Privacy policy

Last updated: 2026-04-19

1. Introduction

This Privacy Policy explains how onboarding.team (operated by FRANCHISE FAMILY LTD, registered in England and Wales — “we”, “us”, “our”) collects, uses, discloses, and safeguards personal data when you visit https://onboarding.team or use our preboarding and onboarding platform. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and other applicable data protection laws.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

2. Data we collect

From you, when you fill in a form on this site:

  • Work email address
  • Company name
  • Frontline headcount band
  • Industry
  • Optional message text and name

From your team, when they use the platform, we process whatever you upload as the controller — typically: hire names and emails, preboarding and onboarding journey content (modules, tests, homework), assignments, completion status, mentor approvals, and timestamps.

We also automatically collect anonymised usage data through Plausible Analytics: page URL, referrer, browser type, country (from IP, then discarded), and screen size. Plausible does not set cookies, does not assign visitor IDs, and does not track users across sites — so no cookie banner is required.

3. Purpose of processing

  • Responding to inquiries submitted through the trial and contact forms.
  • Provisioning, billing, and supporting your account on the platform.
  • Sending transactional emails about your trial, account, and security.
  • Sending product updates and onboarding tips — only if you explicitly opt in.
  • Improving the platform and analysing aggregate usage.
  • Meeting our legal and tax obligations.

4. Legal basis for processing

  • Performance of a contract — to deliver the platform you have subscribed to.
  • Legitimate interests — to operate the website, respond to enquiries, and improve product quality, where these do not override your rights.
  • Consent — for any optional marketing communications.
  • Legal obligation — for accounting, tax, and compliance records.

5. Data location, storage, and security

Customer data is stored on EU-based cloud infrastructure with encryption at rest (AES-256) and in transit (TLS 1.2+). Backups are taken on a rolling basis and stored in the same region. Production access is limited to a small number of authorised engineers, with audit logging on administrative actions.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected: account data is retained while your subscription is active and for up to 30 days after termination, after which it is deleted or anonymised, unless a longer retention period is required by law (typically 7 years for invoices and tax records).

6. Cookies

The marketing site (onboarding.team) does not set marketing or analytics cookies. We may use a small number of strictly necessary cookies inside the product (e.g., a session cookie for authentication). The product itself sets cookies only after you sign in.

7. Sub-processors

We engage trusted third-party providers to operate the platform. They are bound by data-processing agreements requiring them to apply the same level of protection we do.

  • Cloud hosting — EU region, for compute, storage, and backups.
  • Stripe — for secure payment processing. Stripe is PCI-DSS Service Provider Level 1 certified and stores cardholder data on our behalf; we do not see or store full card numbers.
  • Plausible Analytics — privacy-friendly, cookie-less analytics for the marketing site.
  • Transactional email provider — for trial, account, and security emails (e.g., Postmark / Resend / Gmail API once configured).

The current list of sub-processors is also documented in our Data Processing Agreement and is updated when it changes. The full, current list is available on request.

8. Sharing data with third parties

We do not sell, rent, or trade personal data. Beyond the sub-processors listed above, we share data only when (a) you explicitly direct us to (e.g., an HRIS / ATS integration you enable), or (b) we are legally required to (e.g., a court order from a competent authority).

9. International transfers

Where personal data is transferred outside the UK or the EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) with our sub-processors to ensure equivalent protection.

10. Your rights

Under the UK GDPR and EU GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request rectification of inaccurate or incomplete data.
  • Request erasure (the “right to be forgotten”).
  • Object to or restrict processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with a supervisory authority (e.g., the UK Information Commissioner's Office).

To exercise any of these rights, email hello@onboarding.team with the subject line “Data request”. We will respond within 30 days.

11. Children

The platform is a B2B tool for workforce onboarding and is not intended for children under 16. If you believe a child has used the platform without authorisation, contact us and we will delete the data.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to account administrators at least 30 days before they take effect. The current version is always available at https://onboarding.team/privacy.

13. Contact

Operator: FRANCHISE FAMILY LTD, registered in England and Wales.
Email: hello@onboarding.team
Website: https://onboarding.team