Does PayslipIQ store my payslip image?

No. The payslip image is held in memory only for the duration of the analysis and purged immediately afterwards. PayslipIQ does not write the image to durable storage, does not back it up, and does not email it.

Does the AI provider use my payslip to train its models?

No. Under our enterprise configuration, our AI provider does not use API inputs for model training. The provider may temporarily retain inputs for safety and security under its own terms.

How do I delete data PayslipIQ holds about me?

Email privacy@payslipiq.co.uk with the subject "Deletion request" and the email address you used. We action deletion requests within 14 days.

Is PayslipIQ ICO-registered?

PayslipIQ Ltd is registered in England and Wales. ICO registration is in progress. You can contact us at privacy@payslipiq.co.uk for our current registration status.

Privacy notice

Payslip processing privacy notice

A complete, plain-English description of what PayslipIQ does - and does not do - with the data on a UK payslip you upload or type in.

Published 2026-05-09. Last reviewed 2026-05-09. Sits alongside the general privacy policy.

1. What data users may upload

PayslipIQ accepts UK and Ireland payslip files in the following formats: PDF, JPG, PNG, HEIC and WEBP, up to 10 MB per file.

A typical payslip contains some or all of: employer name, employee name, employee number, National Insurance number, address, date of birth, pay date, tax code, NI category, gross pay, taxable pay, PAYE, NI, pension contribution, student loan deduction, year-to-date totals and net pay.

You can also enter the same figures manually instead of uploading. Manual entry never sends an image of the payslip - only the typed numbers.

2. What data users should redact

Before uploading, please redact:

Your full name (initials are fine).
Your home address.
Your National Insurance number.
Your date of birth.
Your bank account number and sort code.
Your employee number, if you would prefer not to share it.

Leave the pay figures, tax code, NI category, deduction lines and YTD totals visible - these are what PayslipIQ needs to read. A black marker, a piece of tape, or a quick crop on your phone is enough.

3. What data PayslipIQ needs

To produce a useful explanation, PayslipIQ needs to read:

Pay date and pay frequency.
Tax code.
NI category letter.
Gross pay for the period.
Taxable pay for the period.
Each deduction line (PAYE, NI, pension, student loan, other).
Net pay for the period.
Year-to-date totals where available.

4. What data PayslipIQ does not need

PayslipIQ does not need and will not ask for:

Your bank account number or sort code.
Your full home address.
Your date of birth.
Your National Insurance number.
Your HMRC sign-in credentials. We never ask you to log in to HMRC and we are not affiliated with HMRC.
Your employer login credentials.

If your payslip image still contains these fields after redaction, PayslipIQ will process the file but will not extract those fields into the explanation.

5. Whether images are stored

No. PayslipIQ does not retain your payslip image after the analysis is complete.

Operationally: the file is held in volatile memory inside the analysis worker only. As soon as the explanation has been produced and returned to you, the file is purged. We do not write the image to durable storage, do not back it up, and do not include it in any export.

If you choose to receive an email copy of your report, the email contains the explanation text only - never the original image.

6. Whether logs are stored

PayslipIQ retains anonymised application logs to operate the service safely and prevent abuse. Logs include:

Timestamp of the request.
A salted hash of the IP address (not the IP itself).
Browser user-agent string.
Request endpoint and HTTP status.
File size and MIME type for upload requests (not the file contents).
Anonymised funnel events (page view, upload start, result generated, etc.).

Logs do not include the payslip contents, the figures you entered, or the generated explanation. Logs are retained for up to 90 days for security and fraud prevention, then deleted.

7. How AI processing works

PayslipIQ uses a third-party large language model provider to generate the plain-English explanation around the figures it has extracted from your payslip.

The flow is:

PayslipIQ extracts the figures from the payslip image (or reads the figures you typed manually).
The figures are sent to the AI provider together with the rules of the relevant tax year.
The AI provider returns the plain-English explanation, anomaly flags and suggested questions for payroll.
PayslipIQ formats and returns the explanation to you.

Under our enterprise configuration, the AI provider does not use your inputs to train models. The provider may temporarily retain inputs for safety/security under its own terms - currently up to 30 days for our account - and does not share them with other customers.

8. Third-party providers involved

The processors PayslipIQ relies on, and what each one sees:

Vercel - hosting and edge delivery. Sees: anonymised request metadata. Does not see: payslip contents.
Anthropic (Claude) - large language model for plain-English explanations. Sees: extracted figures and tax-year rules. Does not see: your unredacted payslip image when you have redacted it.
Stripe - only invoked when you purchase a Pro Report. Sees: your name, billing email, payment details. Does not see: your payslip data.
Resend / MailerLite - only invoked when you opt in to an emailed copy or newsletter. Sees: your email address and the explanation text you asked us to email. Does not see: your image.
Upstash - rate limiting and abuse prevention. Sees: hashed IP and event counters. Does not see: payslip contents.

No third party is given the right to use your data for marketing or model training.

9. Retention periods

Summary of how long PayslipIQ keeps each category of data:

Payslip image: not retained after analysis (purged within seconds).
Manually-entered figures: not retained after the explanation is returned, unless you explicitly opt in to email yourself a copy.
Generated explanation: not retained server-side, unless you explicitly opt in to email or save.
Anonymised security logs: up to 90 days.
Funnel events (anonymised): up to 14 months in our analytics provider, retention configured to comply with UK GDPR.
Pro Report purchase records: retained for 7 years to meet UK accounting and HMRC requirements.
Email subscriber records: retained until you unsubscribe.

10. Deletion request route

You can request deletion of any data PayslipIQ holds about you at any time. Because the payslip itself is not retained, most deletion requests apply to: email subscriptions, Pro Report purchase records, or anonymised funnel events linked to your hashed identifier.

To request deletion, email privacy@payslipiq.co.uk with the subject "Deletion request". Please include the email address you used (for newsletter or Pro Report identification). We aim to action deletion requests within 14 days and confirm completion in writing.

11. DPO contact route

Data Protection enquiries should be addressed to: privacy@payslipiq.co.uk.

PayslipIQ Ltd, registered in England and Wales. Postal address available on request via the same email. ICO registration is in progress.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/ if you are not satisfied with our response.

Need to escalate?

For any privacy query, deletion request or DPO matter, write to privacy@payslipiq.co.uk. You also have the right to complain to the ICO at ico.org.uk/make-a-complaint.