Encryption in transit
Leavely uses TLS for application traffic, database connections require SSL, and payment data is handled by Stripe rather than stored by Leavely.

Security and trust
Leavely protects employee leave records with encrypted connections, role-based access, UK GDPR aligned processing, and a transparent list of operational sub-processors.
Built for small UK employers that need a practical answer to data protection questions before inviting their team.
Leavely uses TLS for application traffic, database connections require SSL, and payment data is handled by Stripe rather than stored by Leavely.
Workspaces use owner, admin, manager, and employee roles so each person only sees the leave and employee information their role allows.
Customer organisations remain the controller for employee data, and Leavely acts as processor for leave records, user accounts, and workspace activity.
Passwords are hashed, sessions are protected with server-side secrets, and OAuth sign-in can be used through supported identity providers.
UK hosting posture
Leavely is deployed on Cloudflare Workers with production database access routed through Cloudflare Hyperdrive to Neon PostgreSQL. Connections are encrypted, access is limited to operational systems, and data processing is documented for UK GDPR review.
Application delivery through Cloudflare
Managed PostgreSQL database on Neon
SSL-required database connections
Stripe-hosted card and checkout data
GDPR compliance
Your organisation controls the employee data entered into Leavely. We process that data only to provide the service, secure the platform, send operational emails, and support your account.
For formal legal wording, use the Privacy Policy and Terms of Service. A Data Processing Agreement is available by contacting Leavely.
Sub-processors
We keep the sub-processor list short and operational. These providers help deliver hosting, database storage, payments, email, analytics, and support chat.
PurposeApplication hosting, CDN, routing, DDoS protection, and edge security
Data handledApplication traffic, IP addresses, request metadata
PurposeManaged PostgreSQL database hosting for workspace and leave data
Data handledAccount, organisation, employee, leave, absence, and audit records
PurposePayment processing, subscription checkout, customer portal, and invoices
Data handledBilling contact details, payment metadata, subscription status
PurposeTransactional email delivery for account and leave-management notifications
Data handledRecipient email addresses, message content, delivery metadata
PurposeEU-hosted product analytics to understand feature usage and improve Leavely
Data handledUsage events, device information, feature interaction metadata
PurposeOptional pre-sale and trial support chat when the chat widget is enabled
Data handledSupport messages, contact details provided in chat, chat metadata