Privacy Policy


Welcome to Papaya's privacy policy. 

We respect your privacy and are committed to protecting your Personal Data. This privacy policy will inform you how we look after your Personal Data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you. 


“Applicable Data Protection Law” shall mean the laws and regulations of the United States, the European Union, the European Economic Area and/or their member states, and Switzerland and/or the United Kingdom and/or all and any applicable jurisdictions relevant as applicable to the Processing of the categories of Personal Data set forth in Section 4.7 of this DPA, including but not limited to, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the Swiss Federal Data Protection Act (“FDPA”), and the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100-.199 (“CCPA”).

“Personal Data” means any data relating to an identified or identifiable person that is uploaded by you.

“Process” or “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, rePapayaing, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

“Services” means the Papaya service provided to you by us in accordance with the terms of the Service Agreement. 

About us 

We are Papaya ( Our full company name is Papaya Technologies Ltd and our registered office is located in the UK. Papaya Technologies Ltd is the controller of the data and responsible for this policy.

About our third-party service integration

Using Papaya’s Services may entail mandatory or discretionary integration with third-party applications or software, such as (but not limited to) communication, chat and/or e-mail providers, task and project management software, and other providers. When users log-in with these methods or opt-in to integrate these Services, Papaya collects these providers’ identifiers (for instance, e-mail addresses) and saves them securely in our databases. We use them to link your identity across the third-party applications or software you chose to integrate with, for example so that when you are assigned a task in Papaya, that task will be assigned to you in your project management software and vice versa. You may always choose to revoke the integration you’ve opted-in to in Papaya at any time in your Papaya settings.  

Our privacy policy does not apply to any third-party applications or software that integrate with the Papaya platform, or any other third-party products, services or businesses. Please be sure to check the privacy policies of those third parties. 

The data we collect and receive from you

We may collect, use, store and transfer the following different kinds of Personal Data about you:

We also collect, use and share aggregated data such as statistical or demographic data. Aggregated data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.

We do not collect any special categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Legal bases for collecting your Personal Data

We will only use your Personal Data when the Applicable Data Protection Law allows us to. Most commonly, we will use your Personal Data in the following circumstances:

How do we collect and receive your Personal Data?

We obtain your Personal Data when you provide it to us, such as when you contact us by email or telephone or by any other means). For example, you directly provide your Personal Data to us through your submissions or requests made via, including via forms you complete in order to contact us, to create an account on our website, respond to a survey or to subscribe to our Services.

You will also submit data of your choice when working within your tool in Papaya, and third-party application and software providers may provide us with access to your Personal Data to facilitate integration as described above.

We also receive information indirectly when you navigate, as personal information about you and usage details are automatically observed and collected along with technical data about your equipment, browsing actions and patterns. This includes information such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to and other technical communications information. We collect this Personal Data by using cookies, server logs and other similar technologies. Please see our cookie policy [LINK] for further details.

How do we use your Personal Data?

We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:

Who do we share your Personal Data with?

We may share your Personal Data in accordance with your instructions and based on your use of the functionality of the Services, for example with your teammates, account administrators, billing and technical account users. We may also share your information with third-party application and software providers as described above. 

In order to provide our website and Services we may share your information with the following service providers:

We may share your information with any buyer of our business if we choose to sell it or any third parties with whom we merge parts of our business or our assets. We may also share your information if we believe it to be necessary to comply with any court order, law, legal obligation, or legal process, including to respond to any government or regulatory request, to prevent fraud or to protect our rights of safety or those of our customers or other third parties.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to Process your Personal Data for specified purposes and in accordance with our instructions.

Where is your data stored and for how long do we keep it?

We store your data in the UK, EU and in the United States of America.

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if there is a prospect of litigation in respect to our relationship with you.

We consider the nature and sensitivity and purpose for which we collected your date when deciding when it’s time to delete it. 

Transfers outside the UK

Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Please get in touch with us at if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK. 

How do we protect your data?

Papaya takes data security very seriously and we have put in place appropriate security measures to protect your Personal Data from being accidentally lost or used, accessed, altered or disclosed in an unauthorised way. We also make sure that only our employees, agents, contractors and other third parties with a business need to know your Personal Data have access to it. They will only Process your Personal Data on our instructions, and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

What are my rights?

You have the right to:

Ask us to stop or to start sending marking messages at any time. If you want to exercise these rights you should contact us by email at  

Our contact details

If you have any questions about this privacy policy or our privacy practices, please contact us at []. 

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues ( 

Changes to the privacy policy and your duty to inform us of changes

We may change this privacy policy from time to time, for example to comply with updated laws and regulations or because of a change in our terms and conditions. We will post the changes to this page so that you can stay informed. If we make any changes that materially affect your privacy rights we will also contact you, for example by email.  

It is important that the Personal Data we hold about you is accurate and current so please keep us informed of any changes to your Personal Data.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.