Privacy Policy.

Last updated: 28 June 2026

1. Who we are

Staff Playbook is a trading name of Feet on the Street Co. Ltd ("we", "us", "our"), a company registered in England and Wales. Our registered contact address is London, United Kingdom. You can reach us at hello@staffplaybook.co.uk. We are the data controller for personal data processed through this website and the Staff Playbook platform.

2. What we collect

We collect only the information we need to run the platform and respond to enquiries:

• Contact details you submit through our forms (name, email, phone, company).
• Profile information you choose to share if you join as talent (city, experience, skills, profile imagery, bank and compliance documents).
• Brief and project details you submit through the client portal.
• Account and authentication data (email, hashed password or social sign-in identifiers, session tokens).
• Technical data (IP address, browser, device, pages viewed) collected via cookies and standard server logs.

3. How we use it

We use personal data to:

• Respond to client briefs and talent applications.
• Operate the platform, including authentication, profile review and approval.
• Match talent to suitable client briefs.
• Send transactional emails (confirmations, account decisions, profile reminders).
• Process payments to talent and meet right-to-work, tax and compliance obligations.
• Improve the platform, detect abuse and maintain security.

4. Lawful bases

We rely on the following lawful bases under UK GDPR:

• Contract — where processing is necessary to provide the service you have requested.
• Legitimate interests — to operate, secure and improve the platform, and to communicate with you about projects you have shown interest in.
• Legal obligation — for tax, right-to-work and statutory record keeping.
• Consent — for non-essential cookies and any optional marketing communications.

5. Sharing

We share data only with parties that help us run the service:

• Clients who have engaged Staff Playbook — limited to talent profile information necessary to deliver the project.
• Service providers: hosting and database infrastructure, email delivery, payment processors and identity verification partners. Each is bound by contract and processes data on our instructions.
• Authorities, where required by law.

We do not sell personal data.

6. International transfers

Our infrastructure providers may process data in the EU, UK or US. Where data leaves the UK or EEA we rely on adequacy decisions, the UK International Data Transfer Addendum or the EU Standard Contractual Clauses, with appropriate safeguards.

7. How long we keep it

• Active accounts: for as long as the account is open.
• Talent compliance documents: up to 7 years after the last engagement, to meet legal and audit requirements.
• Enquiry and brief data: up to 3 years after the last contact.
• Email send logs and security audit trails: up to 2 years.
• Backups: rolling 30 days.

8. Your rights

Under UK GDPR you have the right to access, correct, delete, restrict or object to processing of your personal data, and the right to data portability. To exercise any of these rights email hello@staffplaybook.co.uk. We will respond within one month.

If you are not satisfied with our response you can complain to the Information Commissioner's Office at ico.org.uk.

9. Security

We use industry-standard hosting, encryption in transit, encrypted backups, role-based access controls, and row-level database security. We log administrative actions and review access regularly. No system is completely secure; please use a strong unique password and tell us immediately if you suspect your account has been compromised.

10. Children

Staff Playbook is intended for use by people aged 18 or over. We do not knowingly collect data from children.

11. Changes

We may update this policy from time to time. We will post the new version on this page with a revised "last updated" date and, where the change is material, notify account holders by email.