ParlyReply
ContactOpen app

Privacy Policy

Last updated: 3rd December 2025

On this page

1. Who we are

Parlyreply is operated by Parlyreply Ltd, a company registered in England and Wales with company number 16698397.

For most information about our users and website visitors, Parlyreply Ltd acts as the data controller. That means we decide how and why that personal data is used.

When MPs and their teams use Parlyreply for constituency casework, the parliamentary office remains the data controller for that casework. In that context Parlyreply acts as a data processor on their behalf and only processes casework data in line with the office's instructions.

2. What this policy covers

This policy explains how we collect, use, store, and protect personal data when:

  • You visit the Parlyreply website.
  • You contact us, for example by email.
  • You create or use an account on the Parlyreply platform.
  • Your data is processed through Parlyreply as part of parliamentary casework.

It does not override any specific contracts or data processing agreements we have in place with parliamentary offices or other customers. If there is any conflict, those agreements take precedence.

3. Data we collect

The information we collect depends on how you interact with us, but it typically falls into the categories below.

3.1 Information you provide directly

  • Name and contact details, such as work email address.
  • Role and organisation details, such as your office or employer.
  • Login details and account preferences.
  • Content you submit through the platform, such as messages, notes, and attachments.
  • Information you send us when you contact support or request a demo.

3.2 Information we collect automatically

  • IP address and basic location inferred from it.
  • Browser type, device type, and operating system.
  • Usage information, such as pages viewed, features used, and timestamps.
  • Logs and diagnostic data needed to keep the platform secure and reliable.

3.3 Casework and constituent data

When Parlyreply is used for constituency casework, the content is supplied by the parliamentary office. It may include personal data about constituents and other third parties, including sensitive information such as:

  • Health and care information.
  • Immigration and asylum matters.
  • Housing and homelessness issues.
  • Financial and employment circumstances.
  • Family and personal circumstances.

For that casework data, the parliamentary office is responsible for deciding the lawful basis and ensuring that constituents understand how their data will be used. Parlyreply processes that data strictly in line with the office's instructions and our contract with them.

4. How we use your data

We use personal data for the following purposes:

  • To provide, maintain, and improve the Parlyreply service.
  • To create and manage user accounts, authentication, and access controls.
  • To respond to support requests and communicate with users about the service.
  • To monitor and secure the platform, including fraud and abuse prevention.
  • To analyse product usage at an aggregate level so we can improve performance and usability.
  • To meet our legal and regulatory obligations.

4.1 Lawful basis under UK GDPR

Under UK data protection law we must have a lawful basis for using personal data. For the activities described above we typically rely on:

  • Contract — for example, to provide the service you have signed up for.
  • Legitimate interests — for example, to keep the platform secure, to understand usage, and to improve the service in ways that do not override your rights and freedoms.
  • Legal obligation — for example, where we are required to keep certain records.
  • Consent — for example, where you choose to receive certain types of marketing communication. You can withdraw consent at any time.

5. When we share data

We do not sell personal data. We only share it with third parties where it is necessary to provide the service, where you have asked us to, or where we are legally required to do so.

5.1 Service providers and sub processors

We work with a small number of trusted providers who help us run the platform. These may include:

  • Cloud hosting and storage providers.
  • Monitoring, logging, and security services.
  • Email and communication tools.
  • AI processing providers where offices choose to enable AI features.

These providers are bound by contract to keep data secure, act only on our instructions, and comply with applicable data protection law.

5.2 International transfers

Where data is transferred outside the UK, we put in place appropriate safeguards such as standard contractual clauses and technical measures like encryption in transit and at rest. Further details can be provided to customers on request.

6. AI and Zero Data Retention

Some Parlyreply features use AI to assist with tasks such as drafting replies or generating summaries. When those features are enabled by an office, parts of the relevant casework may be sent to an AI provider to generate a response.

Under our Zero Data Retention configuration, prompts and responses are processed to generate an answer and are not stored or used by the AI provider to train their models. This is designed to ensure that sensitive casework does not become part of someone else's training dataset.

Within Parlyreply itself, we only store the information needed to power features such as search, history, and audit trails. Offices can request a walkthrough of how AI requests are handled end to end, including data flows, retention, and the safeguards we apply.

7. Your rights

Under UK data protection law, individuals have a number of rights in relation to their personal data. These include the right to:

  • Access a copy of the personal data we hold about them.
  • Ask us to correct inaccurate or incomplete information.
  • Ask us to delete personal data in certain circumstances.
  • Ask us to restrict how we use personal data in certain circumstances.
  • Object to certain kinds of processing, including direct marketing.
  • Request a copy of their data in a portable format, where technically feasible.
  • Withdraw consent where we rely on consent as the lawful basis.

If your data has been processed as part of a constituency case, your first point of contact should normally be the parliamentary office handling your case, as they are the data controller. We will support them in responding to any rights requests they receive.

You also have the right to complain to the UK Information Commissioner's Office if you are unhappy with how your data is being used. Their website is available at ico.org.uk.

8. Security

We use a range of technical and organisational measures to protect personal data, including:

  • Encryption of data in transit and at rest where appropriate.
  • Access controls and authentication for staff and users.
  • Logging and monitoring of key systems.
  • Separation of environments and least-privilege access for internal tools.
  • Regular reviews of infrastructure and configurations.

We keep personal data only for as long as it is needed for the purposes set out in this policy or as required by law. Retention periods may vary for different types of data, such as account records, logs, and backups. Details can be provided to customers on request.

9. How to contact us

If you have any questions about this policy, or you would like to exercise your data protection rights, you can contact us at:

Email: william.jewers@parlyreply.com

Post: Parlyreply Ltd, 167-169 Great Portland Street, 5th Floor, London, United Kingdom, W1W 5PF

We may update this policy from time to time. When we make material changes we will update the date at the top of the page, and in some cases we may provide additional notice.