Privacy Policy

We like to keep things simple and transparent. Feel free to read all our Privacy Policy at your leisure.

Book A DemoGet Started Now
Shape 2-svg

PRIVACY POLICY

Last updated: 3 February 2026

This Privacy Policy explains how Vyce Contractors Limited (“Vyce”, “we”, “us”, “our”) collects, uses, shares and protects personal data when you use our websites, apps and services (together, the “Services”), and explains your rights.

Company details
Vyce Contractors Limited (England & Wales)
Company number: 13370239
VAT Registration Number: 380910500
Registered address: 31 New Inn Yard, London, EC2A 3EY
Email: hello@vyce.io

1) Controller vs Processor (very important)

Our Services are used by businesses to manage their workforce. Depending on the context, Vyce acts as:

A) Processor for “Customer Workspace Data”

Where a business customer (your employer/engager/agency) uses Vyce to manage workforce operations, that business usually decides what workforce data is collected and why. In that case:

the business customer is the Controller; and

Vyce is the Processor (we process the data on the customer’s instructions to provide the Services).

This includes, for example, workforce records, timesheets, site assignments, forms, messages, and contractor payment instructions within that customer’s workspace.

B) Controller for “Vyce Platform Account/Profile Data”

Vyce may also act as a Controller for certain data needed to run and secure the platform, and to enable individuals to keep a Vyce account even if a particular customer stops using Vyce. This can include:

your Vyce account identifiers (e.g., email/phone, user ID);

your profile details stored at platform level (as applicable);

security and audit logs; and

verification artifacts such as stored selfies used for time & attendance verification (where enabled).

If your account/profile remains on Vyce after a customer stops being a client, Vyce is acting as a Controller for that retained platform account/profile data (unless and until it is deleted in accordance with this Policy or your request).

If you are unsure which applies, contact us at hello@vyce.io
.

2) Personal data we collect

Depending on your role and how the Services are configured, we may collect:

A) Data you provide

name, email, phone number;

work details (e.g., employer/engager, role, site);

contractor details and related information required for contractor payment and CIS workflows (where enabled).

B) Data collected automatically

device and app information (device type, OS, app version);

logs and identifiers (IP address, timestamps, audit/security logs);

usage and diagnostics events (error logs, performance).

C) Selfies (time & attendance verification)

If enabled by the customer:

we collect and store selfie images captured at clock-in/clock-out; and

we store reference selfie image(s) used to match likeness.

We only store selfies and match them against stored selfies to validate likeness. Selfies are not used for any other purpose.

D) Location verification

If enabled by the customer:

we collect location at the point in time of clock-in or clock-out only to verify presence at an approved site.
We do not track continuous/background location for this feature.

E) HMRC verification (CIS / tax status)

Where enabled and supported, we integrate with HMRC to verify workforce tax status. This involves sending relevant identifiers to HMRC and storing the verification result/status returned by HMRC.

F) Website cookies

We may collect cookie and analytics data when you use our websites (see Section 9).

3) How we use personal data

We use personal data to:

provide and operate the Services (accounts, authentication, access control);

deliver workforce management functions as configured by customers;

provide time & attendance verification (selfie matching and point-in-time location checks where enabled);

provide contractor payroll and CIS services, including:

CIS contractor payroll management software (self-managed by customers); and/or

outsourced contractor payment services (contractor payments only — not PAYE) based on customer instructions and approvals;

perform HMRC tax status verification where enabled;

provide support and service communications;

maintain security, prevent fraud, and protect users and the platform;

comply with legal obligations and enforce our terms; and

improve the Services (debugging, analytics, performance, product improvement).

4) Legal bases (UK GDPR)
Where Vyce is Controller (Platform Account/Profile Data, security, support, billing)

We process personal data based on one or more of:

Contract (to provide the Services and manage accounts);

Legitimate interests (security, fraud prevention, service improvement, responding to requests);

Legal obligation (compliance and record-keeping); and

Consent (where required, e.g., certain cookies/marketing preferences).

Where Vyce is Processor (Customer Workspace Data)

The customer determines the lawful basis and purposes, and Vyce processes on the customer’s instructions.

5) Who we share personal data with

We may share personal data with:

business customers and their authorised admins (for workforce data in their workspace);

service providers/sub-processors (e.g., hosting, monitoring, communications) bound by contract to protect data;

HMRC where HMRC verification is enabled;

professional advisers (legal/accounting/audit) where necessary;

authorities where required by law or to protect rights/safety/security; and

buyers/investors in a corporate transaction (with safeguards).

We do not sell personal data.

6) International transfers

If personal data is transferred outside the UK, we use appropriate safeguards required by law.

7) Retention (how long we keep data)

We keep personal data only as long as necessary for the purposes described above.

A) Customer Workspace Data (Vyce as Processor)

Retention is primarily determined by the customer (Controller) and contractual arrangements.

When a customer relationship ends, workspace data is handled in accordance with the customer contract and deletion/backup processes, subject to legal requirements.

B) Vyce Platform Account/Profile Data (Vyce as Controller)

We may retain your platform account/profile data to operate the platform, maintain security and auditability, prevent fraud, and allow you to use Vyce with other customers.

You can request deletion of your platform account/profile data (see Section 10). We may retain limited records where required by law or for the establishment, exercise or defence of legal claims.

Important: If you are a Workforce User and want your data removed from a specific employer/engager workspace, you should contact that employer/engager. If you want your Vyce platform account/profile deleted, contact hello@vyce.io
.

8) Security

We use appropriate technical and organisational measures designed to protect personal data (access controls, encryption in transit, monitoring, and incident response). No method of transmission or storage is 100% secure.

9) Cookies

We use cookies and similar technologies to:

enable core website functionality;

remember preferences;

measure and improve performance; and

(where enabled) support marketing analytics.

You can manage cookies through your browser settings and (where available) cookie preference tools.

10) Your rights and how to exercise them

Your rights depend on who is the Controller:

If your employer/engager is the Controller (most workforce data in a workspace)

For requests about workplace data (e.g., timesheets, job/site records, approvals, workplace policies), contact your employer/engager first. We will assist them where required.

If Vyce is the Controller (platform account/profile, security logs, support, billing)

You may have rights including access, correction, deletion, restriction, objection, portability (in some cases), and withdrawal of consent (where applicable).
To exercise rights, email hello@vyce.io
. We may need to verify your identity.

11) Complaints

You can contact us at hello@vyce.io
. You also have the right to complain to the UK regulator, the Information Commissioner’s Office (ICO).

12) Children

Our Services are not intended for children and users must be at least 16.

13) Changes to this Policy

We may update this Policy from time to time. We will post the updated version and update the “Last updated” date. Material changes may be notified via the Services or email where appropriate.

14) Contact

Email: hello@vyce.io

Vyce Contractors Limited, 31 New Inn Yard, London, EC2A 3EY