Privacy Policy

Last updated:

1. Introduction

mul-tiple ('we', 'us', 'our') is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data when you use our HR management platform.

2. Data We Collect

We collect and process the following types of personal data:

  • Account information (name, email address, company name)
  • Employee records (names, contact details, employment information)
  • Financial data (expense receipts, invoice details, payment information)
  • Time and attendance data (timesheets, absence records)
  • Usage data (how you interact with our platform)
  • Technical data (IP address, browser type, device information)

3. Third-Party Links

Our platform and website may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every external site you visit before providing any personal data.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our HR management service
  • To process expenses, invoices, and payments
  • To manage employee time tracking and absences
  • To ensure compliance with employment regulations
  • To send service notifications and updates
  • To improve our platform and develop new features
  • To provide customer support

5. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract performance — providing the service you signed up for
  • Legal obligation — employment and tax regulations
  • Legitimate interests — improving our service, security
  • Consent — marketing communications, where applicable

6. Data Storage and Security

Your data is stored on secure servers within the UK/EEA. We implement industry-standard security measures to protect your information, including:

  • Encryption in transit and at rest
  • Regular security audits
  • Access controls and authentication

7. Data Sharing

We do not sell your personal data. We may share data with the following categories of third parties where necessary:

  • Cloud infrastructure providers (to host the service)
  • Email service providers (for notifications)
  • Payment processors (for financial transactions)
  • As required by law

8. Data Retention

We retain your personal data for as long as your account is active or as needed to comply with legal obligations. You can request deletion of your data at any time.

9. Your Rights

Under the UK GDPR, you have the following rights:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ('right to be forgotten')
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent

To exercise these rights, contact us at support@mul-tiple.com.

10. International Data Transfers

Where your personal data is transferred outside the UK or the European Economic Area, we ensure that appropriate safeguards are in place. These may include Standard Contractual Clauses approved by the relevant authorities, or reliance on adequacy decisions where the destination country has been recognised as providing an adequate level of data protection. We will only transfer data internationally where it is necessary to fulfil our obligations to you or where required by law.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in accordance with UK GDPR requirements. Where the breach is likely to result in a high risk to affected individuals, we will notify those individuals without undue delay, providing details of the breach and the steps being taken to mitigate its effects.

12. Children's Privacy

Our service is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently gathered personal information from a person under 18, we will take reasonable steps to delete that data promptly.

13. Cookies

We use a limited number of cookies and similar technologies that are strictly necessary for the operation of our platform. These include:

  • Session authentication cookies — used to keep you signed in and maintain your session while using the platform
  • CSRF protection tokens — used to protect against cross-site request forgery attacks and ensure the security of form submissions

In addition to cookies, we use your browser's localStorage to store UI preferences such as your selected theme and sidebar state. This data remains on your device and is not transmitted to our servers.

We do not use any third-party tracking or analytics cookies. No advertising networks, social media trackers, or behavioural profiling tools are present on our platform.

14. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be notified via email or in-app notification.

15. Contact Us

If you have questions about this privacy policy, contact us at: