Is Paply HMRC compliant?

Yes. Paply handles RTI submissions, auto enrolment, and digital payslips automatically — fully compliant with HMRC requirements.

How much does Paply cost?

Paply starts at £99/month for up to 15 employees on the Starter plan. All plans are a flat fee — no per-employee charges that punish growth.

What is salary benchmarking?

Paply compares your salaries against 1,830+ UK companies by industry, region, and company size, so you know whether your pay is competitive before your best employee leaves.

Can Paply help with NI savings?

Yes. Paply calculates your salary sacrifice and NI savings opportunities automatically, typically saving a 20-person business £680/month in employer National Insurance.

Legal document

Privacy Policy

Version 1.0 Effective: 9 April 2026 UK GDPR compliant

Your privacy matters to us. This policy explains what data we collect, why we collect it, how we use it, and what rights you have under UK GDPR and the Data Protection Act 2018. We process personal data only to provide our services and will never sell your data to third parties. Questions? Contact us at privacy@paply.io.

Section 01

Who we are

Paply Ltd is the data controller for personal data collected through the Paply platform at paply.io. We are registered in England and Wales.

Data Controller: Paply Ltd

Contact: privacy@paply.io

Website: paply.io

Where we process employee data on behalf of our customers (employers), the employer is the data controller and Paply acts as data processor. Our Data Processing Agreement governs this relationship.

Section 02

What data we collect and why

Data type	What it includes	Why we collect it	Legal basis
Account data	Name, email address, company name, job title, phone number	To create and manage your account, send you the service	Contract
Employee data	Employee names, salaries, NI numbers, tax codes, start dates, departments	To provide payroll, benchmarking, and HR features	Contract / Legitimate interests
Usage data	Pages visited, features used, clicks, session duration, browser type	To improve the product and fix bugs	Legitimate interests
Payment data	Billing name, last 4 digits of card, subscription plan	To process your subscription payment	Contract
Lead data	Email, phone, company, headcount, role, calculator inputs	To contact you about Paply and book demos	Consent / Legitimate interests
Wellbeing data	Olive conversations, mood check-ins	To provide the employee wellbeing service	Consent (employee opt-in)
Survey data	Anonymous employee survey responses	To calculate happiness scores for employers	Legitimate interests

Section 03

How we use your data

Providing the service — processing payroll, generating benchmarks, running the dashboard, sending payslips
Communications — account confirmations, product updates, demo bookings, support responses
Improving the product — analysing usage patterns to make Paply better
Anonymised benchmarking — contributing aggregated, non-identifiable data to our UK salary and HR benchmarks
Legal compliance — meeting our obligations under UK law including HMRC requirements
Safety — detecting fraud, security incidents, and system abuse

We never sell your personal data. We never use employee data for advertising. Olive wellbeing conversations are completely private and never shared with employers.

Section 04

Who we share data with

We only share data with trusted sub-processors necessary to deliver the service:

Sub-processor	Purpose	Location	Safeguards
Supabase	Database, authentication, storage	EU / US	Standard Contractual Clauses
Vercel	Hosting and content delivery	EU / US	Standard Contractual Clauses
Stripe	Payment processing	EU / US	Standard Contractual Clauses
Resend	Transactional email	US	Standard Contractual Clauses
Anthropic	AI features (Ada, Olive)	US	Standard Contractual Clauses

We may also disclose data where required by law, court order, or to protect the safety of any person.

Section 05

How long we keep your data

Account and employee data — retained for the duration of your subscription plus 6 months after cancellation, then permanently deleted
Payroll records — retained for 6 years to meet HMRC legal requirements
Lead data — retained for 24 months from collection, or until you ask us to delete it
Olive wellbeing conversations — not retained beyond the session unless the user explicitly saves them
Usage analytics — retained for 12 months in identifiable form, then anonymised

Section 06

Your rights under UK GDPR

Right of access

Request a copy of all personal data we hold about you

Right to rectification

Ask us to correct inaccurate or incomplete data

Right to erasure

Request deletion of your data where there is no legal reason to keep it

Right to restrict processing

Ask us to pause processing while a dispute is resolved

Right to portability

Receive your data in a structured, machine-readable format

Right to object

Object to processing based on legitimate interests

Rights re: automated decisions

Request human review of any automated decisions that affect you

Right to withdraw consent

Withdraw consent at any time where processing is consent-based

To exercise any right, email privacy@paply.io. We will respond within 30 days. If you are unhappy with our response you have the right to complain to the ICO at ico.org.uk.

Section 07

Cookies

We use a small number of cookies to make the platform work:

Essential cookies — session authentication, remembering your login. Cannot be disabled.
Analytics cookies — anonymous usage data to improve the product. Can be declined.

We do not use advertising cookies, tracking pixels, or third-party marketing cookies. You can manage cookies in your browser settings at any time.

Section 08

Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. The current version is always available at paply.io/privacy.

Section 09

Contact and complaints

Data queries and subject access requests

Emailprivacy@paply.io

ResponseWithin 30 days for all GDPR requests

ICO If you are unhappy with our response, you can complain to the Information Commissioner's Office at ico.org.uk or call 0303 123 1113