Terio← Back to login

Legal

Privacy Policy

Terio AI Ltd · Last updated May 2026 · Version 1.0

1. Who We Are

Terio AI Ltd ("Terio", "we", "our", "us") provides an AI-powered HR information system designed for small and medium-sized businesses in the United Kingdom. We are the data controller in respect of personal data we collect directly from you, and a data processor in respect of employee data that our customers provide to us through our platform.

For any queries relating to this policy, please contact us at: privacy@terio.ai

2. What Personal Data We Collect

When you create an account or use our platform as an HR administrator or manager, we collect:

  • Your name and email address
  • Your employer and job title
  • Login credentials (password stored as a secure hash, never in plain text)
  • Communications you send us, including support requests

2.2 Employee data processed on behalf of customers

When our customers use Terio to manage their workforce, they provide us with data about their employees. This may include:

  • Full name, job title, and team
  • Employment start date and contract type
  • Working hours and working pattern
  • Annual leave entitlement and usage
  • Sickness absence records
  • Salary information (where the administrator enables this)
  • Disciplinary and performance records
  • Manager relationships and reporting lines

3. Our Legal Basis for Processing

We process personal data on the following legal bases under UK GDPR: contract (to provide the service you signed up for), legitimate interests (to maintain security and improve the platform), legal obligation (where required by UK law), and consent (which you may withdraw at any time by contacting privacy@terio.ai).

For special category data such as sickness absence records, we rely on Article 9(2)(b) of UK GDPR — processing necessary for employment law obligations — acting on the instruction of our customers as data controllers.

4. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and maintain the Terio HR platform
  • Authenticate users and maintain account security
  • Process HR queries through our AI assistant
  • Generate HR documents and reports on behalf of administrators
  • Send service communications including security alerts and product updates
  • Improve and develop our products and features
  • Respond to support requests
  • Comply with legal obligations

5. AI Processing

Terio uses artificial intelligence to interpret HR queries and generate responses. Relevant employee data may be provided to our AI provider (OpenAI) to generate accurate responses. This data is transmitted securely and is not retained by OpenAI beyond the duration of the request.

We do not use employee data for training AI models. All actions within the platform require explicit confirmation from an authorised human user before any data is written or document generated.

6. Our Sub-Processors

We use the following third-party sub-processors, all contractually required to handle data securely and in accordance with UK GDPR:

  • Supabase (Supabase Inc.) — database and authentication, hosted in the EEA
  • Vercel (Vercel Inc.) — application hosting
  • OpenAI (OpenAI LLC) — AI language model, data not retained for training
  • Resend (Resend Inc.) — transactional email delivery

7. How Long We Keep Your Data

  • Account data: retained for the duration of your subscription, deleted within 30 days of account closure on request
  • Employee data: deleted within 30 days of contract end date with written confirmation provided
  • Technical logs: retained for up to 90 days
  • Billing records: retained for 7 years for UK tax compliance

8. Your Rights Under UK GDPR

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. To exercise any right contact privacy@terio.ai. We will respond within one month at no charge.

If you are not satisfied with how we handle your data you may lodge a complaint with the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113.

9. Information for Employees of Our Customers

If your employer uses Terio, your employer is the data controller for your personal data within the platform. Direct data subject requests to your employer in the first instance.

If you believe your data has been processed unlawfully within the Terio platform, you may also contact us at privacy@terio.ai.

10. Security

  • All data encrypted in transit using TLS 1.2 or higher
  • Database data encrypted at rest
  • Row-level security ensuring each customer only accesses their own data
  • Role-based access controls throughout the platform
  • MFA required for all Terio platform accounts

11. International Transfers

Our primary database is hosted in the EEA. Transfers to US-based sub-processors (OpenAI, Vercel, Resend) are made under Standard Contractual Clauses or equivalent UK-approved transfer mechanisms.

12. Cookies

Terio uses strictly necessary cookies to maintain your session when logged in. We do not use cookies for advertising, tracking, or analytics purposes.

13. Changes to This Policy

We will notify customers by email at least 14 days before any material changes take effect. The current version is always available at terio.ai/privacy.

14. Contact

For any questions relating to this policy contact privacy@terio.ai or visit terio.ai/privacy.

Questions about this policy? Contact us at privacy@terio.ai

Terio AI Ltd · Registered in England and Wales · Terms of Service