Privacy Policy

Last updated: January 2026

Summary: We collect only the data necessary to provide our compliance management service. Your data is stored securely in UK data centres, encrypted, and never sold to third parties. You can export or delete your data at any time.

1. Who We Are

SponsorPro ("we", "us", "our") is a UK-based compliance management platform that helps employers manage Right to Work checks and Sponsor Licence compliance obligations.

Data Controller: SponsorPro
Contact Email: privacy@sponsorpro.uk

2. What Data We Collect

We collect and process the following categories of personal data:

Account Information

Name and email address
Company name and details
Password (encrypted)
Account preferences and settings

Worker Data (entered by you)

Worker names, contact details, and addresses
National Insurance numbers
Passport and visa information
Right to Work check records
Employment details (job title, salary, work location)
Uploaded documents (ID copies, visa documents)

Technical Data

IP address and browser information
Login timestamps and session data
Audit trail of actions taken in the system

3. Why We Collect This Data (Legal Basis)

We process your data under the following legal bases:

Contract Performance: To provide the compliance management service you have subscribed to
Legal Obligation: To help you meet your obligations under UK immigration law
Legitimate Interest: To improve our service, prevent fraud, and ensure security
Consent: For optional marketing communications (you can opt out at any time)

4. How We Use Your Data

We use your data to:

Provide and maintain the SponsorPro service
Send compliance reminders and alerts (visa expiries, RTW follow-ups)
Generate reports and analytics for your organisation
Process payments and manage your subscription
Respond to your support requests
Improve our service based on usage patterns
Comply with legal obligations

5. Data Sharing

We do not sell your data to third parties. We only share data with:

Hosting Providers: To store your data securely (UK data centres only)
Payment Processors: To process subscription payments (Paddle)
Email Service: To send notifications and alerts
Law Enforcement: Only if legally required by court order

All our service providers are GDPR compliant and have signed Data Processing Agreements.

6. Data Storage and Security

Your data is:

Stored exclusively in UK data centres
Encrypted in transit (TLS 1.3) and at rest (AES-256)
Protected by access controls and authentication
Backed up regularly with encrypted backups
Subject to regular security reviews

7. Data Retention

We retain your data for:

Active accounts: For the duration of your subscription plus 30 days
After account deletion: Permanently deleted within 30 days
Audit logs: Retained for 7 years (legal requirement for immigration compliance)
Payment records: Retained for 7 years (tax/accounting requirements)

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access: Request a copy of all data we hold about you
Right to Rectification: Correct any inaccurate data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Portability: Export your data in a machine-readable format
Right to Restrict Processing: Limit how we use your data
Right to Object: Object to certain types of processing
Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at privacy@sponsorpro.co.uk or use the data management features in your account settings.

9. Cookies

We use essential cookies to:

Keep you logged in during your session
Remember your preferences
Ensure security (CSRF protection)

We do not use advertising or tracking cookies. See our Cookie Policy for more details.

10. International Transfers

Your data is stored and processed exclusively within the United Kingdom. We do not transfer your data outside the UK/EEA.

11. Children's Privacy

SponsorPro is a business service not intended for children under 18. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the application. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

For any privacy-related questions or to exercise your rights:

Email: privacy@sponsorpro.uk

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

14. Subprocessors

We use the following third-party services (subprocessors) to provide and improve our platform. Each processes personal data only as necessary for their stated purpose.

Subprocessor	Purpose	Data Processed	Data Location	Legal Basis
Crisp SAS	Live chat support widget	Name, email address (only when user opens chat), chat messages, IP address, browser metadata	EU (France)	Legitimate interest (Art. 6(1)(f)) — providing customer support; data transmitted only upon user-initiated chat interaction
Paddle.com Market Ltd	Subscription billing and payment processing	Name, email, billing address, payment method (tokenised)	EU/UK	Contract performance (Art. 6(1)(b))
Postmark (ActiveCampaign)	Transactional email delivery	Email address, email content	US (EU SCCs)	Contract performance (Art. 6(1)(b))
Render Inc	Application hosting	All application data (encrypted at rest and in transit)	EU (Frankfurt)	Contract performance (Art. 6(1)(b))
Cloudflare Inc	CDN, DNS, DDoS protection, R2 object storage	IP address, request metadata, uploaded documents (encrypted)	Global edge / EU primary	Legitimate interest (Art. 6(1)(f)) — security and performance
Sentry (Functional Software)	Error tracking and performance monitoring	IP address, browser metadata, error context (PII sending disabled)	US (EU SCCs)	Legitimate interest (Art. 6(1)(f)) — maintaining service reliability

Note on Crisp: The Crisp chat widget loads on pages where it is enabled, but no personally identifiable information (name, email) is transmitted to Crisp until you actively open the chat window. Your organisation's administrator can disable Crisp entirely from the Settings page.

This list was last updated on 25 February 2026. We will update this page when subprocessors change.

Terms & Conditions Cookie Policy