with trusted service providers who process data on our behalf:

Technology Infrastructure

  • Website hosting: Replit (development), cloud hosting providers
  • Email services: Google Workspace, SendGrid
  • Analytics: Google Analytics (marketing site only)
  • Payment processing: Stripe (for subscriptions)

Business Operations

  • Accounting software integrations: API connections to Xero, Sage, QuickBooks
  • Customer support: Email and communication tools
  • Security monitoring: Infrastructure security services

Data Protection Standards

All service providers must:

  • Process data only for specified purposes
  • Maintain appropriate security measures
  • Comply with UK GDPR and data protection laws
  • Delete data when no longer needed

Data Security

Technical Measures

We protect your data through:

  • Encryption in transit: TLS 1.3 for all connections
  • Access controls: Role-based platform access with authentication
  • Session security: Secure session management and automatic logout
  • Network security: Firewalls and security monitoring

Organizational Measures

  • Staff training on data protection and security
  • Limited access to personal data on need-to-know basis
  • Regular security reviews and updates
  • Incident response procedures for security events

Data Retention

Retention Periods

Data Type Retention Period Reason
Platform user accounts Duration of subscription + 30 days Service delivery and transition
Business contact information 3 years from last contact Business development
Support communications 2 years Customer service history
Session logs 30 days Technical troubleshooting
Business transaction records 7 years Legal and tax obligations

Data Deletion

We delete data when:

  • Retention periods expire
  • You request deletion (where legally possible)
  • Business relationships end and legal obligations are met
  • Data is no longer needed for original purposes

Your Legal Rights

Data Subject Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion where there's no compelling reason to continue processing
  • Restriction: Limit processing in specific circumstances
  • Objection: Object to processing based on legitimate interests or for marketing
  • Portability: Receive your data in a structured, machine-readable format

Exercising Your Rights

To exercise these rights:

  • Contact us at support@paidd.io with your request
  • Provide identification to verify your identity
  • Specify which right you wish to exercise
  • Allow up to one month for our response

Marketing Opt-Out

You can opt out of marketing communications by:

  • Clicking unsubscribe links in emails
  • Contacting us at support@paidd.io
  • Updating preferences in your account settings

Business Customer Data

When You're the Controller

For business customers using our platform:

  • You are the data controller for supplier and business data processed through our platform
  • We are the data processor acting on your instructions
  • Our Data Processing Agreement governs this relationship
  • You must provide privacy notices to your suppliers and contacts

Data Processing

Our platform processes data by:

  • Integrating with your existing systems rather than storing data
  • Processing business information rather than personal profiles
  • Focusing on invoice and payment data rather than individual details
  • Providing tools for you to manage your own data retention and deletion

International Transfers

Data Location

Personal data is primarily processed in:

  • United Kingdom (primary operations)
  • European Economic Area (cloud infrastructure)
  • United States (limited service providers with adequate safeguards)

Transfer Safeguards

When data is transferred internationally, we ensure protection through:

  • Adequacy decisions by UK/EU regulators
  • Standard Contractual Clauses
  • Service provider certifications and privacy frameworks
  • Additional safeguards where required by law

Questions About This Privacy Policy?

Privacy Questions or Concerns?

Our team is available to answer any questions about how we handle your personal data.

📧 support@paidd.io

Complaints

If you're not satisfied with our response, you can complain to the Information Commissioner's Office (ICO) at www.ico.org.uk or phone 0303 123 1113.

Ready for guaranteed 5x ROI?

Join forward-thinking CFOs to transform late supplier payments

Calculate my ROI

© 2025 Workfree Limited (trading as PAIDD)
This policy was last updated: July 2025
Next review date: July 2026