HRLake®
Legal

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how HRLake.com ("we", "us", "our") collects, uses, and protects your personal data when you use our platform. We are committed to protecting your privacy and complying with the UK GDPR and the Data Protection Act 2018.

1. Who we are

HRLake.com is operated by AccountingBody HQ. We are the data controller for personal data collected through this website. If you have any questions about this policy or your personal data, please contact us.

2. Data we collect

We collect the following categories of personal data:

Account data

When you create an account, we collect your name, email address, and authentication credentials. Account creation is handled securely via Clerk.

Usage data

We collect information about how you use the platform — pages visited, searches performed, calculators used, and features accessed. This data is used to improve the platform and is not used for advertising.

Payment data

If you subscribe to Pro, payments are processed by Lemon Squeezy. We do not store your payment card details. We receive subscription status, plan type, and billing period information only.

Contact form data

If you submit a contact or data correction form, we collect your name, email, organisation (if provided), and the content of your message.

Technical data

We collect standard technical data including IP address, browser type, device type, and referring URL. This is used for security monitoring and analytics.

3. How we use your data

We use your personal data for the following purposes:

  • To provide and maintain your account and subscription
  • To process payments and manage your Pro plan
  • To send you service communications (account updates, subscription receipts)
  • To send you the monthly payroll updates newsletter, if you have subscribed
  • To respond to contact form submissions and data correction requests
  • To improve the platform through usage analytics
  • To monitor for security threats and abuse
  • To comply with our legal obligations

We do not sell your personal data. We do not use your data for advertising or profiling.

4. Data sharing

We share your data only with the following third-party services, all of which are necessary to operate the platform:

  • Clerk — authentication and account management
  • Supabase — secure database hosting (EU region)
  • Lemon Squeezy — payment processing and subscription management
  • Resend — transactional email delivery
  • Vercel — website hosting and infrastructure
  • Sentry — error monitoring

We do not share your personal data with any other third parties without your explicit consent, except where required by law.

5. Cookies

We use cookies to operate the platform and improve your experience. For full details of the cookies we use and how to manage them, please read our Cookie Policy.

6. Your rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — you can request a copy of all personal data we hold about you
  • Right to rectification — you can ask us to correct inaccurate data
  • Right to erasure — you can ask us to delete your personal data
  • Right to restrict processing — you can ask us to limit how we use your data
  • Right to data portability — you can request your data in a portable format
  • Right to object — you can object to certain processing activities
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us. We will respond within 30 days.

7. Data retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter in case you wish to return. Specific retention periods:

  • Account data — retained while your account is active, deleted within 30 days of an erasure request
  • Payment records — retained for 7 years to comply with financial record-keeping obligations
  • Contact form submissions — retained for 2 years
  • Usage analytics — retained for 13 months in aggregate form

8. Security

We take the security of your personal data seriously. We use industry-standard security measures including encrypted connections (HTTPS), secure database hosting, row-level security on all user data, and regular security monitoring via Sentry.

No method of transmission over the internet is 100% secure. While we do our best to protect your data, we cannot guarantee absolute security.

9. Contact us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.