Skip to content

Legal · Compliance

Compliant by design

payslipmaker.uk is architected so that payslip data never leaves your browser. Below: precise claims for the UK GDPR (Data Protection Act 2018) and the EU GDPR, each linked to the technical guarantee that supports it.

Some things should never leave your browser.

In this section

What our servers receive when you build a payslip: nothing.

Payslip fields (your name, employer, NI number, salary, deductions: every field you type) are processed in your browser via JavaScript and rendered to PDF client-side. The resulting PDF is built on your device and downloaded directly. Our servers never see any of it.

UK GDPR compliant

United Kingdom · Data Protection Act 2018 + UK GDPR

UK GDPR

The UK GDPR (the EU GDPR text retained in UK law via the Data Protection Act 2018 and amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019) is the UK's primary personal-data regulation. The Information Commissioner's Office (ICO) is the supervisory authority.

payslipmaker.uk's architectural posture is compliant by design: the categories of personal data the UK GDPR regulates (name, address, National Insurance number, salary, tax code, bank details, employer identifiers) are processed entirely in your browser and never transmitted to our servers. We cannot disclose, sell, lose, or breach data we never receive.

What our servers do store:

  • Razorpay payment references (transaction IDs) — required for refund handling and HMRC's 6-year financial record-keeping window. No card data, no bank details, no cardholder name (Razorpay tokenises and holds those, not us).
  • Hashed corporate access codes — for the optional corporate plan. We store an irreversible cryptographic hash of the code (not the code itself) plus a wallet balance counter. We cannot reverse the hash to recover the code.
  • Aggregate operation counters — total documents generated per-day, with no identifier tying a count to an individual user.

For the legal text, see the Data Protection Act 2018 and the ICO UK GDPR guidance.

EU GDPR compliant

European Union · General Data Protection Regulation

EU GDPR

While payslipmaker.uk is a UK service, EU residents (Irish, French, Italian, and other EEA payroll workers using UK-aligned payroll formats, plus dual-residents) are within scope of the EU GDPR. The same browser-only architecture that satisfies the UK GDPR also satisfies EU GDPR's data-minimisation, purpose-limitation, and storage-limitation principles (Articles 5(1)(b), (c), (e)).

EU GDPR Article-by-article posture:

  • Art. 5(1)(c) — Data minimisation: we process no personal data server-side from the document generators. Razorpay payment references are the minimum necessary to support refunds.
  • Art. 6 — Lawful basis: the lawful basis for the small set of server-side data we do hold (Razorpay refs, hashed codes) is contract performance (Art. 6(1)(b)) — needed to deliver the paid PDF.
  • Art. 13 — Information to data subjects: see our Privacy Policy.
  • Art. 15–22 — Data-subject rights: because we hold no document data, most rights (access, rectification, portability) have nothing to act on. For payment-reference data, request via hello@payslipmaker.uk — we respond within the 30-day window.
  • Art. 28 — Processors: our payment processor (EU cross-border via SCC), a hosting provider, and a content-delivery network. The full subprocessor list is available on request to hello@payslipmaker.uk.
  • Art. 32 — Security: TLS in transit, HSTS, hashed corporate codes, no plain-text secrets at rest.
  • Art. 33 — Breach notification: we have no document-data breach surface; payment-ref breaches would be reported within 72 hours per the Article.

Disclosure and contact

payslipmaker.uk is operated under the law of England and Wales. The claims above describe architectural invariants of the live site as of the last-reviewed date. For ICO-related requests, EU GDPR data-subject requests, or audit inquiries, contact hello@payslipmaker.uk. See also our Privacy Policy.

References