Privacy Policy

How Pillar2 collects, uses, and protects your personal data.

Last updated: April 2026

1. Who we are

Pillar2 ("we", "us", "our") operates the website at pillar2.com and provides the Pillar2 compliance software platform (together, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you interact with our Services.

2. Information we collect

Information you provide

When you book a demo, create an account, contact us, or otherwise interact with our Services, we may collect:

  • Name, job title, and company name
  • Work email address and telephone number
  • Information about your organisation's structure and jurisdictions (to the extent you choose to share it during a demo or onboarding)
  • Any other information you voluntarily provide in messages, forms, or correspondence

Information collected automatically

When you visit our website, we may automatically collect:

  • IP address, browser type, operating system, and device information
  • Pages visited, referring URLs, and interaction data (such as clicks and scroll depth)
  • Cookies and similar tracking technologies (see Section 5 below)

Platform data

If you use the Pillar2 platform, we process data that you upload or input for the purpose of providing the service. This may include financial data, entity structures, and tax computation inputs. This data is processed solely to deliver the contracted service and is not used for any other purpose.

3. How we use your information

We use personal data for the following purposes:

  • Providing and improving our Services: To deliver the Pillar2 platform, respond to your enquiries, schedule demos, and improve the functionality and user experience of our products
  • Communication: To send you information you have requested, respond to support queries, and provide product updates relevant to your use of the platform
  • Legal and compliance: To comply with applicable laws, regulations, and legal processes, and to protect the rights, property, and safety of Pillar2, our users, and others
  • Analytics: To understand how visitors use our website so we can improve content, navigation, and overall experience

We do not sell your personal data to third parties. We do not use your platform data for marketing, advertising, or any purpose other than delivering the contracted service.

4. Legal basis for processing

We process personal data on the following legal bases:

  • Contract: Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract
  • Legitimate interests: Where processing is necessary for our legitimate interests (such as improving our Services and communicating with prospective customers), provided these interests are not overridden by your rights
  • Consent: Where you have given us specific consent to process your data for a particular purpose
  • Legal obligation: Where processing is necessary to comply with a legal obligation

5. Cookies

Our website uses cookies and similar technologies to ensure the site functions correctly, to analyse traffic, and to improve your browsing experience. The types of cookies we use include:

  • Strictly necessary cookies: Required for the website to function. These cannot be disabled.
  • Analytics cookies: Help us understand how visitors use the site. These are only placed with your consent where required by law.
  • Functional cookies: Remember your preferences and settings to enhance your experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the website.

6. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Enquiry and demo request data is retained for up to 24 months after your last interaction with us, unless you become a customer
  • Customer account data is retained for the duration of the contractual relationship and for a reasonable period thereafter to comply with legal and audit requirements
  • Platform data is retained in accordance with the terms of your service agreement and is deleted upon termination, subject to any legal retention obligations
  • Website analytics data is retained in anonymised or aggregated form

7. Third parties

We may share personal data with the following categories of third parties, solely to the extent necessary to provide and improve our Services:

  • Hosting and infrastructure providers: To host the platform and website securely
  • Analytics providers: To understand website usage (data is anonymised where possible)
  • Email and communication tools: To send you requested information and respond to enquiries
  • Professional advisers: Legal, accounting, or audit advisers where required

We require all third-party service providers to process personal data in accordance with applicable data protection laws and only for the purposes we specify. We do not share your platform data with third parties except as necessary to deliver the service or as required by law.

8. International transfers

Where personal data is transferred outside of the United Kingdom or European Economic Area, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the relevant authorities, or transfers to countries with an adequacy decision.

9. Your rights

Depending on your jurisdiction, you may have the following rights in relation to your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data in certain circumstances
  • Restriction: Request that we restrict the processing of your data in certain circumstances
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests or direct marketing
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us using the details in Section 11 below. We will respond within the timeframe required by applicable law.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and staff training. While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure.

11. Contact us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Pillar2
Email: privacy@pillar2.com

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Where changes are significant, we will notify you by posting a prominent notice on our website or by contacting you directly. The date at the top of this page indicates when the policy was last updated.