Staff.Playbook

Trust

Built on discretion.

This page is maintained by Staff Playbook to answer common security and privacy questions about how we operate the roster, the client portal and the talent portal.

App-owned content · Not an independent certification

01

Access & authentication

Clients and talent access the platform through individual accounts. Sign-in is handled by our managed authentication provider with industry-standard password hashing and session tokens.

The talent and client portals are gated behind authentication. Administrative tooling is restricted to named Staff Playbook operators using a server-side role system — client-side flags are never trusted.

02

Data we collect

For clients: company details, contact information, briefs, and the content of messages submitted through the platform.

For talent: profile information you provide (including stage name, location, skills, headshots, availability) and compliance documents required to be paid for booked work (right-to-work, bank details, UTR).

Sensitive fields — bank details, identity documents and compliance uploads — are restricted at the database level so they are only accessible to the owning talent and authorised administrators.

03

Storage & encryption

Talent media and compliance documents are stored in private buckets. Files are not publicly addressable; the application generates short-lived signed URLs on demand for authorised viewers.

Data is encrypted in transit (HTTPS) and at rest by our managed database and storage provider.

04

Subprocessors & integrations

We rely on a small set of trusted infrastructure providers for hosting, database, authentication, file storage and transactional email. We do not sell personal data and we do not share talent contact details with third parties outside the booking flow.

05

Public roster listings

The public "Faces of the floor" and "Our People" sections only display a whitelisted, non-identifying subset of approved talent profiles (first name, city, skills and an approved headshot). Email, phone, surname, bank details and compliance documents are never exposed publicly.

06

Retention & deletion

Talent and client accounts can request data export or deletion at any time by emailing the address below. Compliance documents may be retained for the period required by UK tax and employment law after an account is closed.

07

Contact

For privacy requests, security reports or any question about how your data is handled, contact us at hello@staffplaybook.co.uk.

Have a wider question? Get in touch.