Sponsor Portal← Back to home

Draft for legal review

This page is a structural draft only. It must be reviewed and finalised by a qualified solicitor — and a Data Processing Agreement put in place with tenants — before going live. The AI sub-processor section below is the highest-priority item for review.

Privacy Policy

Last updated: draft.

1. What we collect

Account data — about the people who sign in to use Sponsor Portal (typically HR and compliance staff): name, work email, sign-in provider details, sign-in timestamps.

Worker data uploaded by tenants — about the sponsored workers a tenant manages. This is, by nature, sensitive personal data: full name, date of birth, nationality, passport / travel document numbers, National Insurance numbers, visa / immigration status, BRP details, salary, address, role and place of work. We process this data on behalf of the tenant.

2. Controller / processor roles

The tenant (the licensed sponsor) is the data controller for their workers' personal data. Sponsor Portal acts as data processor for that data and processes it under instructions from the tenant. A separate Data Processing Agreement (DPA) governs that relationship.

3. AI sub-processors (priority for review)

Sponsor Portal uses AI to extract structured data from Certificate of Sponsorship documents you upload. Those document images and the text they contain are sent to Lovable AI Gateway, which routes the request to Google Gemini models for processing. This includes the categories of personal data listed in section 1: name, date of birth, nationality, passport / NI numbers, salary and immigration status.

  • Sub-processor: Google Gemini (via Lovable AI Gateway).
  • Data residency & transfer terms: TODO — confirm region(s) where Gemini processes requests, and the international-transfer mechanism (e.g. UK IDTA / Standard Contractual Clauses) before going live.
  • Retention by the AI provider: TODO — confirm in writing whether Google retains uploaded content (and for how long) or processes and discards it. Reference the relevant Google / Lovable terms in the published policy.

The DPA must explicitly authorise this sub-processor and the categories of data sent to it.

4. Other sub-processors

Sponsor Portal is hosted on the Lovable Cloud (backend, database, file storage and authentication infrastructure). A full sub-processor list will be maintained in the DPA.

5. Retention and deletion

We retain worker data for as long as your tenant subscription is active, plus the retention period required for sponsor record-keeping. On termination, you may export your data and request deletion subject to legal retention obligations.

6. Security

We use industry-standard transport encryption, role-based access control, row-level security on tenant data, and audit logging. Service-role keys are server-only and never reach the browser.

7. Data subject rights

Workers' rights regarding their own data (access, rectification, erasure) are exercised via the tenant (the controller). Account holders may contact us directly about their own account data.

8. Breach notification

We notify the affected tenant without undue delay after becoming aware of a personal data breach, in accordance with UK GDPR.

9. Contact

Privacy questions: privacy@example.com.