Log in Free audit

Privacy policy

Last updated: 11 April 2026

Who we are

Pedantic is a UK employment policy compliance platform operated by Pedantic Ltd. We help employers audit, generate, and maintain their employment policies. When we say "we", "us", or "our" in this policy, we mean Pedantic Ltd.

For data protection purposes, we are the data controller. You can contact us at compliance@getpedantic.com.

What data we collect

We collect different data depending on how you use Pedantic:

Free audit

  • Your email address
  • The document you upload (employee handbook or individual policy)
  • Basic organisation details you provide (employee count band, sector, workforce type, trade union recognition)

Account and subscription

  • Your name and email address
  • Organisation details (name, address, sector, workforce structure, benefits, operational specifics)
  • Payment information (processed by Stripe — we never see or store your full card details)

Policy distribution

  • Employee names and email addresses (provided by the employer)
  • Employee department and start date
  • Acknowledgement records: when an employee confirms they have read a policy, we record the timestamp, their IP address, and browser user agent. This creates the evidence trail employers need for compliance purposes.

Automatically collected

  • A session cookie for authentication (see the Cookies section below)

Why we collect it

We use your data for these specific purposes:

  • Compliance analysis: to audit your policies against UK employment law requirements
  • Policy generation: to create policies tailored to your organisation
  • Regulatory monitoring: to notify you when law changes affect your policies
  • Distribution and acknowledgement: to send policies to your employees and record evidence of acknowledgement
  • Account management: to authenticate you and manage your subscription
  • Service communication: to send you audit reports, compliance alerts, and account notifications

We do not sell your data. We do not use your data for advertising. We do not share your policy content with other customers.

How we store and protect your data

All data is stored on Cloudflare's infrastructure, with the primary database instance located in Europe. Your data is encrypted in transit (TLS) and at rest. Uploaded documents are stored in encrypted object storage. Passwords are hashed using bcrypt and never stored in plain text.

We follow data minimisation principles: we only collect what we need to provide the service, and we do not retain data longer than necessary.

Third parties

We use a small number of third-party services to operate Pedantic:

  • Cloudflare (hosting, database, file storage) — all infrastructure runs on Cloudflare's platform. Their privacy policy is at cloudflare.com/privacypolicy.
  • Resend (transactional email) — used to send audit reports, compliance alerts, distribution emails, and account notifications. Their privacy policy is at resend.com/legal/privacy-policy.
  • Stripe (payment processing) — handles subscription billing. We never see or store your full card details. Their privacy policy is at stripe.com/gb/privacy.
  • AI providers (document analysis and policy generation) — we send policy text to AI models via Cloudflare's AI Gateway for compliance analysis and generation. We do not send personal data (names, email addresses, employee details) to AI providers. Only the text content of policies and organisational context (sector, size, workforce type) is sent for analysis.

Data retention

  • Uploaded documents: retained while your account is active. You can delete uploaded documents at any time from your account.
  • Account data: retained while your account is active and for a reasonable period afterwards to fulfil legal obligations.
  • Audit results and generated policies: retained while your account is active.
  • Acknowledgement records: retained for as long as the employer's account is active. These records serve as compliance evidence and may be needed for tribunal or regulatory purposes. Employers can request deletion, but should be aware this removes their evidence trail.
  • Free audit leads: email addresses collected during free audits are retained for follow-up communication. You can unsubscribe or request deletion at any time.

Cookies

We use a single, essential cookie for authentication. When you log in, a session cookie is set to keep you authenticated as you use the platform. This cookie is:

  • HttpOnly (not accessible to JavaScript)
  • Secure (only sent over HTTPS)
  • Strictly necessary for the service to function

We do not use tracking cookies, analytics cookies, or advertising cookies. We do not use any third-party cookie-based tracking.

Your rights under UK GDPR

Under the UK General Data Protection Regulation, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct any personal data that is inaccurate or incomplete
  • Erasure — ask us to delete your personal data (subject to any legal obligations we have to retain it)
  • Portability — request your data in a structured, machine-readable format
  • Object — object to processing of your personal data in certain circumstances
  • Restrict processing — ask us to limit how we use your data in certain circumstances

To exercise any of these rights, email compliance@getpedantic.com. We will respond within one month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you by email or through the platform. The "last updated" date at the top of this page shows when it was last revised.