Privacy Policy

Last updated 18 April 2026 · UK GDPR compliant

Plain-English summary: your data is yours, we store it in the UK/EU, we don't sell it, and you can export or delete it any time.

Who we are

Site Lynx Group Ltd, a UK company, is the data controller for Work-Lynx. If you email info@site-lynx.co.uk with a privacy question, a real person replies — usually within a working day.

What we collect

Account data: name, work email, company name, role, job title, password (hashed).

Employee data you enter: employee names, emails, contracts, leave balances, payslips, clock-in records, GPS coordinates at clock-in, timesheet entries. You're the controller of this data; we're the processor.

Usage data: pages visited, features used, timestamps, IP address, browser and OS. We use this for security and product improvement, not ad tracking.

Payment data: handled by Stripe. We never see your card number — we only store a Stripe customer ID.

Why we process it

To provide the service you've signed up for (contract).
To bill you (contract).
To keep the platform secure and detect abuse (legitimate interest).
To send product updates and security notices (legitimate interest — you can opt out of non-critical emails).

Where it lives

All data is stored on UK/EU-region infrastructure, encrypted at rest (AES-256) and in transit (TLS 1.2+). Each company's data is isolated by row-level security — other tenants cannot query your rows.

Who we share it with

Only sub-processors we need to run the service:

Supabase — database hosting (EU region).
Vercel — application hosting.
Stripe — payments.
Resend — transactional email.
Anthropic — processes Employ AI questions. We don't send personal data unless you type it into the question.

We do not sell your data. We do not share it with advertisers or data brokers. Ever.

How long we keep it

While your account is active, plus 30 days after cancellation to allow export. After that we hard-delete. Billing records we keep for 6 years as HMRC requires.

Your rights under UK GDPR

Access — request a copy of your data.
Rectify — correct anything wrong.
Erase — delete your account and data.
Port — export everything to CSV.
Object — stop certain processing.
Complain — to the ICO if you think we've got it wrong.

Email info@site-lynx.co.uk to exercise any of these. We reply within 30 days.

Changes

If we change this policy materially we'll email you before the new version takes effect.