Privacy Policy

Moyola HR is a product of Moyola AI, a company registered in Northern Ireland. When we say “we”, “us”, or “our” in this policy, we mean Moyola AI.

For data protection enquiries, contact us at support@moyolahr.com.

We collect the following types of personal data:

• Account information: name, email address, and password when you register.
• Organisation data: company name, employee records, department structures, and position information that you enter into the platform.
• Employee data: names, contact details, employment dates, salary information, leave records, and documents uploaded by your organisation.
• FETO data: where your organisation is subject to Fair Employment and Treatment (NI) Order 1998 obligations, we process community background information. This data is encrypted with additional FETO-grade encryption and is only used for statutory monitoring and ECNI returns.
• Usage data: interactions with the AI agent, page views, and feature usage for service improvement.

We use your data to:

• Provide and maintain the Moyola HR platform.
• Power the AI agent to answer HR queries and generate reports.
• Process FETO monitoring and generate ECNI annual returns where applicable.
• Send transactional emails (e.g. password resets, onboarding notifications).
• Improve the accuracy and relevance of AI responses.

We do not sell your data to third parties. We do not use your employee data to train general AI models.

Under UK GDPR, we process personal data on the following legal bases:

• Contract: processing necessary to provide the service you have subscribed to.
• Legitimate interest: service improvement and security monitoring.
• Legal obligation: FETO monitoring where your organisation is a registered employer under the 1998 Order.
• Consent: where required, such as marketing communications.

Your data is stored on servers provided by Supabase (hosted on AWS) within the EU/UK region. All data is encrypted at rest and in transit using industry-standard TLS encryption.

FETO community background data receives additional encryption using our FETO-grade encryption layer, ensuring it is accessible only for legitimate monitoring purposes.

Access to your data is controlled by Row Level Security (RLS) policies, ensuring each organisation can only access their own data.

We share data only with the following categories of service providers, all of whom are bound by data processing agreements:

• Infrastructure: Supabase (database), Vercel (hosting).
• AI processing: OpenAI and Anthropic for powering the AI agent. Queries are processed in real time and not retained by these providers for training purposes.
• Email: Resend for transactional email delivery.

We retain your data for as long as your account is active. If you cancel your subscription, we will delete your organisation data within 90 days of account closure, except where retention is required by law.

FETO monitoring data is retained in accordance with ECNI guidance (currently 3 years after the relevant monitoring period).

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate personal data.
• Request erasure of your data (subject to legal retention requirements).
• Restrict or object to processing.
• Data portability.
• Lodge a complaint with the Information Commissioner's Office (ICO).

To exercise any of these rights, contact support@moyolahr.com.

We use essential cookies to maintain your authentication session. We do not use advertising or tracking cookies.

We may update this privacy policy from time to time. We will notify you of significant changes by email or through the platform.