Privacy Policy

Last updated: 12 June 2026

Summary

We collect only what we need to run the service, never sell your personal information, and let you delete your account and data at any time from your dashboard. For the employee data you hold in WardHR, your organisation is the data controller and WardHR is your processor — we process it on your instructions to provide the service.

1. Information we collect

  • Account information: the email addresses of the people in your organisation who use WardHR, and your organisation's name.
  • HR records: the employee, document, leave/absence, compliance, case and acknowledgement information you enter or generate — the system of record you maintain in WardHR.
  • AI inputs: the details, notes and questions you submit to generate documents, draft letters or get case guidance.
  • Usage data: conversion events used to operate and improve the service. IP and user-agent are hashed with a daily-rotating salt before storage and are never linkable across days.
  • Billing information: the service is provided through your insurance provider/partner and billed to them centrally — we do not take card payments from you or store any card details.

2. How we use your information

  • Provide the HR compliance system of record and the manager copilot (document generation, records, compliance scoring, deadline tracking, case guidance and letters).
  • Manage your organisation's account and seats, and meter usage for central reconciliation with your provider.
  • Send transactional and service email (one-time login codes, document/acknowledgement emails, and the weekly digest to owners and admins).
  • Operate and improve the service. We do not use your HR records or AI inputs to train any AI model.

3. Who we share data with

We do not sell, trade or rent your personal information. We share data only with the sub-processors needed to operate the service:

  • OpenRouter — AI routing. OpenRouter is a single endpoint that proxies our requests to whichever model provider is configured. Depending on availability and configuration, the text you submit for an AI action may be processed by any of: OpenAI, Anthropic, Google or Groq. All providers operate under their own zero-retention or no-training policies for API traffic; we route through OpenRouter rather than holding direct relationships with each.
  • Pinecone — the UK employment-law corpus used to ground AI output (queries embedded in-region; we do not store your HR records in Pinecone).
  • Resend — transactional and digest email delivery.
  • Railway — application hosting and managed PostgreSQL.

We may also disclose data when required by law or to protect our rights, and in the event of a merger or acquisition.

4. Data security

  • Encryption in transit (TLS) and at rest (provider default).
  • Cloud-hosted PostgreSQL with automated backups.
  • Passwordless authentication via one-time email codes — we do not store passwords.
  • Security updates applied promptly when upstream patches land.

5. Your rights (UK GDPR)

You have the right to:

  • Access — view personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — delete your account and personal data via the Delete account page in your dashboard. Deletion is immediate.
  • Portability — export your data in a machine-readable format.
  • Objection — object to processing of your personal data.

To exercise any of these rights, use the controls in your dashboard or email [email protected].

6. Data retention

We retain your account and HR data for as long as your account is active. Certain statutory records — notably issued documents and leave/absence records — are retained for six years to meet UK employment-law duties, after which they are automatically purged. When you delete your account we remove your personal data promptly, except where we are required to retain limited records by law (e.g. the six-year statutory records above, and anonymised payment records for accounting).

7. International transfers

Your data may be processed in countries outside the UK and EU (notably the US, where some of our sub-processors are based). We rely on UK Standard Contractual Clauses or equivalent safeguards in those transfers.

8. Changes to this policy

We may update this policy from time to time. When we do, we update the "Last updated" date at the top of this page; for material changes, we'll also notify account holders by email and give 30 days' notice before the change takes effect.

Contact

Questions about this policy? Email [email protected].