Privacy Policy

Encompass One (“Encompass One”, “we”, “us”) provides compliance and HR software to businesses. This policy explains how we handle personal data. The data controller is JN Technology Limited, registered office Portland House, Belmont Business Park, Durham, DH1 1TW, registered in England & Wales. You can contact us at hello@jntechnology.co.uk.

When you create an account and use Encompass One to run your own organisation, you are the controller of the personal data you upload about your employees and contacts (such as names, contact details, leave, sickness and training records), and we are a processor acting on your instructions. For our own account, billing and website data, we are the controller. A Data Processing Agreement is available to customers on request.

We process the following categories of personal data:

• Account data — name, email, password (hashed) and workspace details for users who sign in.
• Customer content — data you enter about your people: employee profiles, leave, sickness, training/qualifications, documents, timesheets and acknowledgements. Sickness data may constitute health data (a special category).
• Usage and device data — log data, IP address and basic analytics needed to operate and secure the service.
• Cookies — see section 7.

• To provide and maintain the service — performance of a contract.
• To secure the service, prevent abuse and keep audit records — legitimate interests.
• To communicate service and account messages — performance of a contract / legitimate interests.
• To meet legal obligations (e.g. accounting) — legal obligation.

For customer content, we act only on the controller’s documented instructions; the controller is responsible for establishing a lawful basis (and, for special-category data such as sickness, an additional condition) for the data they upload.

We do not sell personal data. We share data only with service providers that help us run Encompass One, under contract and appropriate safeguards. Current sub-processors include:

• Supabase — database, authentication and file storage (hosted in the UK/EU).
• Vercel — application hosting and delivery.
• Resend — transactional email delivery.

An up-to-date sub-processor list is available on request. We may also disclose data where required by law.

We aim to keep data within the UK/EEA. Where a provider processes data outside the UK/EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or adequacy regulations.

We use strictly necessary cookies to keep you signed in and to keep the service secure. Because these are essential, they do not require consent.

With your consent, we also use Google Analytics (a third-party analytics cookie, e.g. _ga) to understand how the site is used so we can improve it. Analytics stays switched off until you choose “Accept” in our cookie banner — we run it in Google’s Consent Mode, so no analytics cookies are set unless you opt in. You can decline with “Reject”, and we do not use advertising cookies. To change your choice later, clear this site’s cookies/local storage and the banner will appear again.

We keep account data for as long as your workspace is active and as needed to provide the service. Customer content is retained according to the controller’s instructions; controllers can export or delete data (including anonymisation or erasure of an individual) from within the app. When a workspace is closed we delete or anonymise its data within 30 days, except where we must retain records to meet legal obligations.

Subject to UK GDPR, you have rights to access, rectify, erase, restrict and port your personal data, and to object to certain processing. If your data is held by a customer (your employer) as controller, please contact them first; we will assist them in responding. To exercise rights regarding data we control as controller, contact hello@jntechnology.co.uk.

We protect data with encryption in transit, row-level access controls, role-based permissions, audit logging and least-privilege access. No system is perfectly secure, but we work to industry good practice.

The service is intended for business use and is not directed at children under 16.

We may update this policy from time to time. We will post the new version here and update the date above.

Questions or concerns: hello@jntechnology.co.uk. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.