🍉 Data & Privacy

Minimal by design.

The less we know, the less we can misuse. Here's exactly what we collect, what your HR team sees, and what we never touch.

What The Friday Vibe collects

Six data points. That's it.

Field

Why we collect it

Where it comes from

Name
WhySo we can greet employees in the app and identify winners on draw day.
FromEntered by employee or imported from your CSV.
Work email
WhyLogin, password recovery, and mission notifications.
FromEntered by employee or imported from your CSV.
Step count
WhyTo verify step-based missions (e.g. hit 5,000 steps).
FromApple HealthKit or Google Health Connect, with the employee's consent.
Activity minutes
WhyTo verify workout-based missions (e.g. 30 min at the gym).
FromApple HealthKit or Google Health Connect, with the employee's consent.
Mission claims
WhySo we can award XP and convert it to tickets.
FromEmployee taps 'Claim' in the app.
Ticket count
WhySo employees can see their odds for the weekly draw.
FromCalculated from claimed XP.

What HR sees — and what they don't

Your company can see the team is engaged. Never how any one person is performing.

✓

HR sees

✓Number of employees signed up
✓% active this week (anonymised)
✓Total missions claimed across the team
✓Total tickets earned across the team
✓Whether a member of your team won the Friday draw
✓Billing history and invoices

HR never sees

×Individual step counts
×Individual activity minutes
×Individual mission claims
×Individual ticket counts
×Health data of any kind
×Any personally identifiable performance data

GDPR, plain English

The questions HR actually asks.

Who is the data controller?

The employee is the data subject. The Friday Vibe Ltd is the data processor for health data, which means we process it strictly to deliver the service and never share it. Your company is the data controller for the employee's name and work email only.

Where is the data stored?

All data is stored in UK-based data centres (AWS London region). It never leaves the UK. We are GDPR-compliant and registered with the Information Commissioner's Office (ICO).

Can employees delete their data?

Yes. Employees can delete their account at any time from the app. All personal data is permanently erased within 30 days. Aggregated, anonymised statistics may be retained for reporting.

Do you share data with third parties?

No. We never sell, share, or rent employee data. We use Apple HealthKit and Google Health Connect purely to read step and activity data that the employee has explicitly granted us permission to read.

Can my company see an individual's step count?

No. Ever. Your admin portal only shows anonymised, aggregated engagement — never individual performance.

How long is data retained?

Active account data is retained while the employee is signed up. Deleted accounts are permanently erased within 30 days. Billing records are retained for 7 years as required by UK law.

What The Friday Vibe never does

Some things we will never do. Not for a price. Not for anyone.

🚫

We never sell data

No ad networks. No data brokers. No resale. Ever.

🚫

We never share with HR

Individual health or activity data is invisible to your company.

🚫

We never track location

We don't collect GPS or location data. Not now, not later.

🚫

We never email employees for marketing

Only mission reminders, draw announcements, and account notifications.

Security, compliance, infrastructure

UK-hosted, encrypted, GDPR-compliant.

🔐

Encryption at rest and in transit

All data encrypted with AES-256 at rest and TLS 1.3 in transit.

🇬🇧

UK-hosted, UK-only

AWS London region. Data never leaves the UK.

✓

ICO registered

Registered with the UK Information Commissioner's Office.

📋

GDPR compliant

Full data processing agreement available for every customer.

Full data processing agreement available on request. Email privacy@thefridayvibe.com.

Any questions? We're an email away.

If anything here raised a question, our privacy team will answer in plain English.

Email privacy@thefridayvibe.com See setup →