Policyhold is the trading name of the operator of the Policyhold platform and websites ("Policyhold," "we," "us," or "our"). This Privacy Policy explains how we collect, use, share, and protect personal information when you visit our websites, create or use a Policyhold account, or interact with our vendor upload portal and related services (collectively, the "Service").
Policyhold is a business-to-business software service for general contractors. Most personal information we process about subcontractors and vendor contacts is provided by our customers and processed on their instructions.
1. Scope
This policy applies to personal information processed through the Policyhold platform, marketing website, vendor upload links, gate or mobilization read-only views, and related support channels.
It does not apply to third-party websites or services that link to or from Policyhold. Those services are governed by their own privacy policies.
2. Controller and processor roles
When a general contractor or other business customer ("Customer") uses Policyhold, Customer is typically the data controller for vendor, subcontractor, and workforce personal information stored in the Service ("Vendor Data"). Policyhold acts as a data processor and processes Vendor Data only on Customer's instructions, as described in our Terms of Service and any applicable data processing addendum.
For account registration, billing contact details, marketing inquiries, website analytics where permitted, and operation of Policyhold as a service provider, Policyhold is the data controller.
If you are a vendor or subcontractor contacted through a Customer upload link, please direct privacy questions about your documents to the Customer that requested them. You may also contact us at the email below if you need help reaching the relevant Customer.
3. Information we collect
The information we collect depends on how you interact with Policyhold:
- Account and profile data: name, work email, organization name, role, authentication credentials, and invite or onboarding details.
- Customer operational data: vendor and project records, compliance requirements, review decisions, audit events, and configuration you enter in the Service.
- Uploaded documents: certificates of insurance, licenses, endorsements, tax forms, and other compliance files you or your vendors submit.
- Vendor portal activity: upload metadata, file names, timestamps, and limited technical data needed to operate secure upload links.
- Usage and log data: pages viewed, features used, IP address, browser type, device information, and diagnostic logs for security and reliability.
- Communications: support requests, demo inquiries, and email correspondence with Policyhold.
4. How we use personal information
We use personal information to provide, operate, and secure the Service; authenticate users; store and display compliance records; send transactional notifications; respond to support requests; improve product performance; detect abuse or security incidents; comply with law; and enforce our Terms.
We do not sell personal information. We do not use Vendor Data to market insurance products to vendors.
5. Legal bases (UK GDPR)
Where UK GDPR applies, we rely on the following legal bases depending on context:
- Contract: to provide the Service, manage accounts, and fulfill our agreement with Customers or respond to your requests.
- Legitimate interests: to secure the Service, prevent fraud, improve reliability, and understand product usage in a proportionate way, balanced against your rights.
- Consent: for non-essential analytics and monitoring cookies where required. You can withdraw consent through cookie preferences.
- Legal obligation: where we must retain or disclose information to comply with applicable law.
- Processor role: for Vendor Data, we process information on Customer instructions as their processor.
7. International transfers
Policyhold is operated from the United Kingdom. Some subprocessors process data in the United States or other countries. Where personal information is transferred outside the UK, we use appropriate safeguards such as the UK International Data Transfer Agreement, UK addendum to EU Standard Contractual Clauses, or equivalent mechanisms required by applicable law.
8. Retention
We retain personal information for as long as needed to provide the Service, meet contractual obligations, resolve disputes, and comply with law. When a Customer account ends, Customer Content is handled as described in our Terms of Service, including export windows and deletion after reasonable backup cycles.
Server logs and security records may be retained for a limited period for troubleshooting and incident response.
9. Security
We implement technical and organizational measures designed to protect personal information, including access controls, encrypted transport, and private storage for compliance documents. No method of transmission or storage is completely secure; Customers must protect credentials and confidential upload links.
10. Your rights
Depending on your location and role, you may have rights to access, correct, delete, restrict, or object to certain processing, and to receive a portable copy of information you provided. Where we act as a processor for Vendor Data, we will forward requests to the relevant Customer when appropriate.
To exercise rights relating to information for which Policyhold is controller, email us at the contact below. We may need to verify your identity before responding.
If you are in the United Kingdom and believe we have not handled your information lawfully, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
11. United States visitors
Policyhold serves business customers that may operate in the United States. We may process personal information about U.S. personnel, vendors, or contacts as part of providing the Service. Privacy rights available under U.S. state laws vary; submit requests to the contact email below and we will respond in accordance with applicable law.
12. Children
The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect personal information from children.
13. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top will change when we do. Material changes will be posted on policyhold.com/privacy and, where appropriate, notified by email or in-product notice.
14. Contact
Privacy questions and rights requests: hello@policyhold.com
Policyhold · United Kingdom · policyhold.com
See also: Terms of Service · Cookie Policy