Privacy Notice
Last updated: 7/11/2026
1. Who we are
This privacy notice describes how Charles Hackney ("we", "us", "our") collects and uses your personal data when you use the HR Compliance Audit service. Charles Hackney is the data controller for the personal data described below.
2. Personal data we collect
- Account data: your email address, account identifier, and authentication tokens.
- Audit data: the answers you provide and the optional company name you enter, which are stored in your browser and (where applicable) on our servers tied to your account.
- Support data: any messages you send us.
- Usage and device data: log data such as IP address, browser type, timestamps, and pages visited.
- Cookies: essential cookies and similar storage to keep you signed in and remember your audit progress.
Payment information (card details, billing address) is collected and processed directly by Paddle as our Merchant of Record. We do not see or store your full card details.
3. How we use your data
| Purpose | Legal basis |
|---|---|
| Create your account and provide the Service | Performance of contract |
| Process and fulfil purchases | Performance of contract |
| Customer support | Performance of contract / legitimate interests |
| Security, fraud prevention, abuse detection | Legitimate interests |
| Improve the Service | Legitimate interests |
| Comply with legal obligations | Legal obligation |
4. Who we share data with
- Paddle — our Merchant of Record. Paddle handles payment processing, subscription management, billing, tax compliance, invoicing, and refund handling. See Paddle's privacy notice.
- Hosting and infrastructure providers — used to host the Service and store your account and audit data.
- Email delivery providers — used to send transactional email such as sign-in links and receipts.
- Professional advisers — legal and accounting advisers where reasonably necessary.
- Authorities — where required by law, court order, or to protect rights and safety.
We do not sell your personal data.
5. Data retention
We keep account and audit data for as long as your account is active. You can delete your account at any time by contacting us; we will then delete or anonymise your personal data within a reasonable period, except where we are required to retain it for legal, tax, or accounting purposes.
6. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you;
- Have inaccurate data corrected;
- Have your data deleted ("right to erasure");
- Restrict or object to certain processing;
- Receive a portable copy of your data;
- Withdraw consent where processing is based on consent;
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us using the details below.
7. International transfers
Your data may be processed in countries other than your own, including by Paddle and our infrastructure providers. Where data is transferred outside the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
8. Security
We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and authenticated access to your account. No system is perfectly secure; please use a strong, unique email account.
9. Cookies
We use essential cookies and local storage to keep you signed in, remember your audit progress, and run the Service. We do not currently use third-party advertising or marketing cookies. You can clear cookies in your browser at any time; doing so will sign you out and may clear saved audit progress.
10. Changes
We may update this notice from time to time. We will post the updated version on this page with a new "Last updated" date.
11. Contact
For privacy questions or to exercise your rights, contact Charles Hackney through the support channels listed on the Service. For billing or payment-related data held by Paddle, visit paddle.net.