Last updated: February 2026
PayAdjust is a UK-based payroll management platform operated by PayAdjust Ltd. We act in a dual role:
Contact: privacy@payadjust.com
We process the following categories of personal data:
| Category | Examples |
|---|---|
| Personal identifiers | Full name, email address, date of birth, gender |
| Financial data | Bank account number, sort code, account holder name |
| Employment data | Job title, department, start date, salary, pension contributions |
| Tax & NI data | National Insurance number, tax code, NI category, PAYE reference |
| Pension data | Contribution rates, auto-enrolment status, opt-out records |
| Technical data | IP address (via hosting), browser type, authentication tokens |
| Purpose | Lawful Basis (UK GDPR Art. 6) | Detail |
|---|---|---|
| PAYE tax & NI calculations | Legal obligation (Art. 6(1)(c)) | PAYE Regulations 2003, SSCBA 1992 |
| Payment of wages | Contractual necessity (Art. 6(1)(b)) | Processing bank details for salary payment |
| Pension auto-enrolment | Legal obligation (Art. 6(1)(c)) | Pensions Act 2008 |
| RTI submissions to HMRC | Legal obligation (Art. 6(1)(c)) | Real Time Information reporting |
| AI pension advice | Legitimate interests (Art. 6(1)(f)) | Helping employees optimise pension contributions |
| Email notifications | Legal obligation & contract | Payslip delivery, opt-out notices, invite emails |
| Account management & billing | Contractual necessity (Art. 6(1)(b)) | Subscription and organisation management |
PayAdjust offers optional AI-powered pension advice. When you use this feature, we send the following data to OpenAI's API:
We do not send your name, National Insurance number, bank details, or any other directly identifying information to OpenAI.
OpenAI processes this data under a Data Processing Agreement. Your data is not used to train OpenAI's models. The AI output is provided as general guidance only and does not constitute financial advice.
We use the following third-party services to deliver our platform:
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database hosting & authentication | All employee and organisation data | EU (London region) |
| Vercel | Application hosting | Request logs, server-rendered pages | Global CDN (EU primary) |
| Resend | Transactional emails | Email addresses, notification content | US (with safeguards) |
| Stripe | Subscription billing | Organisation billing information | US (with safeguards) |
| OpenAI | AI pension advice | Anonymised salary and pension data | US (with safeguards) |
| HMRC | Tax reporting (RTI) | Employee tax, NI, and earnings data | UK |
Some of our sub-processors are based outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:
Our primary database (Supabase) is hosted in the London (eu-west-2) region, ensuring core employee data remains within the UK/EEA.
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| PAYE records (P45, P60, tax codes) | 6 years after end of tax year | Taxes Management Act 1970 |
| Payslips and salary records | 6 years after end of tax year | Limitation Act 1980 |
| NI contribution records | 6 years after end of tax year | PAYE Regulations 2003 |
| Pension auto-enrolment records | 6 years | Pensions Act 2008 |
| Pension opt-out notices | 4 years | AE Regulations 2010 |
| Bank account details | Until final payment + 1 month | Data minimisation principle |
| Audit logs | 6 years | Best practice / breach investigation |
When data is subject to an erasure request, we will immediately delete data not subject to legal retention requirements and restrict processing of retained data to storage only until the retention period expires.
Under UK GDPR, you have the following rights:
To exercise any of these rights, contact your employer (as the data controller) or email us at privacy@payadjust.com. We will respond within one calendar month.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
We would appreciate the chance to address your concerns first — please contact us at privacy@payadjust.com.
PayAdjust uses strictly necessary cookies only for authentication session management (Supabase Auth). We do not use tracking cookies, analytics cookies, or third-party advertising cookies. Because these cookies are essential for the service to function, no cookie consent is required under the Privacy and Electronic Communications Regulations (PECR).
We implement appropriate technical and organisational measures including:
We may update this privacy policy from time to time. We will notify you of significant changes via email or an in-app notice. The "Last updated" date at the top of this page indicates when the policy was last revised.
For any questions about this privacy policy or our data practices, contact us at: