Privacy Policy

PolicyPilot is a product of Bazl Ltd. This policy explains how we collect, use, and protect your personal data when you use PolicyPilot. We are committed to handling your information responsibly and in accordance with applicable data protection law.

1. Who We Are

Bazl Ltd ("Bazl", "we", "us", or "our") operates PolicyPilot, an AI-powered remote work policy intelligence platform accessible at policypilotv2.bazl.io. Bazl Ltd is the data controller for personal data collected through this platform.

For data protection enquiries, contact us at: support@bazl.io

2. What Data We Collect

Account information

When you register for PolicyPilot, we collect your name, work email address, and organisation details. This information is required to create and manage your account.

Usage data

We collect data about how you use the platform, including which tools you use (Create Policy, Analyse Policy, FlexCheck), session activity, and feature usage. This helps us improve the product.

Policy and document data

When you use our tools, you may upload documents or input information about your employees and their work arrangements. This content data is processed to generate outputs and is stored in connection with your account.

Technical data

We collect standard server log data including IP addresses, browser type, and device information for security and service operation purposes.

We process personal data in accordance with the UK GDPR and EU GDPR. Our legal bases for processing are:

Contract performance — to provide the PolicyPilot service you have subscribed to
Legitimate interests — to improve our platform, prevent fraud, and ensure security
Legal obligation — where processing is required by law
Consent — for marketing communications, where you have opted in

Where personal data is transferred outside the UK or European Economic Area, we use appropriate safeguards including Standard Contractual Clauses to ensure data protection standards are maintained.

PolicyPilot's infrastructure is hosted on Supabase and Vercel. Both providers operate with appropriate data protection agreements and, where applicable, EU-US Data Privacy Framework compliance.

4. How We Use Your Data

To create and manage your account
To provide the PolicyPilot tools and generate policy documents and risk assessments
To process credit transactions and manage your subscription
To communicate service updates, security notices, and (with consent) product news
To analyse usage patterns and improve the platform
To comply with legal and regulatory obligations

5. Data Sharing

We do not sell your personal data. We share data only with:

Service providers who help us operate the platform (hosting, payments, AI inference), under strict data processing agreements
Your organisation — if you access PolicyPilot through a provider account, your usage data may be visible to your provider administrator
Law enforcement or regulators where required by applicable law

6. Data Retention

We retain your account data for as long as your account is active, plus a reasonable period thereafter to comply with legal obligations. Policy documents and FlexCheck reports are retained for the duration of your account. You may request deletion of your data at any time.

7. Your Rights

Under UK and EU GDPR, you have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request erasure of your data ("right to be forgotten")
Restrict or object to processing
Data portability
Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at support@bazl.io. We will respond within 30 days.

8. Cookies

PolicyPilot uses the following categories of cookies:

Strictly necessary — authentication session cookies required for you to stay logged in. These cannot be disabled.
Functional — remember your preferences and settings within the platform.
Analytics — help us understand how the platform is used in aggregate. You may opt out of these.

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption at rest and in transit, access controls, and regular security reviews. API keys stored in the platform are encrypted using AES-256-GCM before database storage.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice within PolicyPilot. The date at the top of this page indicates the most recent revision.

11. Contact

For questions about this policy or your data, contact:
Bazl Ltd — Data Protection
Email: support@bazl.io