Last updated: 08 September 2025
This Privacy Policy explains what personal data we collect, how we use it, and what rights you have. addbuttr ltd is a company registered in England and Wales (Company No. 16280270). We are the data controller for data we process directly, and a data processor when we handle survey data on behalf of our Clients. If you have any questions, you can reach us at: 📧 info@addbuttr.com 📍 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ
This Privacy Policy applies to: Clients: Organisations who subscribe to or integrate addbuttr. Employees: Individuals employed by a Client who complete surveys. Candidates: Individuals applying for roles with a Client who complete surveys as part of a recruitment or assessment process. Website visitors: Anyone who browses our website or interacts with us online.
From Clients: Business contact details (name, email, role, company). Billing information and payment records. Login and account details. From Employees and Candidates: Survey responses (preferences, motivators, or other feedback). Basic identifiers if provided (e.g. name, email, team/role). Any optional information you choose to provide. From Website Visitors (all users): Device information (browser, operating system, IP address). Usage data (pages visited, time/date, time spent). Cookies and similar technologies (see Section 6).
We process data to: Provide and improve the addbuttr platform. Generate anonymised insights and reports for Clients. Support cultural analysis and recruitment assessments. Communicate with Clients (billing, support, updates). Ensure platform security and prevent misuse. Comply with our legal and regulatory obligations. We never sell your personal data.
We rely on the following lawful bases under UK GDPR: Contract – to deliver services to Clients. Legitimate Interests – to analyse survey data, support cultural insights, maintain security, and improve our service (we balance these interests against your rights). Consent – where you choose to complete a survey or provide optional information. Legal Obligation – where we are required to retain or share data for legal or regulatory reasons.
We only share data with: Trusted service providers who help us deliver the platform: Amazon Web Services (AWS) - cloud hosting and storage (EU), Cloudfare - network security and performance (global), Postmark - transactional emails e.g. survey links (US), OpenAI - AI-powered analysis to help generate insights (US), Stripe - payment processing (US). Clients – who receive the survey insights relevant to their organisation. Affiliates or business partners – if needed to provide the Service (we will ensure equivalent protections are in place). Legal or regulatory bodies – if required by law. In business transactions – such as a merger or acquisition, where data may transfer to a new owner under the same protections. We do not sell or rent data to third parties.
We use cookies and similar technologies to make our website work and to understand usage. Essential cookies – required for authentication and basic functionality. Preference cookies – remember your settings and choices (such as light/dark theme).
Our data is hosted in the UK/EU where possible. Some of our trusted service providers are based outside the UK/EU: Cloudflare – network security and performance (Global; primary EU/US). Postmark – transactional email delivery (US). OpenAI – AI-powered analysis (US). Stripe – payment processing (US). Where data is transferred outside the UK/EU, we make sure it is protected by appropriate safeguards. These include: The Standard Contractual Clauses (SCCs) approved by the European Commission. The UK's International Data Transfer Agreement (IDTA) or Addendum where applicable. Contractual and technical measures required under our agreements with providers. This ensures your data remains protected to the standards required under UK GDPR.
Client data: kept as long as you have an active subscription and for up to 6 years after for legal/accounting reasons. Employee and Candidate survey data: kept for as long as required by the Client contract, then anonymised or deleted. Log and security data: typically 12–24 months. Marketing contact data: until you opt out or withdraw consent.
Under UK GDPR, you have rights over your personal data: Access – request a copy of the data we hold on you. Rectification – correct inaccurate or incomplete data. Erasure – ask us to delete your data, where applicable. Restriction – request limits on how your data is used. Data portability – request your data in a machine-readable format. Object – to processing based on legitimate interests or for marketing. Withdraw consent – if you previously gave consent. To exercise these rights, contact us at info@addbuttr.com. You can also complain to the ICO (www.ico.org.uk) if you believe your rights have been infringed.
Completing a survey is voluntary and does not form part of a contract or guarantee of employment. Survey data is shared only with the Client you are applying to. addbuttr does not make hiring decisions; Clients are solely responsible for their recruitment processes.
We use technical and organisational measures to keep your data safe, including encryption, access controls, and secure hosting via AWS and Cloudflare. However, no system is 100% secure.
Our Service is not directed at children. You must be at least 18 years old to use our platform. We do not knowingly collect data from anyone under 18. If we learn that we have done so, we will delete it promptly.
We may update this Privacy Policy from time to time. If changes are significant, we will let Clients know. The most up-to-date version will always be available on our website.