Legal

Privacy Policy

How People Plan collects, uses, and protects the information you and your organisation provide when using our workforce transition platform.

Last updated: 1 June 2026

Overview

People Plan, Inc. ("People Plan," "we," "us," or "our") operates a workforce transition platform that helps HR, Finance, and Legal teams plan and execute reductions in force in a legally defensible and compliant manner. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices available to you.

By accessing or using the People Plan platform (the "Service"), you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

People Plan is a data processor for most employee data you upload — you, as our customer, are the data controller. Your obligations to the employees whose data you upload are governed by your own privacy policies and applicable employment law.

Information we collect

We collect information in three ways: information you provide to us, information generated by your use of the Service, and information from third-party integrations.

Account and contact information

When you create an account, request access, or contact us, we collect your name, work email address, company name, job title, and any other information you choose to provide.

Workforce and employee data

To use the Service, you upload or import employee records. This data typically includes employee names, job titles, departments, compensation information, employment dates, demographic information (age, gender, race/ethnicity for adverse impact analysis), and performance or selection criteria. This data is provided entirely by you and is used solely to power the compliance analysis and document generation features of the Service.

Usage data

We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, IP address, browser type, and device information. This data is used to operate, maintain, and improve the Service.

HRIS integration data

If you connect a third-party HR information system (such as Workday, BambooHR, ADP, or Rippling), we receive the employee and organisational data that you authorise to be shared from that system. We only access the data necessary to operate the features you enable.

How we use your information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including running compliance checks, generating documents, and producing audit trails;
  • Process and complete transactions and send related information, including purchase confirmations;
  • Respond to comments, questions, and requests and provide customer support;
  • Send technical notices, updates, security alerts, and administrative messages;
  • Monitor and analyse usage patterns to improve the Service and develop new features;
  • Detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities;
  • Comply with legal obligations, including responding to lawful requests from public authorities; and
  • Carry out any other purpose described to you at the time the data was collected.

We do not use employee data uploaded to the Service for any purpose other than providing the Service to you. We do not sell this data, use it to train AI or machine learning models, or share it with third parties for their own commercial purposes.

How we share your information

We do not sell your personal information. We share information only in the following circumstances:

Service providers

We engage trusted third-party companies and individuals to perform services on our behalf, such as cloud infrastructure providers, data analytics, email delivery, and customer support tools. These service providers have access to your information only to perform these tasks and are contractually obligated not to disclose or use it for any other purpose.

Legal requirements

We may disclose your information if required to do so by law or in the good-faith belief that such disclosure is reasonably necessary to comply with a legal obligation, protect the rights or property of People Plan, prevent or investigate possible wrongdoing in connection with the Service, or protect the personal safety of users or the public.

Business transfers

If People Plan is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

With your consent

We may share your information for other purposes with your explicit consent.

Data retention

We retain account and contact information for as long as your account is active or as needed to provide you with the Service. We retain workforce and employee data that you upload for the duration of your subscription and for up to 90 days following termination of your account, after which it is permanently deleted from our systems.

Audit logs and compliance records associated with a completed RIF event are retained for seven (7) years to support potential legal proceedings or regulatory inquiries, unless a longer period is required by applicable law or you request earlier deletion in writing.

Usage and analytics data are retained for a maximum of 24 months. You may request earlier deletion of your personal data by contacting us at hello@peopleplan.io.

Security

We take the security of your data seriously. People Plan implements industry-standard technical and organisational measures designed to protect your information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher;
  • Encryption of data at rest using AES-256;
  • Role-based access controls limiting data access to authorised personnel;
  • Regular security reviews and vulnerability assessments; and
  • Audit logging of all access to sensitive workforce data.

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. In the event of a data breach that affects your information, we will notify you in accordance with applicable law.

Your rights

Depending on your location, you may have certain rights regarding your personal information. These may include the right to:

  • Access — request a copy of the personal information we hold about you;
  • Correction — request that we correct inaccurate or incomplete personal information;
  • Deletion — request deletion of your personal information, subject to certain legal exceptions;
  • Portability — request a machine-readable copy of your personal information;
  • Objection — object to our processing of your personal information in certain circumstances; and
  • Restriction — request that we restrict the processing of your personal information.

To exercise any of these rights, please contact us at hello@peopleplan.io. We will respond to your request within 30 days. We may need to verify your identity before fulfilling your request.

If you are located in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with applicable law.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

Cookies and tracking

We use cookies and similar tracking technologies to operate the Service, understand usage patterns, and improve user experience. Cookies are small data files placed on your device when you visit our site.

We use the following types of cookies:

  • Essential cookies — required for the Service to function, including authentication and session management. These cannot be disabled.
  • Analytics cookies — help us understand how users interact with the Service. This data is aggregated and anonymised.
  • Preference cookies — remember your settings and preferences to personalise your experience.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of certain parts of the Service.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and, where appropriate, sending you a notification by email. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

Contact us

If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal information, please contact us at:

People Plan, Inc.
hello@peopleplan.io

We are committed to resolving any privacy concerns you may have and will respond within 30 days of receiving your request.

Questions about this document? hello@peopleplan.io