1. Introduction & Scope
iplicit Ltd ("iplicit", "we","us") is committed to protecting your privacy. This policy describes how we collect, use, and share personal data when you visit our website, engage with our commercial teams, apply for a role, or use our CloudERP software ("the Service").
ERP Service Users: When you use the iplicit ERP, your employer (our Customer) is the Data Controller. We act as the Data Processor. This data is governed by our Master Subscription Agreement (MSA) and Data Processing Agreement (DPA).
Commercial, Website & ApplicantInteractions: When we market to you, support you, evaluate your job application, or provide integrations, iplicit acts as the Data Controller. This policy governs that processing
Staff Data:Current employee data is managed under a separate internal Employee Privacy Notice.
2. Information We Collect
We collect data to provide our services and operate ourbusiness:
A. Information You Provide to Us
Registration & Support: Name, business email, job title, and phone number provided when requesting a demo, registering for an event, or contacting support (via Freshdesk/Halo).
Google User Data (Integrations): If you connect your Google account, we request specific "scopes" to facilitate integration. This includes your email address and the content of emails or files you explicitly choose to sync with the ERP.
B. Applicant Data (Recruitment)
CVs and Applications: Name, personal contact details, employment history, and educational background shared when applying for a position.
C. Information We Collect Automatically
Service Telemetry: We use Pendoto analyse user behaviour (e.g., features used, session duration) to improve service stability. We do not access your financial ledger content for these purposes.
Device Data: IP address, browser type, and operating system logs for security and debugging.
D. Information From Third Parties (B2B Outreach)
Commercial Intelligence: We obtain professional contact details from providers such as Lusha, Apollo, and LinkedIn. We process this under Legitimate Interests for B2B direct marketing. We do not use this data for automated profiling thatproduces legal or significant effects.
3. How We Use Your Information
We use your data for the following specific purposes:
Purpose
Lawful Basis
Service Delivery: Providing the ERP and authorised integrations.
Performance of Contract
Google Integration: Syncing emails/files at your instruction.
Consent / Contract
B2B Marketing: Contacting you about relevant services.
Legitimate Interests
Recruitment: Evaluating suitability for roles at iplicit.
Legitimate Interests / Consent
Product Improvement: Analysing usage patterns via Pendo.
Legitimate Interests
Compliance: Fulfilling legal and DUAA obligations.
Legal Obligation
4. Cookies & Tracking Technologies
We use cookies (e.g., Google Analytics, Clarity) to analyse website traffic and user journeys.For detailed information on the cookies we use and how to manage your preferences, please view our Cookie Policy.
5. Data Security & Sub-processors
iplicit operates a strict information security management system. We protect your data using industry-standard technical and organisational measures, including encryption in transit and at rest, role-based access controls, and regular vulnerability assessments.
We utilise trusted third-party sub-processors to deliver our services. For complete transparency, a live and continually updated list of our authorised sub-processors is available in our Security Trust Centre.
6. AI Training & Google API Services Disclosure
NoGeneral AI Training:iplicit does not use your personal data, service telemetry, B2B outreach data,or financial ledger data to train generalised Artificial Intelligence (AI) or Large Language Models (LLMs). iplicit’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements:
No Sale: We do not sell your Google user data.
No Advertising: Google Workspace API data (e.g., Gmail content) is never used for advertising.
Strict Usage: Data is used solely to provide user-facing features within the iplicit application.
No AI Training: We do not use your Google Workspace data to train generalised AI models.
7. International Data Transfers
Customer ERP Data: Production financial data is stored within your chosen region (e.g., UK or EU).
Business Operational & Applicant Data:Third-party vendors (e.g., HubSpot, Slack, Pendo) may process business contactor applicant data in the USA.
Safeguards: Transfers are protected by the UK-US Data Bridge or Standard Contractual Clauses (SCCs). We conduct Transfer Risk Assessments (TRAs) under the DUAA standard.
8. Data Retention
Applicant Data (CVs): Unsuccessful candidate data is retained for 12 months to defend against potential legalclaims, then securely deleted.
Google User Data: Cached data is retained only as long as necessary for the sync function. Disconnecting the integration deletes cached tokens immediately.
Marketing Data: We review prospect data annually.You may opt-out at any time.
Service Telemetry & Device Data:Application logs and telemetry data are retained for a maximum of 12 months for security analysis, debugging, and service improvement, after which the data is anonymised or securely destroyed.
9. Your Rights (DUAA 2025)
Under the UK GDPR and the Data Use and Access Act 2025, you have the right to:
Access & Correction: Request a copy of your data or correct inaccuracies (conducted via "reasonable and proportionate" searches).
Erasure: Request deletion of your data ("Right to be Forgotten").
Opt-Out: Unsubscribe from marketing at any time.
10. Complaints & Contact
iplicit operates a mandatory Internal Complaints Mechanism.
Step 1: Email our DPO at datacompliance@iplicit.com.We will provide a final response within 30 days.
Step 2: If dissatisfied, you may contact the Information Commissioner’s Office (ICO).
Corporate Details:
Address: iplicit Ltd,1st Floor at Bobby's The Square, 2-12 Commercial Road, Bournemouth, BH2 5LP, UK
Company Registration Number: 07194134
ICO Registration Number: ZA150166
